Data Protection Policy | Oceao
Preamble
Welcome to Oceao Technologies data protection policy, our mission is to ensure a safe and secure handling of personal data that we may collect from, who come into contact with our organization in order to carry on our work. We provide professional web applications, websites, Internet services, Web hosting, mobile applications, and branding services for the customers worldwide. So we always need to collect and use personal information that necessarily required for our work, but we collect only a very less amount of personal information to process.
Scope of the policy
This policy is applied to Oceao Technologies, UK and all overseas branches of Oceao Technologies.
Last Updated
GDPR_V_18.0.7 Dated: 02/02/2018
Why this policy is important
We are committed to protect all personal data being misused or share it with a third party for any purpose outside of the required business scope. We will not sell or share any personal information about our client’s for money or any other kind of gifts offered.We will make sure that all personal data is:
- Processed fairly, lawfully and in a transparent manner
- Processed only for specified and legitimate purposes
- Process limited to the necessary purposes
- Accurate and, up to date information if necessary
- Not kept longer than necessary for the business purposes
- Processed in a secure manner, by using appropriate technical and organisational means
The Policy
Oceao Technologies is committed to best practice, and all activities are carried out in line with relevant UK and EU legislation. This includes, but is not limited to the Data Protection Act 1998 (DPA), the EU Data Protection Directive 95/46/EC, and the forthcoming EU General Data Protection Regulation (“GDPR”).
Data Protection Principles:
- Personal data shall be processed fairly and lawfully.
- Personal data shall be obtained for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
- Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
- Personal data shall be accurate and, where necessary, kept up to date.
- Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
- Personal data shall be processed in accordance with the rights of data subjects under the Data Protection Act 1998, the EU Data Protection Directive 95/46/EC, and plans are in place to comply with the forthcoming EU General Data Protection Regulation (“GDPR”).
- Appropriate technical and organisational measures shall be taken against unauthorised and unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
- Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Our Commitment to personal data
We will use appropriate measures to keep personal data secure at all points of the processing. Keeping data secure includes protecting it from unauthorised or unlawful processing, or from accidental loss, destruction or damage.
We will implement security measures which provide a level of security which is appropriate to the risks involved in the processing.
Measures will include technical and organisational security measures. In assessing what measures are the most appropriate we will take into account the following, and anything else that is relevant:
- a) the quality of the security measure;
- b) the costs of implementation;
- c) the nature, scope, context and purpose of processing;
- d) the risk (of varying likelihood and severity) to the rights and freedoms of data subjects;
- e) the risk which could result from a data breach.
- f) technical systems security;
- g) measures to restrict or minimise access to data;
- h) measures to ensure our systems and data remain available, or can be easily restored in the case of an incident;
- i) physical security of information and of our premises;
- j) organisational measures, including policies, procedures, training and audits;
- k) regular testing and evaluating of the effectiveness of security measures.
Personal Data
Personal data is not processed in any manner that is ‘incompatible’ with its specified purpose.
Our Ethics
Oceao is committed to protecting personal data and respecting the rights of our clients, the people whose personal data we collect and use. We value the personal information entrusted to us and we respect that trust, by complying with all relevant laws, and adopting good practice.
List of Personal data we may collect
- Client First Name
- Client Last Name
- Client Date of Birth
- Client Address
- Client Occupation
- Email addresses
- Client Telephone Numbers
- Organisation Name
- Organisation Address
- Organisation telephone numbers
- Email addresses
- Name & Telephone number of contact person
List of Personal data we may not collect
- Racial or ethnic origin
- Political opinions
- Religious beliefs
- Trade union membership
- Genetic data
- Biometric data
- Sexual life and sexual orientation
- Social security numbers
- National Insurance Number
- Bank account numbers
- Passport information
- Healthcare related information
- Medical insurance information
- Student information
- Credit and debit card numbers
- Driving license details
- Criminal Proceedings
Retention and disposal of collected data
We ensure that personal data is not kept for longer than is necessary. Checks are carried out to identify which records or data sets are held, and when they should be deleted.
Direct marketing
We will comply with the rules set out in the GDPR, the Privacy and Electronic Communications Regulations (PECR) and any laws which may amend or replace the regulations around direct marketing.
Transferring personal data outside the European Union (EU)
As a web development company, some of our servers located in the US, or other areas of the world, but we always make sure ensure that these providers have safeguards and security measures in place that meet the GDPR standards in order to remain compliant to handle EU citizen data. Our clients are able to ask us for servers in the Europe.
Oceao Specific Policies for data Privacy
We at Oceao Technologies respect our client’s data privacy; the following practices help us to ensure the data is safe and do not enter into the wrong hands.
- 1. We limit the number of staff who can directly access our database and client hosting accounts
- 2. Hosting account access only through FTP connections, and those connections will be terminated after office hours
- 3. No access to the password sections
- 4. Direct control panel access and password information access, email control centre accesses are limited to one person
- 5. We train our staff to follow good data protection practices at least annually to raise awareness of their obligations and our responsibilities, as well as to outline the law.
Any doubts or concerns regarding our GDPR policy, please contact on info@oceao.net