We maintain records of our processing activities, ensuring that our obligations under Article 30 of GDPR and Schedule 1 of the Data Protection Bill are met.
We have a
privacy policy, which provides all individuals whose personal information we process explanations for why we need it, how it is used, what their rights are, who the information is disclosed to, and what safeguarding measures are in place to protect their information.
Examus takes reasonable measures and precautions to protect and secure the personal data that we process. We have robust information security procedures in place to protect personal information from unauthorized access, alteration, disclosure, or destruction.
We have a designated Data Privacy Officer who monitors compliance with the General Data Protection Regulation, with other European Union or Member State data protection law, and with the policies of Examus in relation to the protection of personal data.
Where we obtain and process any special category information, we do so in compliance with the Article 9 requirements.
We reviewed all processing activities and identified the legal basis for processing to ensure that each basis is appropriate for the related activity.
We meet the ‘data minimization’ and ‘storage limitation’ principles. Personal information is stored, archived, and destroyed compliantly and ethically.