General Data Protection Regulation (GDPR) Compliance Policy
1. Introduction
Pyramid E&C group is committed to ensuring the security and protection of the personal data that we process, and to provide a compliant and consistent approach to data protection in line with the General Data Protection Regulation (EU) 2016/679 (GDPR).
2. Purpose
This policy outlines our commitment to GDPR compliance, ensuring that personal data is processed lawfully, transparently, and for a specific purpose.
3. Scope
This policy applies to all employees, contractors, vendors, and other stakeholders who process personal data on behalf of Pyramid E&C group, including cloud-based and digital systems.
4. Data Protection Principles
We adhere to the following principles as required by GDPR:
- Lawfulness, fairness, and transparency
- Purpose limitation
- Data minimization
- Accuracy
- Storage imitation
- Integrity and confidentiality
- Accountability
5. Lawful Basis for Processing
We only process personal data where we have a lawful basis, which may include:
- Consent
- Contractual necessity
- Legal obligation
- Legitimate interests
6. Data Subject Rights
We respect the rights of data subjects under GDPR, including:
- Right to access
- Right to rectification
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object
7. Data Security
Appropriate technical and organizational measures are in place to ensure the confidentiality, integrity, and availability of data.
8. Data Breach Notification
In the event of a data breach, we will notify the supervisory authority within 72 hours and inform affected individuals if there is a high risk to their rights and freedoms.
9. Third-Party Processors
Where we engage third parties to process personal data, we ensure they comply with GDPR and have appropriate safeguards in place.
10. Training and Awareness
All staff involved in data processing activities receive regular training on GDPR compliance.
11. Policy Review
This policy will be reviewed annually or when significant changes occur in data processing practices or relevant regulations.
