This Data Protection Policy outlines how Redshift Holdings Ltd, trading as Redshift Marketing ("the Agency") collects, uses, stores, and protects personal data in compliance with the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR). The Agency is committed to ensuring that personal data is handled in a secure and transparent manner.
This policy applies to all employees, contractors, and third-party service providers who handle personal data on behalf of the Agency.
The Agency adheres to the following principles when processing personal data:
Personal data is processed lawfully, fairly, and in a transparent manner.
Data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
Data collected is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
Personal data is accurate and, where necessary, kept up to date.
Data is kept in a form which permits identification of data subjects for no longer than is necessary.
Personal data is processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage.
The Agency collects personal data through various means, including but not limited to:
The Agency processes personal data based on one or more of the following legal bases:
The data subject has given consent to the processing of their personal data for one or more specific purposes.
Processing is necessary for the performance of a contract to which the data subject is a party.
Processing is necessary for compliance with a legal obligation to which the Agency is subject.
Processing is necessary for the purposes of the legitimate interests pursued by the Agency or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
Data subjects have the following rights regarding their personal data:
The Agency implements appropriate technical and organisational measures to ensure the security of personal data, including:
In the event of a data breach, the Agency will notify the Information Commissioner's Office (ICO) within 72 hours and inform affected data subjects without undue delay if the breach is likely to result in a high risk to their rights and freedoms.
The Agency ensures that third-party processors comply with data protection laws and have appropriate safeguards in place. Data processing agreements are established with all third-party processors.
Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected or as required by law. The Agency has a data retention schedule that outlines the retention periods for different categories of data.
All employees and contractors receive regular training on data protection principles and practices. The Agency promotes a culture of data protection awareness and compliance.
This policy is reviewed annually or as required to ensure its effectiveness and compliance with applicable laws and regulations.
For any questions or concerns regarding this policy or data protection practices, please contact our data protection officer:
Mr. Sol Smith
Redshift Holdings Ltd, trading as Redshift Marketing
17-19 St Georges Street
Norwich, NR3 1AB
Contact Us