GDPR Compliance Statement
Orchadia Systems Ltd are:
CONTROLLERS of our client contact information, required to manage and deliver services under contract; manage incidents; provide hardware and software maintenance on site and remotely.
CONTROLLERS of personal information in relation to the customers of our clients, required to: ensure compliance with gambling laws in the UK & Ireland; ensure compliance with the Proceeds of Crime Act 2002 (UK) and the Criminal Justice Acts 2010-2021 (Ireland); provide and restrict access to gambling via SSBTs.
CONTROLLERS of personal information in relation to employees of Orchadia Systems.
If you have any questions about Orchadia Systems’ GDPR compliance activity, please contact Suella Maughan at email@example.com
Orchadia Systems are committed to the principles inherent in the GDPR and particularly to the concepts of privacy by design, consent and a risk-based approach.
We aim to ensure;
Transparency regarding the use of data.
That any processing is lawful, fair, transparent, and necessary for purpose.
That data is accurate, kept up to date and removed when no longer necessary.
That data is kept and, where required, transferred safely and securely.
Our GDPR Compliance Plan:
To review the information currently held by the company to identify and assess what is personal data, where it comes from, how and why it is processed and if and to whom it is transferred or disclosed.
To implement policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws including:
Data Protection –Measures are to be put in place to ensure that we understand and evidence our obligations and responsibilities, focusing on privacy by design and a risk-based approach.
Data Retention and Erasure – A retention policy to be written and implemented to ensure we meet the ‘data minimisation’, ‘storage limitation’ and ‘right to erasure’ principles of the act, and that personal information is stored and destroyed compliantly.
Safeguarding and Security Measures:
We take the privacy and security of individuals and their personal information very seriously and take every reasonable measure to protect and secure personal data that we process and control. We have dedicated procedures in place to protect personal information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures, including (in no particular order):
Automated data pruning
HTTPS (secure website)
Data Subject Rights:
In addition to our policies and procedures mentioned above, we are implementing procedures that detail how individuals can request information about or have the right to access personal data that we hold or process about them, including (in no particular order):
What personal data we hold about them
The recipients to whom the personal data has/will be disclosed.
For how long we intend to store personal data.
The purposes of the processing of the data.
The right to have amended inaccurate data or to complete incomplete data.
The right to lodge a complaint and who to contact in such instances.
If you have any further questions, please contact firstname.lastname@example.org
Third Party Processors:
Existing suppliers who process data on behalf of Orchadia Systems have been identified and asked to provide details of their state of compliance with the GDPR to ensure they align with our standards.
Any new supplier will not be taken on unless we are satisfied that they comply with new data protection regulations.