General Data Protection Compliance by CabConnects
CabConnects remains committed to General Data Protection Regulation (GDPR) compliance to safeguard the personal data of our customers and business contacts. The GDPR was enacted in the UK to ensure that individuals have confidence in the handling of their data during transactions. This regulation is particularly crucial for taxi and transport services like ours, as they often involve sensitive information such as names, addresses, and phone numbers.
Introduction
This Policy outlines CabConnects’ obligations regarding data protection and the rights of individuals under the EU Regulation 2016/679 General Data Protection Regulation (“GDPR”). It defines personal data, sets out the Company’s obligations concerning the collection, processing, transfer, storage, and disposal of personal data, and emphasizes the importance of lawful, fair, and transparent handling of personal data.
The Data Protection Principles
The Policy aims to ensure compliance with GDPR principles, which include processing data lawfully, fairly, and transparently, collecting data for specified purposes, ensuring data accuracy, and maintaining data security.
The Rights of Data Subjects
The GDPR grants various rights to data subjects, including the right to be informed, right of access, right to rectification, right to erasure, right to restrict processing, right to data portability, right to object, and rights with respect to automated decision-making and profiling.
Lawful, Fair, and Transparent Data Processing
The GDPR requires that personal data be processed lawfully and fairly, with consent from the data subject or for specific legitimate purposes outlined in the regulation.
Secure Processing
CabConnects employs rigorous security measures to ensure the secure processing of personal data, including encryption, access controls, and secure transmission protocols.
Accountability and Record-Keeping
The Company maintains detailed records of personal data processing activities and appoints a Data Protection Officer to oversee GDPR compliance.
Data Protection Impact Assessments
The Company conducts Data Protection Impact Assessments for new projects and uses of personal data to evaluate risks and ensure compliance with GDPR requirements.
Keeping Data Subjects Informed
CabConnects provides data subjects with clear, transparent information about the collection and processing of their personal data, including purposes, retention periods, and their rights under GDPR.
Rectification of Personal Data
The Company promptly rectifies inaccurate personal data and notifies affected parties of any corrections made.
Personal Data Collected and Processed
CabConnects collects and processes personal data including names, company names, addresses, phone numbers, and email addresses, adhering to GDPR requirements.
Data Security – Transferring Personal Data and Communications
All communications involving personal data are encrypted, marked as confidential, and transmitted over secure networks to prevent unauthorized access.
Data Security – Storage
Personal data is securely stored using encryption and access controls, with regular backups and no storage on mobile devices.
Data Security – Disposal
When personal data is no longer needed, it is securely deleted and disposed of in accordance with the Company’s Data Retention Policy.
Data Security – Use of Personal Data
Personal data is accessed and shared only by authorized personnel for legitimate business purposes, with strict controls in place to prevent unauthorized disclosure.
Data Security – IT Security
The Company implements robust IT security measures, including regular password changes, software updates, and restrictions on software installation.
Organizational Measures
CabConnects ensures that all employees, contractors, and third parties handling personal data are trained and supervised to comply with GDPR principles.
Data Breach Notification
In the event of a data breach, CabConnects promptly notifies affected parties and regulatory authorities, taking appropriate measures to mitigate risks and protect data subjects’ rights.
Implementation of Policy
This Policy is effective as of 17/12/2018 and will be reviewed periodically to ensure ongoing compliance with GDPR requirements.
For further inquiries regarding data protection or to contact our Data Protection Officer, please reach out to:
Advocate High Court, Shaiza Haider Shah, General Data Protection