Data Protection Policy

Data Protection Policy

  1. Introduction

Virtual Lever Ltd t/a DevOps UK (referred to as “the Company”) is a tech consultancy that handles customer data as part of its services. The Company is committed to protecting the privacy and personal data of its clients, employees, contractors, and other individuals with whom it interacts. This Data Protection Policy outlines the Company’s approach to data protection and its adherence to UK best practices, including compliance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

  1. Scope

This policy applies to all personal data processed by the Company, including customer data, regardless of the format or medium in which it is stored or transmitted. It applies to all employees, contractors, and third parties acting on behalf of the Company.

  1. Principles

The Company adheres to the following data protection principles:

a) Lawfulness, Fairness, and Transparency: Personal data is processed lawfully, fairly, and in a transparent manner. Individuals are informed of the purpose and legal basis for processing their data.

b) Purpose Limitation: Personal data is collected and processed for specified, explicit, and legitimate purposes. Data is not processed further in a manner incompatible with those purposes.

c) Data Minimization: Personal data processed is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.

d) Accuracy: Reasonable steps are taken to ensure that personal data is accurate, up to date, and rectified if necessary.

e) Storage Limitation: Personal data is stored for no longer than necessary for the purposes for which it was processed. Regular reviews and data retention policies are implemented.

f) Integrity and Confidentiality: Personal data is processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage.

g) Accountability: The Company demonstrates compliance with data protection principles and can evidence the implementation of appropriate technical and organizational measures to protect personal data.

  1. Responsibilities

a) The Data Protection Officer (DPO) is responsible for overseeing the implementation of this policy and ensuring compliance with data protection laws and regulations.

b) All employees and contractors have a responsibility to familiarize themselves with this policy, understand their data protection obligations, and seek guidance from the DPO when necessary.

c) Managers are responsible for ensuring that their teams understand and adhere to this policy and for promoting a culture of privacy and data protection within their respective areas.

  1. Lawful Basis for Processing

The Company will process personal data on the basis of one or more lawful grounds as defined in the GDPR, including but not limited to the necessity of processing for the performance of a contract, compliance with a legal obligation, protection of vital interests, consent, or legitimate interests pursued by the Company or a third party.

  1. Customer Data Handling

a) The Company will only collect and process customer data necessary for the provision of its services, ensuring that it aligns with the purpose of the engagement.

b) Customer data will be handled with strict confidentiality and will not be shared with third parties without explicit consent from the customer, except where required by law or as necessary for the performance of the services.

c) The Company will ensure that appropriate technical and organizational measures are in place to protect customer data, including secure storage, access controls, and regular data backups.

d) Customer data will be retained for the duration necessary to fulfill the purpose for which it was collected, unless otherwise required by law or consented to by the customer.

  1. Data Security

The Company implements appropriate technical and organizational measures to ensure the security of personal data, including customer data. This includes measures to protect against unauthorized or unlawful processing, accidental loss, destruction, or damage. Data security measures are regularly reviewed and updated to mitigate emerging risks.

  1. Data Breach Management

The Company has established procedures to promptly detect, assess, and respond to data breaches. In the event of a data breach involving customer data, the DPO will be immediately notified, and appropriate actions will be taken to minimize the impact and prevent similar incidents in the future. Data subjects and relevant authorities will be notified where required by applicable laws and regulations.

  1. Data Transfers

When transferring personal data, including customer data, outside the European Economic Area (EEA), the Company will ensure that appropriate safeguards are in place to protect the data. This may include using standard contractual clauses, obtaining consent, or relying on other lawful transfer mechanisms as required by applicable data protection laws.

  1. Training and Awareness

The Company provides regular data protection training to its employees and contractors to ensure their understanding of data protection obligations and best practices. Ongoing awareness programs are implemented to promote a culture of privacy and data protection within the organization.

  1. Compliance Monitoring

The Company regularly monitors and reviews its data protection practices to ensure ongoing compliance with applicable laws and regulations. Compliance audits and assessments are conducted to identify areas for improvement and to verify the effectiveness of implemented data protection measures.

  1. Policy Review

This Data Protection Policy will be reviewed regularly and updated as necessary to reflect changes in applicable laws, regulations, or business practices. Employees, contractors, and other relevant stakeholders will be informed of any updates to the policy.

  1. Contact Information

If you have any questions, concerns, or requests related to data protection or this policy, please contact our Data Protection Officer (DPO) at:

Name: Oliver Wright Email: oliver@virtuallever.co.uk

This Data Protection Policy was last updated on 12/01/2023