This General Data Protection Policy contains the principles to protect personal data that Brecon Carreg in its controller’s capacity, has adopted to be compliant with its legal obligations. We strive to protect and respect the personal data of our employees, customers, suppliers and everyone who is active within our organization. This means that, when we collect and process personal data it will always be undertaken in a careful and transparent manner.
This also means that we expect you to handle the personal data which you collect and process in the performance of your employment agreement or any other agreement with the same care as we do. In this General Data Protection Policy, we explain the rules which you will have to comply with when you collect personal data that are processed by or on behalf of Brecon Mineral Water.
The terms in this General Data Protection Policy are compliant with the EU Regulation 2016/679 of 27 April 2016 on the protection of natural persons about the processing of personal data and on the free movement of such data (hereinafter the “GDPR”).
For the avoidance of doubt, the terms below have the following meaning:
- ‘Personal Data’ means any information relating to an identified or identifiable real person (‘data owner’). An identifiable real person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
This means that any information on which an individual can be identified, has to be considered and treated as personal data.
- ‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether by automated or manual means, such as collection, recording, organisation, structure, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
This means that any manipulation of personal data, how limited it may be, must be considered an act of processing.
- ‘Consent’ of the data owner means any freely given, specific, informed and unambiguous indication of the data owner’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
- ‘Personal data breach’means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
- ‘Anonymous data’ means data which concerns individuals impossible to specifically identify taking all reasonable measures into account that can be used by Brecon Carreg or a third party to identify that individual. Anonymous data are not considered to be personal data and fall outside the scope of this General Data Protection Policy.
General Data Protection Policy’s Purpose
This General Data Protection Policy aims are to sensitize all stakeholders as to how personal data will be treated within our organisation and is aimed at ensuring compliance with the provisions and standards of the GDPR.
Every employee, independent contractor or agent who is active within our organisation must be aware of the importance of personal data and the way they must be treated.
General Data Protection Policy scope
This General Data Protection Policy applies to every employee, independent contractors or agents working for Brecon Carreg or performing any activities for one of our subsidiaries and sister companies.
The General Data Protection Policy can be modified from time to time to always be compliant with our legal obligations. Any modification will be communicated immediately. We invite you to consult the General Data Protection Policy on a regular basis.
The principles that are set forth in this Policy are fully compliant with the GDPR requirements
Brecon Mineral Water data processing principles
It is mandatory that all our stakeholders respect those principles when processing personal data:
- Lawfulness, fairness and transparency
Personal data must be processed lawfully, fairly and in a transparent manner
Lawfulness implies that the processing of personal data has a legal basis and the data owner has given his consent:
- the data owners before entering into a contract with Brecon Mineral Water will be informed of the use made by the Company and the way their personal data are processed,
Transparency implies that the data owners are informed of the way their data are processed who is responsible for processing the data and why they are processed that way and will be provided with the necessary notifications.
The processing of personal data can only occur for a specified, explicit and legitimate purpose. The purpose can cover all functional and operational reasons.
Data minimisation means that only necessary personal data will be collected and processed in relation to the purpose for which the personal data are required.
Brecon Mineral Water will make sure to keep personal data in its custody with accuracy, in a correct manner and up-to-date.
Personal data will be processed and stored as required and for the purpose It is intended for.
Brecon Mineral Water will make sure that data in its custody is appropriately and adequately secured.
Documentation obligation and record of processing activities
Brecon Mineral Water will keep a record of the processed data activities as required by the GDPR.
Personal data breach
If you identify a personal data breach, whatever the nature may be, or a violation of this General Data Protection Policy please immediately notify the Brecon Mineral Water Privacy Manager (firstname.lastname@example.org) who will investigate and respond promptly with proposed actions to rectify the breach.
- Right of access: The data owner has the right to obtain confirmation his/her personal data are being processed, and, can access the data.
- Right to rectification: If personal data are not correct or complete, the data owner has the right to have his data rectified in a reasonable time.
- Right of removal: the data owner has the right to obtain from Brecon Mineral Water the erasure of his/her personal data unless they are required to fulfil Brecon Mineral Water operational legal obligations.