Introduction

Facilities Management Complete Ltd is committed to protecting the privacy and data rights of our customers, employees, and all individuals whose personal data we process. This GDPR Compliance Statement outlines Facilities Management Complete Ltd’s dedication to compliance with the General Data Protection Regulation (GDPR) and describes the measures Facilities Management Complete Ltd has implemented to ensure data protection within our organisation.

Data Protection Officer (DPO):

Facilities Management Complete Ltd has appointed Ian Stone as our Data Protection Officer (DPO). Contact Ian Stone at ian@fmc-uk.co.uk for any GDPR- related inquiries.

Lawful Basis for Processing:

Facilities Management Complete Ltd processes personal data only when there is a lawful basis to do so, including consent, contract necessity, legal obligations, vital interests, and legitimate interests.

Data Minimisation:

Facilities Management Complete Ltd collects and processes only the personal data that is necessary for the specific purpose for which it was obtained.

Transparency:

Facilities Management Complete Ltd maintains transparency by providing clear and concise privacy notices to individuals whose data we collect, outlining the purpose, legal basis, and retention period of data.

Data Security:

Facilities Management Complete Ltd employs robust security measures to protect personal data from unauthorised access, disclosure, alteration, and destruction.

This includes encryption, access controls, and regular security audits.

Data Subject Rights:

Facilities Management Complete Ltd respects individuals’ rights under GDPR, including the right to access, rectify, erase, restrict processing, data portability, and
object to processing. Facilities Management Complete Ltd has procedures in place to address and fulfil these rights within the legally required timeframe.

Data Breach Response:

Facilities Management Complete Ltd has established a comprehensive data breach
response plan, including notification procedures to the relevant supervisory authorities and affected data subjects, where necessary.

Data Protection Impact Assessments (DPIAs):

Facilities Management Complete Ltd conducts DPIAs when processing activities pose a high risk to individuals’ rights and freedoms, ensuring proactive risk mitigation and compliance with GDPR.

Third-Party Relationships:

When engaging third-party processors, Facilities Management Complete Ltd conducts due diligence to ensure they are GDPR-compliant and have appropriate data protection measures in place.

Records of Processing Activities:

Facilities Management Complete Ltd maintains records of its data processing activities as required by GDPR, including purposes, categories of data, recipients, and retention periods.

Regular Audits and Assessments:

Facilities Management Complete Ltd conducts regular assessments and audits of its data protection practices to ensure ongoing GDPR compliance.

Cooperation with Supervisory Authorities:

Facilities Management Complete Ltd cooperates fully with supervisory authorities in matters related to data protection and GDPR compliance.

Review and Update:

This GDPR Compliance Statement is periodically reviewed and updated by Facilities Management Complete Ltd to reflect changes in regulations, industry best practices, and internal processes.

Date of Last Update: 8th September 2023

Signed,
Ian Stone

Facilities Management Complete Ltd