Introduction

This Policy outlines ABC012 Ltd.’s commitment to data protection and the rights of its customers and employees (referred to as “employee data subjects”) under the UK General Data Protection Regulation (UK GDPR), as part of EU Regulation 2016/679, and incorporated into domestic law by the Data Protection Act 2018.

This privacy policy is issued by ABC012 Ltd., located at 155 Maybury Road, Woking, England, GU21 5JR, and can be contacted via email at info@abc012ltd.com. The purpose of this policy is to explain how we collect, process, manage, and protect your personal information, both during your interaction with our business and when using our website. If you do not agree with this policy, we suggest that you cease using our website and refrain from submitting any personal data to us.

According to the UK GDPR, “personal data” refers to any information that can identify an individual, either directly or indirectly, such as a name, identification number, location, online identifier, or factors related to an individual’s identity, including physical, physiological, genetic, mental, economic, cultural, or social attributes.

This Policy outlines ABC012 Ltd.’s responsibilities for the collection, processing, storage, transfer, and disposal of personal data relating to employee data subjects. All employees, agents, contractors, and other parties working on behalf of the company must comply with the procedures set out here.

ABC012 Ltd. is fully committed to ensuring that personal data is handled lawfully, fairly, and transparently, with respect to the privacy and trust of individuals.

2. Data Protection Principles

The goal of this Policy is to ensure that ABC012 Ltd. complies with the UK GDPR. It is essential that personal data handled by the company adheres to the following principles:

• Personal data must be processed lawfully, fairly, and transparently.
• Data should only be collected for specified, legitimate purposes and not further processed in a manner incompatible with those purposes.
• Only adequate, relevant, and necessary data should be collected.
• Personal data must be accurate and kept up to date, and every reasonable effort must be made to rectify inaccurate data.
• Data should be retained only as long as necessary for the purposes for which it was processed.
• The company must ensure appropriate security measures to protect personal data.

3. Rights of Data Subjects

Under the UK GDPR, data subjects have the following rights:

• The right to be informed.
• The right of access to their personal data.
• The right to rectification.
• The right to erasure (right to be forgotten).
• The right to restrict processing.
• The right to data portability.
• The right to object to processing.
• Rights concerning automated decision-making and profiling.

4. Lawful, Fair, and Transparent Data Processing

ABC012 Ltd. ensures that personal data is processed lawfully, fairly, and transparently. Data processing is considered lawful under the UK GDPR if one or more of the following conditions are met:

• The data subject has consented to the processing.
• Processing is necessary for the performance of a contract with the data subject.
• Processing is required for compliance with a legal obligation.
• Processing is necessary to protect vital interests of the data subject or another person.
• Processing is in the public interest or for the exercise of official authority.
• Processing is necessary for the legitimate interests pursued by the company or a third party, unless overridden by the data subject’s rights and freedoms.

Special category data (such as sensitive personal data) will only be processed based on explicit consent.

5. Specified, Explicit, and Legitimate Purposes

ABC012 Ltd. collects personal data directly from employees and third parties for specific purposes outlined in the policy. Employees will always be informed about the purpose for which their personal data is collected.

6. Adequate, Relevant, and Limited Data Processing

ABC012 Ltd. only collects personal data that is necessary for the purposes informed to the data subject.

7. Accuracy and Keeping Data Up to Date

The company ensures that all personal data collected is accurate and up to date. Employees are responsible for ensuring their information is correct and providing updates to ABC012 Ltd. if necessary.

8. Data Retention

Personal data will only be retained as long as necessary for the purposes for which it was collected. Once no longer required, personal data will be erased or disposed of promptly.

9. Secure Processing

ABC012 Ltd. ensures that personal data is secure and protected from unauthorized or unlawful processing, as well as accidental loss or destruction.

9.1 ABC012  Limited are registered with the ICO, Registration number ZB867675

10. Accountability and Record-Keeping

ABC012 Ltd. maintains records of personal data processing activities and ensures compliance with data protection laws. The company’s Data Protection Officer (DPO) oversees data protection matters.

11. Cookies

Cookies
Our website uses cookies to improve your experience by remembering your preferences, analyzing site usage, and providing personalized content. By using our site, you consent to the use of cookies. You can manage cookie settings through your browser at any time.

12. Keeping Data Subjects Informed

Employees will be informed of the purposes for which their personal data is collected, and any third parties to whom the data may be shared. This information will be provided at the time of collection or within one month of obtaining the data.

