DATA PROTECTION POLICY
DATA PROTECTION POLICY
Surrey Car Service LTD (“the Company”) recognizes the importance of safeguarding personal data
and respecting individuals’ privacy rights. This Data Protection Policy outlines our commitment to
protecting personal data in accordance with various data protection laws and regulations, which
may include but are not limited to:
The General Data Protection Regulation (GDPR) in Europe
The California Consumer Privacy Act (CCPA) in the United States
The Personal Data Protection Act (PDPA) in Singapore
The Privacy Act in Australia
This policy establishes the framework for how we collect, process, store, and manage personal data
responsibly and in compliance with these laws.
RESPONSIBILITIES
EMPLOYEES
All employees are responsible for ensuring the proper handling of personal data in their day-to-day
activities. They must adhere to this policy and report any data protection concerns to the DPO.
CONTRACTORS AND THIRD PARTIES
Contractors and third parties engaged by the Company are also responsible for adhering to this
policy and for ensuring the proper handling of personal data in their activities on behalf of the
Company. They must comply with applicable data protection laws and regulations and report any
data protection concerns to the DPO.
DATA PROTECTION OFFICER (DPO)
The Company has appointed a Data Protection Officer (Abdul Ali) who is responsible for
overseeing data protection matters, ensuring compliance with applicable laws, conducting regular
audits or reviews of data processing activities, and acting as a point of contact for data subjects and
regulatory authorities.
DATA COLLECTION AND PROCESSING
LAWFUL PROCESSING
The Company will only collect and process personal data when it has a lawful basis to do so,
including but not limited to:
The consent of the data subject
Contractual necessity
Legal obligation
Legitimate interests
The protection of vital interests
TRANSPARENCY
Data subjects will be informed of the purposes for which their data is collected and processed,
including the lawful basis for processing, at the point of data collection or before, and their rights
in relation to their data.
CONSENT
Where consent is required for processing personal data, the Company will obtain explicit and
freely given consent from data subjects. Consent will be obtained through clear and easily
accessible means, and records of consent will be maintained.
DATA SECURITY
DATA BREACH RESPONSE
A data breach is defined as any unauthorized access, disclosure, or acquisition of personal data that
compromises its confidentiality, integrity, or availability. In the event of a data breach, the
Company will promptly:
Assess and mitigate the impact of the breach
Notify affected data subjects in a timely manner, providing details of the breach and actions
they can take to protect themselves
Notify relevant regulatory authorities where required by applicable law
DATA SUBJECT RIGHTS
Data subjects have the following rights regarding their personal data:
Right to Access: Data subjects can request access to their personal data.
Right to Rectification: Data subjects can request corrections to their personal data.
Right to Erasure: Data subjects can request the deletion of their personal data.
Right to Data Portability: Data subjects can request the transfer of their personal data.
Right to Object: Data subjects can object to the processing of their personal data.
Right to Restriction of Processing: Data subjects can request the restriction of processing
under certain circumstances.
To exercise these rights, data subjects can contact the Data Protection Officer at the contact
information provided below.
CONTACT INFORMATION
Data subjects can contact the Data Protection Officer at:
Abdul Ali – Surrey.cars@aol.com
APPROVAL AND EFFECTIVE DATE
This Data Protection Policy was approved by Abdul Ali and is effective from 5th September 2024.