Data Security Policy

Almeda are committed to respecting the privacy of the people with whom we come into contact with regardless of their relationship with us.  We ensure we comply with data security and GDPR obligations. 

Our Data Security Policy sets out our commitment to protecting personal data and how we implement that commitment with regards to the collection and use of data.  To achieve this, a combination of detective, preventative, proactive and reactive measures have been adopted to revolve around protection of privacy.  

Almeda review information relating to security reporting at monthly SMT meetings.

We are committed to:

  • ensuring that we comply with data protection principles and rights of individuals
  • meeting our legal obligations as laid down by the General Data Protection Regulation (GDPR)
  • ensuring that data is collected and used fairly and lawfully
  • processing personal data only in order to meet our operational needs or fulfil legal requirements (all personal data stored, accessed and handled securely)
  • taking steps to ensure that personal data is up to date and accurate
  • establishing appropriate retention periods for personal data
  • ensuring that data subjects’ rights can be appropriately exercised
  • providing adequate security measures to protect company equipment (in line with the physical security of equipment and environmental security such as heating and cooling of equipment) where equipment contains personal data; this may include removable media such as laptops, USB sticks and paper documents
  • ensuring systems and network security (with support from our IT provider), controls in place to restrict remote access to networks and systems, software controlled
  • Secure disposal of IT assets
  • ensuring that a nominated officer (Almeda Technical Director supported by QHSE Manager) is responsible for data protection compliance and provides a point of contact for all data protection issues
  • ensuring that all staff are made aware of good practice in data protection
  • providing adequate training for all staff
  • ensuring that everyone handling personal data knows where to find further guidance
  • ensuring that queries about data protection, internal and external to the organisation, is dealt with effectively and promptly
  • regularly reviewing data protection procedures and guidelines within the organisation

Queries and Updates

The Policy is maintained by Almeda’s Technical/QHSE team and will be publicised throughout the company on shared company folder.  It will be made available to external parties on request. 

The policy has been approved by Almeda’s Managing Director.

This policy will be updated annually; additionally we may carry out additional updates from time to time; any material updates or changes to this Policy will be communicated. 

B Savage George, Managing Director
Review date March 2025

Data Security Policy – Appendix

GDPR : Principles of the Regulation

  1. Personal data will be processed lawfully, fair and in a transparent manner to individuals
  2. Personal data will be collected for a specified, explicit and legitimate purposes and not further processed in any manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes shall not be considered as incompatible with the initial purposes
  3. Personal data should be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
  4. Accurate personal data, where necessary, kept up to date, every reasonable step must be taken to ensure that personal data is accurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
  5. Personal data will be kept in a form which permits identification of data subject for no longer than necessary for the purposes for which they are processed, personal data may be stored for longer periods insofar as the personal data will be processed subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedom of individuals
  6. Personal data processed in a manner that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage, using technical or organisational measures
GDPR : Rights of Individuals

Individuals will benefit from increased rights under the new Regulation.

  1. The right to be informed encompasses our obligation to provide ‘fair process information’, typically through a privacy notice
  2. Under GDPR individuals have the right to obtain confirmation that their data is being processed, access to their personal data, and other supplementary information (this largely corresponds to the information that should be provided in a privacy notice
  3. Individuals are entitled to have personal data rectified if it is inaccurate or incomplete. Individuals will be informed about third parties to whom data has been disclosed where appropriate. 
  4. The right to erasure is also known as the’ right to be forgotten’. Underpinning this right is to enable an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing. 
  5. The individual has a right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling), direct marketing (including profiling), and processing for purposes of scientific/historical research and statistics.
  6. The right to data portability allows individuals to obtain and re-use their data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability. 
  7. Individuals have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling), direct marketing (including profiling) and processing for purposes of scientific/historic research and statistics.
  8. GPDR provides safeguards for individuals against the risk that a potentially damaging decision is taken without human intervention.
Scroll to Top