At Pure Performance Media, we are committed to ensuring the protection and privacy of our clients’ personal data. As a UK-based marketing company, we adhere to the General Data Protection Regulation (GDPR) and uphold the highest standards of data privacy and security. Our GDPR compliance framework is designed to ensure that all personal data is processed lawfully, fairly, and transparently.
Our Compliance Framework Includes:
- Lawfulness, Fairness, and Transparency
- We process personal data lawfully, fairly, and transparently.
- We obtain clear and explicit consent before sending marketing communications.
- Purpose Limitation
- We collect personal data for specified, explicit, and legitimate purposes only.
- Data is not processed in a manner that is incompatible with these purposes.
- Data Minimisation
- We collect and process only the personal data necessary for the intended purposes.
- We avoid collecting excessive data.
- Accuracy
- We ensure that personal data is accurate and kept up to date.
- Inaccurate data is promptly corrected.
- Storage Limitation
- We retain personal data only for as long as necessary to fulfil the purposes for which it was collected.
- We have a clear data retention policy in place.
- Integrity and Confidentiality
- We secure personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage.
- Appropriate technical and organisational measures are used to protect data.
- Accountability
- We demonstrate compliance with GDPR principles.
- Records of processing activities are maintained.
- Individual Rights
- We respect and facilitate the rights of individuals, including access, rectification, erasure, restriction of processing, data portability, and the right to object to processing.
- Procedures are in place to handle data subject requests within the stipulated timeframes.
- Data Protection Impact Assessments (DPIAs)
- We conduct DPIAs when processing activities are likely to result in high risk to the rights and freedoms of individuals.
- Measures are implemented to mitigate any identified risks.
- Data Processing Agreements (DPAs)
- We establish DPAs with third-party processors to ensure they comply with GDPR requirements.
- Processors provide sufficient guarantees to implement appropriate technical and organisational measures.
- International Data Transfers
- We comply with rules for transferring personal data outside the European Economic Area (EEA).
- Appropriate safeguards, such as Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs), are used.
- Breach Notification
- We notify the relevant supervisory authority within 72 hours of becoming aware of a personal data breach.
- Affected individuals are informed without undue delay if the breach is likely to result in a high risk to their rights and freedoms.
- Privacy Notices
- We provide clear and comprehensive privacy notices, explaining how data is used, individual rights, and how to exercise those rights.
- Privacy notices are easily accessible and understandable.
- Training and Awareness
- We provide regular GDPR training and awareness programmes for employees.
- Staff are made aware of their data protection responsibilities.
- Data Protection Officer (DPO)
- A DPO is appointed if required by GDPR, particularly for processing large volumes of personal data or sensitive data.
- The DPO is given the necessary resources and authority to perform their duties effectively.
By following these principles, we ensure that all personal data is handled with the utmost care and in full compliance with GDPR. Our commitment to data protection reflects our dedication to maintaining the trust and confidence of our clients and partners.
For any questions or further information about our GDPR compliance, please contact us at:
Address: Plus X Innovation, Lewes Road, Brighton, BN2 4GL
This statement outlines your business’s commitment to GDPR compliance and details the measures taken to ensure data protection and privacy.