Our GDPR Statement
Our GDPR statement
Cresswell Cars Ltd needs to gather and use certain information about individuals. These can include customers, suppliers, business contacts, employees and other people the organisation has a relationship with or may need to contact.
The EU General Data Protection Regulation (GDPR) is a significant piece of European legislation which is effective from the 25th May 2018. It builds on existing data protection laws, strengthening the rights that EU individuals have over their personal data, and creating a single data protection approach across Europe.
How will Cresswell Cars Ltd comply with the GDPR?
Our GDPR preparation started in January 2018 and as part of this process we are reviewing (and updating where necessary) all our internal processes, procedures, data systems and documentation to ensure that we fully comply with the GDPR.
Our overarching GDPR Principles are:
- Data is gathered lawfully, ethically and securely
- Data is processed fairly and lawfully
- Data is processed only for specified and lawful purposes
- Processed data is adequate, relevant and not excessive
- Processed data is accurate and, where necessary, kept up to date
- Data is not kept longer than necessary
- Data is processed in accordance with an individual’s consent and rights
- Data is kept secure
- Data is not transferred to countries outside of the European Economic Area (‘EEA’) without adequate protection
Cresswell cars Ltd also processes personal data to comply with the eight principles of the UK Data Protection Act 1998.