13. Data Subject Access

Employees have the right to access the personal data ABC012 Ltd. holds about them. They can request this information by contacting the DPO. Responses will typically be provided within one month.

14. Rectification of Personal Data

Employees have the right to request corrections of inaccurate or incomplete personal data held by the company. These rectifications will be made within one month.

15. Erasure of Personal Data

Employees can request the deletion of their personal data under certain circumstances, such as when the data is no longer necessary for the purpose it was collected or processed.

16. Restriction of Personal Data Processing

Employees may request that the processing of their personal data is restricted. If such a request is made, the company will only retain the necessary information to prevent further processing.

For further inquiries or to exercise your rights, please contact ABC012 Ltd. at info@abc012ltd.com or call 07307 397818 or 0330-1131897.

Sure! Here’s the adjusted version of the content for ABC012 Ltd with the company’s details added:

17. Data Portability

17.1 Where employee data subjects have given their consent to ABC012 Ltd to process their personal data in such a manner, or the processing is otherwise required for the performance of a contract between the Company and the employee data subject, employee data subjects have the right, under the UK GDPR, to receive a copy of their personal data and to use it for other purposes.

17.2 To facilitate the right of data portability, ABC012 Ltd shall make available all applicable personal data to employee data subjects in the following format:

17.2.1 Data would be made available in PDF format.

17.3 Where technically feasible, if requested by an employee data subject, personal data shall be sent directly to the required data controller.

17.4 All requests for copies of personal data shall be complied with within one month of the employee data subject’s request. The period can be extended by up to two months in the case of complex or numerous requests. If such additional time is required, the employee data subject shall be informed.

18. Objections to Personal Data Processing

18.1 Employee data subjects have the right to object to ABC012 Ltd processing their personal data based on legitimate interests, direct marketing (including profiling), and processing for scientific and/or historical research and statistics purposes.

18.2 Where an employee data subject objects to ABC012 Ltd processing their personal data based on its legitimate interests, the Company shall cease such processing immediately, unless it can be demonstrated that the Company’s legitimate grounds for such processing override the employee data subject’s interests, rights, and freedoms, or that the processing is necessary for the conduct of legal claims.

18.3 Where an employee data subject objects to ABC012 Ltd processing their personal data for direct marketing purposes, the Company shall cease such processing immediately.

18.4 Where an employee data subject objects to ABC012 Ltd processing their personal data for scientific and/or historical research and statistics purposes, the employee data subject must, under the UK GDPR, “demonstrate grounds relating to their particular situation”. The Company is not required to comply if the research is necessary for the performance of a task carried out for reasons of public interest.

19. Profiling

19.1 ABC012 Ltd uses personal data for profiling purposes with respect to its employees.

19.2 “When personal data is used for profiling purposes, employees have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects them, unless certain conditions apply as defined under UK GDPR (e.g., explicit consent, necessity for the performance of a contract)

19.2.1 Clear information explaining the profiling shall be provided to employee data subjects, including the significance and likely consequences of the profiling;

19.2.2 Appropriate mathematical or statistical procedures shall be used;

19.2.3 Technical and organisational measures shall be implemented to minimise the risk of errors. If errors occur, such measures must enable them to be easily corrected; and

19.2.4 All personal data processed for profiling purposes shall be secured in order to prevent discriminatory effects arising out of profiling (see Parts 26 to 30 of this Policy for more details on data security).

20. Employee Personal Data

ABC012 Ltd holds personal data that is directly relevant to its employees. That personal data shall be collected, held, and processed in accordance with employee data subjects’ rights and the Company’s obligations under the UK GDPR and with this Policy. The Company may collect, hold, and process the personal data detailed in Parts 21 to 25 of this Policy:

