GDPR

SIBIT GDPR Policy

SIBIT Limited
12 Dukes Ride, Crowthorne, RG45 6LT

1. Purpose

This policy outlines how SIBIT Limited (“the Company”) complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It sets out the principles, responsibilities, and procedures for handling personal data to ensure the rights and freedoms of individuals are protected.

2. Scope

  • Applies to all employees, contractors, and third parties working with SIBIT Limited.
  • Covers all personal data processed by the Company, whether electronic, paper-based, or otherwise.
  • Applies to customers, suppliers, partners, and staff whose personal data is collected, stored, or processed.

3. Data Protection Principles

SIBIT Limited adheres to the following UK GDPR principles:

  • Lawfulness, fairness, and transparency – Data is processed lawfully and individuals are informed.
  • Purpose limitation – Data is collected for specified, explicit, and legitimate purposes.
  • Data minimisation – Only data necessary for the purpose is collected.
  • Accuracy – Data is kept accurate and up to date.
  • Storage limitation – Data is retained only as long as necessary.
  • Integrity and confidentiality – Data is processed securely to prevent unauthorised access, loss, or damage.
  • Accountability – The Company takes responsibility for demonstrating compliance.

4. Lawful Basis for Processing

SIBIT Limited processes personal data under one or more lawful bases:

  • Consent of the individual.
  • Performance of a contract.
  • Compliance with legal obligations.
  • Legitimate interests pursued by the Company.
  • Protection of vital interests.
  • Public interest or official authority (where applicable).

5. Data Subject Rights

Individuals have the following rights under UK GDPR:

  • Right to be informed.
  • Right of access.
  • Right to rectification.
  • Right to erasure (“right to be forgotten”).
  • Right to restrict processing.
  • Right to data portability.
  • Right to object.
  • Rights related to automated decision-making and profiling.

Requests to exercise these rights should be directed to the Company’s Data Protection Officer (DPO).

6. Data Protection Officer (DPO)

  • Role: Ensures compliance with UK GDPR, advises on obligations, and acts as point of contact for data subjects and the ICO.
  • Contact: Simon Butterworth, Director, 01344 769090, gdpr@sibit.co.uk

7. Data Security

SIBIT Limited implements appropriate technical and organisational measures, including:

  • Encryption of sensitive data.
  • Secure storage and restricted access.
  • Regular system updates and patching.
  • Staff training on data protection.
  • Incident response procedures for data breaches.

8. Data Breach Procedure

  • All breaches must be reported immediately to the DPO.
  • The DPO will assess severity and notify the Information Commissioner’s Office (ICO) within 72 hours if required.
  • Affected individuals will be informed where there is a high risk to their rights and freedoms.
  • Breach records will be maintained for accountability.

9. Data Retention

  • Personal data is retained only for as long as necessary to fulfil its purpose.
  • Retention schedules are defined by business needs and legal requirements.
  • Data no longer required will be securely deleted or anonymised.

10. Third-Party Processing

  • Contracts with third-party processors include GDPR-compliant clauses.
  • Due diligence is carried out to ensure processors provide adequate safeguards.
  • Data sharing is limited to what is necessary and lawful.

11. International Transfers

  • Personal data transferred outside the UK will only occur where adequate safeguards are in place, such as adequacy decisions or standard contractual clauses.

12. Training & Awareness

  • All staff receive GDPR training upon induction and regular refreshers.
  • Awareness campaigns ensure ongoing compliance and accountability.

13. Review & Updates

  • This policy will be reviewed annually or following significant changes in legislation or business operations.
  • Latest version will be available to all staff and stakeholders.

14. Contact Information

For questions or to exercise data rights, please contact:

SIBIT Limited
12 Dukes Ride, Crowthorne, RG45 6LT
Email: gdpr@sibit.co.uk
Phone: +44 1344 769090icy

© 2026 >sibit_ (SIBIT Limited) . Built using WordPress and Highlight Theme. Tel. 01344 769090