Data Protection

In accordance with the EU General Data Protection Regulation (GDPR) and Data Protection Act (DPA) 2018

Goal of the Data Protection Policy

The goal of this data protection policy is to outline the legal data protection aspects in a comprehensive document. It serves as a foundation for statutory data protection inspections, such as those conducted by customers within the scope of commissioned processing. This policy ensures compliance with the European General Data Protection Regulation (GDPR) and Data Protection Act (DPA) 2018 and provides proof of such compliance.

Preamble

Welcome to Mortice & Green, London’s Premier Wooden Sash Window Repair and Replacement Specialists.

Mortice & Green, the trading name of MG Insulation Ltd, has established itself as a leader in manufacturing and installing bespoke reproduction SFC hardwood sash and casement windows. With a legacy of excellence spanning decades, our company places utmost importance on both craftsmanship and data protection. 

At Mortice & Green, we prioritize the security and privacy of our clients’ data. Our operations are guided by a robust data protection policy meticulously designed to comply with the EU General Data Protection Regulation (GDPR) and Data Protection Act (DPA) 2018. This policy ensures that all personal data entrusted to us is handled with the highest standards of confidentiality, integrity, and availability.

Security Policy and Responsibilities in the Company

  • Data Protection Goals: Our company prioritizes data protection alongside other corporate objectives. These goals are based on data protection principles and tailored to our specific operations.
  • Roles and Responsibilities: We have clearly defined roles and responsibilities, including representatives of the company, operational data protection officers, coordinators or data protection teams, and operational managers.
  • Commitment to Improvement: We are committed to the continuous improvement of our data protection management system.
  • Employee Training: All employees are regularly trained, sensitized, and obligated to uphold data protection standards.

Legal Framework in the Company

  • Industry Regulations: We adhere to industry-specific legal and conduct regulations for handling personal data.
  • Stakeholder Requirements: We consider and meet the requirements of both internal and external stakeholders.
  • Applicable Laws: We comply with all applicable laws, including special local regulations where relevant.

Documentation

  • Inspections: We document all conducted internal and external data protection inspections.
  • Protection Needs: We determine the need for data protection concerning confidentiality, integrity, and availability.

Existing Technical and Organisational Measures (TOM)

We implement appropriate technical and organizational measures, considering the purpose of processing, the state of technology, and implementation costs. These measures are structured based on ISO/IEC 27002 and ISO/IEC 29151 guidelines. Examples of Implemented Measures:

  • Data Subject Rights: Ensuring rights of data subjects are upheld.
  • Access Control: Implementing robust access control mechanisms.
  • Information Classification: Classifying and handling information appropriately.
  • Physical and Environmental Security: Protecting end users through measures such as permissible use guidelines, screen locks, mobile device policies, and restrictions on software installation and use.
  • Data Backup: Regularly backing up data to prevent loss.
  • Information Transfer: Securing the transfer of information.
  • Malware Protection: Implementing measures to protect against malware.
  • Technical Weak Points: Addressing and mitigating technical vulnerabilities.
  • Cryptographic Measures: Using cryptographic methods to protect data.
  • Communication Security: Ensuring secure communications.
  • Privacy and Personal Information Protection: Safeguarding personal information and privacy.
  • Supplier Relationships: Regularly inspecting and evaluating data processing activities of suppliers, ensuring the efficacy of implemented technical and organizational measures.

Review and Updates

This policy is reviewed regularly and updated as necessary to ensure ongoing compliance with GDPR and DPA 2018 and to reflect any changes in our data processing activities or in applicable laws and regulations.