20.1 Identification information relating to employees:

20.1.1 Name;

20.1.2 Contact Details;

20.1.3 Next of Kin;

20.1.4 Bank Details;

20.1.5 P45/46;

20.1.6 Annual Leave.

20.2 Equal opportunities monitoring information:

20.2.1 Age;

20.2.2 Gender;

20.2.3 Ethnicity;

20.2.4 Nationality;

20.2.5 Religion.

20.3 Health records (Please refer to Part 22, below, for further information):

20.3.1 Details of sick leave;

20.3.2 Medical conditions;

20.3.3 Disabilities;

20.3.4 Prescribed medication.

20.4 Employment records:

20.4.1 Interview notes;

20.4.2 CVs, application forms, covering letters, and similar documents;

20.4.3 Assessments, performance reviews, and similar documents;

20.4.4 Details of remuneration including salaries, pay increases, bonuses, commission, overtime, benefits, and expenses;

20.4.5 Details of trade union membership (where applicable) (please refer to Part 24, below, for further information);

20.4.6 Employee monitoring information (please refer to Part 25, below, for further information);

20.4.7 Records of disciplinary matters including reports and warnings, both formal and informal;

20.4.8 Details of grievances including documentary evidence, notes from interviews, procedures followed, and outcomes;

20.4.9 Training provided to employee.

21. Health Records

21.1 Health Records: “ABC012 Ltd holds health records on all employee data subjects which are used to assess the health, wellbeing, and welfare of employees. In most cases, this data is processed based on the necessity for the performance of the employment contract or to ensure the health and safety of the workplace, and where applicable, with the explicit consent of the employee data subject.”

21.2 Health records shall be accessible and used only by the HR Team and shall not be revealed to other employees, agents, contractors, or other parties working on behalf of the Company without the express consent of the employee data subject(s) to whom such data relates, except in exceptional circumstances where the wellbeing of the employee data subject(s) to whom the data relates is at stake and such circumstances satisfy one or more of the conditions set out in Part 4.2 of this Policy.

21.3 Health records will only be collected, held, and processed to the extent required to ensure that employees are able to perform their work correctly, legally, safely, and without unlawful or unfair impediments or discrimination.

21.4 Employee data subjects have the right to request that ABC012 Ltd does not keep health records about them. All such requests must be made in writing and addressed to HR.

22. Benefits

22.1 In cases where employee data subjects are enrolled in benefit schemes which are provided by ABC012 Ltd, it may be necessary from time to time for third-party organisations to collect personal data from relevant employee data subjects.

22.2 Prior to the collection of such data, employee data subjects will be fully informed of the personal data that is to be collected, the reasons for its collection, and the way(s) in which it will be processed, as per the information requirements set out in Part 12 of this Policy.

22.3 ABC012 Ltd shall not use any such personal data except insofar as is necessary in the administration of the relevant benefits schemes.

23. Employee Monitoring

23.1 ABC012 Ltd may from time to time monitor the activities of employee data subjects. Such monitoring may include, but will not necessarily be limited to, internet and email monitoring. In the event that monitoring of any kind is to take place (unless exceptional circumstances, such as the investigation of criminal activity or a matter of equal severity, justify covert monitoring), employee data subjects will be informed of the exact nature of the monitoring in advance.

23.2 Monitoring should not impact (unless exceptional circumstances justify it, as above) with an employee’s normal duties.

23.3 Monitoring will only take place if ABC012 Ltd considers that it is necessary to achieve the benefit it is intended to achieve. Personal data collected during any such monitoring will only be collected, held, and processed for reasons directly related to (and necessary for) achieving the intended result and, at all times, in accordance with employee data subjects’ rights and the Company’s obligations under the UK GDPR.

23.4 ABC012 Ltd shall ensure that there is no unnecessary intrusion upon employee data subjects’ personal communications or activities, and under no circumstances will monitoring take place outside of an employee data subject’s normal place of work or work hours, unless the employee data subject in question is using Company equipment or other facilities including, but not limited to, Company email, the Company intranet, or a virtual private network (“VPN”) service provided by the Company for employee use.

ABC012 Ltd Contact Details:

• Email: info@abc012ltd.com
• Phone Number: 07307 397818 / 0330-1131897
• Address: 155 Maybury Road, Woking, England, GU21 5JR

24. Transferring Personal Data and Communications

ABC012 Ltd ensures the following measures are taken regarding communications and transfers of personal data (including, but not limited to, personal data related to employees):

24.1 All emails containing personal data must be encrypted.
24.2 All emails containing personal data should be marked as “confidential.”
24.3 Personal data may only be transmitted over secure networks. Transmission over unsecured networks is strictly prohibited.
24.4 Personal data should not be transmitted over wireless networks if a wired alternative is reasonably feasible.
24.5 Any personal data included in the body of an email (either sent or received) should be securely stored by extracting the data and deleting the email itself, along with any temporary files associated with it.
24.6 When personal data is transferred in hardcopy, it should be directly delivered to the recipient or sent using Royal Mail Recorded delivery.
24.7 All physical transfers of personal data (whether in hardcopy or on removable electronic media) must be in a secure container marked “confidential.”

