Terrain HR Ltd - General Data Protection Regulations  (GDPR) Compliance Statement

Terrain is registered with the Information Commissioner's Office (Tier 1) Reference number ZA540887

Commitment 
Terrain are committed to the principles inherent in the GDPR. We pay particular regard  to the concepts of privacy by design, the right to be forgotten, consent and a risk-based approach. Also, we aim to ensure:

 - Transparent use of data

 - Ensuring any processing is lawful, fair, transparent and necessary for a specific purpose

 -  Data is accurate, kept up to date and removed when no longer necessary

 - Data is kept safely and securely.

 Staffing
Terrain's Board collectively takes the role  of Data Protection Officer (DPO). We will work to promote awareness of the GDPR throughout the company and monitor compliance.

Policy
Our privacy policy is available on our website, and to all Terrain associates, employees, contractors and suppliers. It  forms part of key training programmes and will be regularly reviewed and amended as necessary.

Right to be forgotten
We recognise the right to be forgotten, as detailed in the GDPR.

Individuals should contact hello@terrainsafety.uk with requests for the deletion or removal of personal data. These will be acted on provided there is no compelling reason for continued processing and that the exemptions set out in the GDPR do not apply. These exemptions include where the personal data is processed for the exercise or defence of legal claims and to comply with a legal obligation for the performance of a public interest task or exercise of official authority.

Subject access requests 
We recognise that individuals have the right to access their personal data and supplementary information and will comply with the one month timeframe for responses as set down in the GDPR. A copy of the requested information will be provided free of charge although we reserve the right to charge a “reasonable fee” when a request is manifestly unfounded or excessive, particularly if it is repetitive. If this proves necessary, the data subject will be informed of their right to contest our decision with the supervisory authority (the Information Commissioner’s Office (ICO)). As set out in the GDPR, any fee will be notified in advance and will be based on the administrative cost of providing the information.

Privacy 
Implementation of data protection will be “by design and by default”, as required by the GDPR. Safeguards will be built into services from the earliest stage of development and privacy-friendly default settings will be the norm. The privacy notice, which is on our website  explains our lawful basis for processing the data and gives the data retention periods. It makes clear that individuals have a right to complain to the ICO. We have conducted a privacy impact assessment (PIA) to ensure that privacy risks have been properly considered and addressed.

Privacy Information Notices

The privacy information notices for website visitors can be accessed here.

The privacy information notices for existing and former clients can be accessed here.

The privacy information notices for client’s employees can be accessed here.

Data transfers outside the EU
We have put recognised procedures and safeguarding measures in place to secure, encrypt and maintain the integrity of any personal data that is transferred to countries outside the EU. Diligence checks are carried out to ensure that such countries have the necessary safeguards in place, provide enforceable data subject rights and offer effective legal remedies for data subjects where applicable.

Children
The GDPR provides for special protection for children’s personal data. Terrain will comply with the requirement to obtain parental or guardian consent for any data processing activity for anyone under the age of 16. Systems have been introduced to verify individuals’ ages.

Data loss
If a data breach occurs that is likely to result in a risk to the rights and freedoms of individuals, the people affected will be informed as soon as possible and the ICO will be notified within 72 hours.

GDPR contact
Any questions related to GDPR or to issues concerning data protection generally should initially be addressed to hello@terrainsafety.uk