Privacy Policy

1. Introduction

Rachael Ebanks-Gold is committed to protecting the privacy and security of personal data. This policy outlines our approach to ensuring that personal data is handled in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Scope

This policy applies to all employees, contractors, consultants, temporary staff, and other workers of Rachael Ebanks-Gold. It covers all personal data that we process, regardless of format.

3. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person.

  • Data Subject: Any individual whose personal data is being processed.

  • Data Controller: The entity that determines the purposes and means of processing personal data.

  • Data Processor: The entity that processes personal data on behalf of the Data Controller.

  • Processing: Any operation performed on personal data, such as collection, storage, use, and destruction.

4. Data Protection Principles

Rachael Ebanks-Gold adheres to the following principles when processing personal data:

  • Lawfulness, Fairness, and Transparency: Personal data shall be processed lawfully, fairly, and in a transparent manner.

  • Purpose Limitation: Personal data shall be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.

  • Data Minimization: Personal data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.

  • Accuracy: Personal data shall be accurate and, where necessary, kept up to date.

  • Storage Limitation: Personal data shall be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the data is processed.

  • Integrity and Confidentiality: Personal data shall be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

5. Legal Basis for Processing

We process personal data based on one or more of the following legal grounds:

  • Consent of the data subject.

  • Performance of a contract with the data subject.

  • Compliance with a legal obligation.

  • Protection of vital interests of the data subject or another person.

  • Performance of a task carried out in the public interest or in the exercise of official authority.

  • Legitimate interests pursued by the Data Controller or a third party, provided such interests are not overridden by the rights and freedoms of the data subject.

6. Data Subject Rights

Data subjects have the following rights regarding their personal data:

  • Right to Access: Obtain confirmation as to whether or not personal data concerning them is being processed and, if so, access to the personal data.

  • Right to Rectification: Request the correction of inaccurate personal data.

  • Right to Erasure: Request the deletion of personal data where it is no longer necessary or if consent is withdrawn.

  • Right to Restrict Processing: Request the restriction of processing of personal data under certain conditions.

  • Right to Data Portability: Receive their personal data in a structured, commonly used, and machine-readable format and have the right to transmit those data to another Data Controller.

  • Right to Object: Object to the processing of personal data on grounds relating to their particular situation.

  • Right to Withdraw Consent: Withdraw consent at any time where the processing is based on their consent.

7. Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data.

  • Regular testing and evaluation of the effectiveness of security measures.

  • Access controls to restrict access to personal data to authorized personnel only.

  • Regular training for employees on data protection and security practices.

8. Data Breaches

In the event of a data breach, Rachael Ebanks-Gold will promptly assess the risk to data subjects and, if necessary, report the breach to the relevant supervisory authority within 72 hours. Data subjects will be informed without undue delay if the breach is likely to result in a high risk to their rights and freedoms.

9. Third-Party Processors

Where we engage third-party processors to process personal data on our behalf, we ensure that they comply with this policy and relevant data protection laws through contractual agreements.

10. Data Transfers Outside the EEA

If personal data is transferred outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as standard contractual clauses or binding corporate rules.

11. Policy Review

This policy will be reviewed regularly and updated as necessary to ensure continued compliance with data protection laws.

12. Contact Information

For any questions or concerns regarding this policy or the handling of personal data, please contact:

Rachael Ebanks-Gold

rachael@rachaelebanksgold.com