B2B GDPR Policy for Hamilton Wood and Company

Introduction

At Hamilton Wood and Company, safeguarding your right to privacy is a commitment we hold paramount. We approach our business-to-business (B2B) relationships with the utmost dedication to data protection and in compliance with the General Data Protection Regulation (GDPR). 

Recognizing the significance of our legal obligations, this policy outlines our comprehensive approach to ensuring lawful, transparent, and secure processing of personal data.

Policy Details:

1. Lawful Processing:

Hamilton Wood and Company pledges to process personal data within B2B interactions only on lawful grounds stipulated by the GDPR. 

This includes processing necessary for fulfilling contractual obligations, compliance with legal mandates, and pursuit of legitimate interests in a manner that respects the rights and freedoms of the data subjects.

2. Data Minimisation:

We commit to the principle of data minimization, ensuring that the personal data we collect and process is strictly limited to what is necessary for the intended purpose. This involves a careful and considered approach to prevent unnecessary data processing.

3. Transparency and Fairness:

Our commitment to transparency extends to clear communication with our B2B partners. We will provide detailed information about the purposes for which personal data is processed, the legal basis for such processing, and the rights afforded to individuals under the GDPR.

4. Individual Rights:

Recognizing the rights of data subjects, Hamilton Wood and Company will facilitate the exercise of these rights. This includes providing individuals with access to their personal data, correcting inaccuracies, and supporting requests for erasure when applicable.

5. Security Measures

To ensure the confidentiality and integrity of personal data, we will implement and maintain robust security measures. This includes technical and organizational safeguards to protect against unauthorized access, disclosure, alteration, and destruction.

6. Data Processing Records:

Hamilton Wood and Company will keep meticulous records of our B2B data processing activities. These records will include comprehensive details such as the categories of data processed, the specific purposes of processing, and any third-party data processors involved.

7. International Data Transfers:

Hamilton Wood and Company is committed to the secure processing of personal data. We want to reassure our clients that any international data transfers, including those to countries outside the UK and the European Economic Area (EEA), strictly adhere to the highest standards of data protection. 

To ensure the utmost security and compliance with GDPR, we exclusively use data centres located within the UK and Europe for storing and processing personal data. This commitment underscores our dedication to safeguarding your information with the utmost care and diligence.

8. Data Protection Impact Assessments (DPIAs):

In instances of high-risk processing activities, particularly where there is a perceived potential risk of criminal activities such as fraud, Hamilton Wood and Company is dedicated to conducting comprehensive Data Protection Impact Assessments (DPIAs). 

These assessments are designed to diligently identify and proactively mitigate potential risks associated with the processing of personal data. 

Our commitment to DPIAs extends to situations where we believe there may be a risk of criminal activity, and we emphasize our lawful obligation to promptly contact the relevant authorities should we suspect any potential criminal conduct. 

This approach underscores our commitment to robust risk management practices and legal compliance in safeguarding both personal data and the broader community's interests.

9. Breach Notification:

In the event of any personal data breaches, Hamilton Wood and Company will promptly report such incidents to the Information Commissioner's Office (ICO) and, when required, communicate transparently with affected parties. 

Our response will prioritize swift and comprehensive action to address and rectify any breaches.

The Company reserves the right to amend and update this policy at any time.  To obtain the current revision please contact a member of management.

>