GDPR (General Data Protection Regulation) Policy

  1. Introduction

O'Connell Contracting ("we," "us," or "our") is committed to protecting the rights and privacy of individuals in relation to their personal data. This GDPR Policy outlines our approach to collecting, processing, storing, and protecting personal data in compliance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

  1. Definitions

a) Personal Data: Any information relating to an identified or identifiable natural person.

b) Data Subject: An individual who can be identified, directly or indirectly, by reference to personal data.

c) Controller: The entity that determines the purposes and means of the processing of personal data.

d) Processor: The entity that processes personal data on behalf of the controller.

  1. Principles of Data Protection

We adhere to the following principles for processing personal data:

a) Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and transparently, ensuring that data subjects are informed about the processing activities.

b) Purpose Limitation: We collect and process personal data only for specified, explicit, and legitimate purposes.

c) Data Minimization: We collect and process only the personal data necessary for the intended purposes.

d) Accuracy: We strive to keep personal data accurate and up-to-date, taking reasonable steps to rectify or erase inaccurate data without delay.

e) Storage Limitation: We retain personal data in a form that allows identification of data subjects only for as long as necessary for the purposes for which the data was collected.

f) Integrity and Confidentiality: We implement appropriate technical and organizational measures to ensure the security, integrity, and confidentiality of personal data.

g) Accountability: We are accountable for our data protection practices and demonstrate compliance with applicable data protection laws and regulations.

  1. Lawful Basis for Processing Personal Data

We process personal data based on one or more of the following lawful bases:

a) Consent: When the data subject has given clear and explicit consent for the processing of their personal data.

b) Contractual Necessity: When processing is necessary for the performance of a contract with the data subject or to take pre-contractual steps at the data subject's request.

c) Legal Obligation: When processing is necessary to comply with a legal obligation to which we are subject.

d) Legitimate Interests: When processing is necessary for our legitimate interests or those of a third party, provided that the data subject's interests and fundamental rights do not override those interests.

  1. Rights of Data Subjects

We respect the rights of data subjects as outlined in the GDPR. Data subjects have the right to:

a) Access: Request access to their personal data and obtain information about the processing activities.

b) Rectification: Request the correction of inaccurate or incomplete personal data.

c) Erasure: Request the deletion of personal data under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

d) Restriction of Processing: Request the restriction of processing in certain situations, such as when the accuracy of the data is contested.

e) Data Portability: Receive personal data in a structured, commonly used, and machine-readable format and transmit it to another controller where technically feasible.

f) Object to Processing: Object to the processing of personal data based on legitimate interests or for direct marketing purposes.

g) Automated Decision-Making: Object to decisions basedsolely on automated processing, including profiling, that significantly affects the data subject.

h) Withdraw Consent: Withdraw consent for processing personal data when processing is based on consent.

To exercise these rights, data subjects can contact us using the information provided in Section 9.

  1. Data Security

We implement appropriate technical and organizational measures to ensure the security and confidentiality of personal data. These measures include:

a) Access Controls: Restricting access to personal data to authorized individuals on a need-to-know basis.

b) Encryption: Encrypting personal data during transmission and storage where applicable.

c) Data Minimization: Limiting the collection and storage of personal data to what is necessary for the intended purposes.

d) Data Breach Response: Establishing procedures to detect, report, and investigate data breaches and to notify affected individuals and authorities when required.

  1. Data Transfers

If personal data is transferred to countries outside the European Economic Area (EEA), we will ensure that appropriate safeguards are in place to protect the data. This may include relying on adequacy decisions, implementing standard contractual clauses, or using other approved mechanisms as required by applicable data protection laws.

  1. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law. When personal data is no longer needed, we will securely dispose of it.

  1. Contact Us

For any questions, concerns, or requests regarding this GDPR Policy or our data protection practices, please contact us at:

O'Connell ContractingAddress: [Insert Address]Email: [Insert Email Address]Phone: [Insert Phone Number]

  1. Changes to the GDPR Policy

We may update this GDPR Policy from time to time to reflect changes in our data processing practices or legal requirements. We encourage you to review this policy periodically for any updates. The revised policy will be effective as of the revised Effective Date stated at the beginning of the policy.

© O'Connell All Rights Reserved, 2024