25. Storage and Disposal

ABC012 Ltd takes the following steps to ensure the secure storage and disposal of personal data (including, but not limited to, personal data relating to employees):

25.1 All electronic copies of personal data must be stored securely with password protection and AES data encryption.
25.2 Hardcopies of personal data, along with any copies stored on removable media, must be stored in a locked drawer, box, or cabinet.
25.3 Personal data stored electronically must be backed up daily, with offsite encrypted backups.
25.4 Personal data should not be stored on mobile devices (laptops, tablets, smartphones, etc.) without prior approval from the IT Manager, and only for as long as necessary.
25.5 No personal data should be transferred to personal devices unless the device belongs to an authorized agent, contractor, or third party who has agreed to comply with this Policy and the UK GDPR.
25.6 Disposal – Personal data should be securely deleted and disposed of when no longer needed. For detailed disposal guidelines, please refer to the Data & Document Retention Policy.

26. Use of Personal Data

ABC012 Ltd ensures the following measures regarding the use of personal data:

26.1 Personal data should never be shared informally. Any request for access to personal data not already available should be formally made to the Data Protection Officer.
26.2 Personal data may not be transferred to anyone, including employees, contractors, or other parties, without explicit authorization from the Data Protection Officer.
26.3 Personal data must be handled with care and should not be left unattended or exposed to unauthorized individuals.
26.4 If personal data is viewed on a computer screen, the user must lock the computer and screen before leaving it unattended.
26.5 For marketing purposes, the HR Team must ensure that proper consent is obtained, and that no employee has opted out, either directly or via third-party services such as the TPS.

27. IT Security

ABC012 Ltd ensures the following measures for IT and information security:

27.1 Passwords used to protect personal data should be changed regularly, using a combination of uppercase and lowercase letters, numbers, and symbols.
27.2 Passwords should not be written down or shared under any circumstances. If forgotten, they must be reset via the appropriate method.
27.3 All software (including operating systems and applications) should be kept up-to-date. IT staff must install security-related updates within 90 days of release.
27.4 No software may be installed on Company-owned devices without approval from the IT Manager.

28. Organisational Measures

ABC012 Ltd takes the following organizational measures regarding the collection, holding, and processing of personal data:

28.1 All employees, agents, contractors, or other parties handling personal data will be made fully aware of their responsibilities under the UK GDPR and this Policy.
28.2 Only authorized employees, agents, contractors, or other parties who require access to personal data to perform their duties will have access to it.
28.3 All individuals handling personal data will receive appropriate training.
28.4 All individuals handling personal data will be appropriately supervised.
28.5 Employees, agents, contractors, or other parties handling personal data must be careful, discreet, and exercise caution when discussing data.
28.6 Methods of collecting, holding, and processing personal data will be regularly reviewed and evaluated.
28.7 Personal data held by the Company will be periodically reviewed as per the Data & Document Retention Policy.
28.8 Performance evaluations for those handling personal data will occur regularly.
28.9 All individuals handling personal data will be bound to follow this Policy and UK GDPR by contract.
28.10 Contractors and agents handling personal data must ensure that their employees comply with this Policy and the UK GDPR.
28.11 If any contractor or agent fails to meet their obligations under this Policy, they will indemnify ABC012 Ltd against any resulting costs or claims.

29. Data Breach Notification

29.1 Any personal data breach must be reported immediately to the Data Protection Officer.
29.2 If the breach may risk employee rights (e.g., financial loss, reputational damage), the Data Protection Officer will inform the ICO within 72 hours.
29.3 If the breach presents a high risk to the rights of employees, they will be informed directly and without delay.
29.4 Data breach notifications will include:

• Categories and number of affected employees.
• Categories and number of personal data records involved.
• The Data Protection Officer’s contact details.
• Likely consequences of the breach.
• Measures taken to address or mitigate the breach.
  30. Additional Key Points

30.1 Internet Cookies – ABC012 Ltd uses cookies to enhance user experience on our website. Cookies track your usage, preferences, and provide functionality such as keeping you logged in. You can manage cookie settings through your web browser.
30.2 Sponsored Links & Affiliate Tracking – We may use affiliate links to generate income for continued website operations. Third-party advertisers may collect and use cookies for ad personalisation.
30.3 Email Marketing & Subscription – Under the UK GDPR, we use consent to collect data for marketing purposes. Our emails may contain tracking to monitor engagement. You can unsubscribe at any time using instructions in the email.

31. Complaints Process

If you have a complaint about how we handle your personal information, please contact our Data Protection Officer at:

Mahad Ali
Email: info@abc012ltd.com
Phone: 07307 397818 / 0330-1131897
Address: 155 Maybury Road, Woking, England, GU21 5JR

You also have the right to file a complaint with the Information Commissioner’s Office (ICO).