GDPR & Data Protection Policy

Our commitment to protecting your data

Introduction

Universal App Company is committed to protecting the privacy and security of personal data. This policy outlines our approach to data protection and compliance with the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018.

Data Protection Principles

We process personal data in accordance with the following principles:

  • Lawfulness, fairness, and transparency: We process data lawfully, fairly, and in a transparent manner
  • Purpose limitation: We collect data for specified, explicit, and legitimate purposes only
  • Data minimization: We ensure data is adequate, relevant, and limited to what is necessary
  • Accuracy: We keep personal data accurate and up to date
  • Storage limitation: We retain data only as long as necessary
  • Integrity and confidentiality: We process data securely with appropriate safeguards
  • Accountability: We take responsibility for compliance and can demonstrate it

Types of Data We Collect

Depending on our engagement with you, we may collect:

  • Contact information (name, email, phone number, address)
  • Professional information (job title, organization)
  • Communication records
  • Contract and procurement information
  • Technical data from website usage

Legal Basis for Processing

We process personal data under one or more of the following legal bases:

  • Contract: Processing necessary for performance of a contract
  • Legal obligation: Processing necessary to comply with legal requirements
  • Legitimate interests: Processing necessary for our legitimate business interests
  • Consent: Where you have given explicit consent for specific purposes

Your Rights

Under UK GDPR, you have the following rights:

  • Right to be informed: You have the right to know how we use your data
  • Right of access: You can request a copy of your personal data
  • Right to rectification: You can request correction of inaccurate data
  • Right to erasure: You can request deletion of your data in certain circumstances
  • Right to restrict processing: You can request limitation of how we use your data
  • Right to data portability: You can request transfer of your data
  • Right to object: You can object to certain types of processing
  • Rights related to automated decision making: You have rights regarding automated decisions

Data Security

We implement appropriate technical and organizational measures to protect personal data, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication
  • Regular security assessments and penetration testing
  • Staff training on data protection
  • Incident response procedures
  • Regular backups and disaster recovery plans

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Legal and regulatory requirements
  • Contract performance and enforcement
  • Legitimate business purposes

We maintain a data retention schedule that specifies retention periods for different categories of data.

International Data Transfers

Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as:

  • EU Standard Contractual Clauses
  • Adequacy decisions
  • Other approved transfer mechanisms

Data Protection Officer

For questions about our data protection practices or to exercise your rights, please contact our Data Protection Officer:

Email: dpo@universalappco.com

Complaints

If you have concerns about our data protection practices, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: https://ico.org.uk/
Telephone: 0303 123 1113

Policy Updates

We review and update this policy regularly to ensure it remains current with legal requirements and best practices.

Last Updated: January 2024

Environmental & Sustainability →