Data Protection Policy Statement

Greenacre recognises the significance of data protection. The purpose of this policy is to protect all personal information controlled or processed by the organisation and ensure an adequate level of awareness to ensure data protection principles are applied across all areas of operation within Greenacre.

Personal data is identified and managed in accordance with the data protection risk assessment methodology that endorses the acceptable risk levels.

Our Data Protection Policy is achieved by a stringent set of controls, including policies, processes, procedures and software and hardware functions. These controls are monitored, reviewed and improved by the Board to ensure that specific data protection, security and business objectives are met. This is operated in conjunction with other business management processes, and incorporates the applicable statutory, regulatory and contractual requirements.

In particular, Greenacre is committed to compliance with data protection requirements and good practice to include:

  • Processing personal information only where this is strictly necessary for legal and regulatory purposes, or for legitimate organisational purposes
  • Processing only the minimum personal information required for these purposes
  • Providing clear information to natural persons (including children) about how their personal information can be used and by whom
  • Only processing relevant and adequate personal information
  • Processing personal information fairly and lawfully
  • Maintaining a documented inventory of the categories of personal information processed by the organisation
  • Keeping personal information accurate and, where necessary, up-to-date
  • Retaining personal information only for as long as is necessary for legal or regulatory reasons or for legitimate organisational purposes and ensuring timely and appropriate disposal
  • Respecting natural persons' rights in relation to their personal information
  • Keeping all personal information secure
  • Only transferring personal information outside Luxembourg in circumstances where it can be adequately protected
  • Developing and implementing our database system to enable the data protection policy to be implemented
  • Where appropriate, identifying internal and external interested parties and the degree to which they are involved in the governance of the organisation's database
  • Identify workers with specific responsibility and accountability for the database
  • Maintain records of processing of personal information

Our Data Protection Policy Awareness Program is incorporated in our staff induction and training program. The Data Protection policy is readily accessible internally and presented to existing and prospective clients. In addition to employees; suppliers, contractors and of Greenacre is expected to adhere to our Data Protection Policy.

Greenacre is committed to continual improvement and all employees are empowered to take responsibility for data protection, with a robust process for identifying and reporting data breaches in place and subject to regular review.

Through compliance to applicable statutory, regulatory and contractual requirements, and the requirements of the General Data Protection Regulations (GDPR) for the Protection of Personal Information, Greenacre will demonstrate confidence, integrity and credibility both internally and externally.

Please contact us if you wish to receive or know more about:

  • Privacy notice against data obtained from 3rd party
  • Retention policy
  • Withdraw/consent forms
  • Data protection procedure