GDPR Policy

Introduction to Policy

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

GDPR Policy at StepUpLead

The purpose of this policy is to outline how Apprise Marketing Services – StepUpLead has established measures to maintain compliance with the EU General Data Protection Regulation (also known as the GDPR).

For business purposes, provision of our services, marketing, and business administration, we at StepUpLead collect and process individual information. This includes personal data that relates to our customers, suppliers, business contracts, employees and other people our organization has a relationship with or may need to contact.

In order to ensure that personal data remains safe, business operations are secure and the rights of individuals are respected, compliance with data protection law is essential. StepUpLead is a controller under data protection law, meaning we decide how and why we will use personal data. In relation to personal data, this policy explains our procedures for complying with data protection law and sets out the obligations we have when processing any personal data during the course of our employment.

Specific training regarding data protection procedures will be given to the staff that routinely handles individuals’ personal data. As set out in this policy, our obligations will be supplemented by this training.

Apart from this policy, there will be other policies that will be implemented that will impact the way we deal with personal data and data protection. We expect all of our employees to comply with our Electronic Communications Policy, where relevant.

Who does this policy apply to?

This policy applies to current, former and prospective employees, workers, volunteers, apprentices, and consultants. Those who fall into one of these categories are known as ‘data subject’ for the purposes of this policy. This policy should be read alongside the employment contract or service contract and any other notice the Company issues from time to time in relation to data.

Responsibility of Data protection at StepUpLead

StepUpLead CEO handles the duty of Data Protection Officer (DPO) and is responsible for overseeing, advising and administering StepUpLead’ compliance with this policy and data protection law. It is the responsibility of each department head to ensure full compliance of this policy and data protection law by all staff members in their department/team.

All StepUpLead employees responsible for the security of personal data and to ensure the data is processed in a lawful manner.

Our Principles w.r.t. the GDPR

StepUpLead shall so far as is reasonably practicable comply with the Data Protection Principles contained in the GDPR Act to ensure all data is:-

Fairly and lawfully processed

Processed for a lawful purpose

Adequate, relevant and not excessive

Accurate and up to date

Not kept for longer than necessary

Processed in accordance with the data subject’s rights

Secure

Not transferred to other countries without adequate protection

We have set out below the key obligations under data protection law and details of how StepUpLead expects employees to comply with these requirements.

Personal Data

Personal data covers both facts and opinions about an individual where that data identifies an individual. For example, it includes information necessary for employment such as the member of staff’s name and address and details for payment of salary or a pupil’s attendance record and exam results. Personal data may also include sensitive personal data as defined in the Act.

Accuracy

StepUpLead will endeavour to ensure that all personal data held in relation to all data subjects is accurate. Data subjects must notify the data processor of any changes to information held about them. Data subjects have the right in some circumstances to request that inaccurate information about them is erased. This does not apply in all cases, for example, where records of mistakes or corrections are kept, or records which must be kept in the interests of all parties to which they apply.

Enforcement

If an individual believes that StepUpLead has not complied with the Policy or acted otherwise than in accordance with the Data Protection Act, the concerned person should notify it to StepUpLead as soon as possible.

Data Security

StepUpLead will take appropriate technical and organisational steps to ensure the security of personal data. All employees will be made aware of this policy and their duties falling under the Act. StepUpLead and therefore all working staff are required to respect the personal data and privacy of others and must ensure that appropriate protection and security measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to all personal data.

Secure Destruction

When data held in accordance with this policy is destroyed, it must be destroyed securely in accordance with best practice at the time of destruction. Retention of Data StepUpLead may retain data for differing periods of time for different business purposes as required by statute or best practices, individual departments incorporate these retention times into the processes and manuals. Other statutory obligations, legal processes and enquiries may also necessitate the retention of certain data.

Contact Data Protection Officer in case any Violation.

If you notice any violation or suffer any inconvenience due to a breach of your rights by StepUpLead under this Policy, any EU resident may also file a complaint with our Data Protection Officer.

Data Protection Officer

1011/B, 4th Floor Suma Paradise,
Kumbharwada Chowk, Kasba Peth, Pune-411011
Email: privacy@stepuplead.com