Data Protection Policy
​
1. Introduction
Efficient Growth Consulting is committed to safeguarding the privacy and security of personal data in accordance with the European Union General Data Protection Regulation (GDPR). This Data Protection Policy outlines our approach to data protection, including the collection, processing, storage, and sharing of personal data. Owen Lewis, Director of Operations, is responsible for overseeing the implementation of this policy.
2. Scope
This policy applies to all employees, contractors, and third parties who process personal data on behalf of Efficient Growth Consulting, regardless of their location in our remote-first working environment.
3. Principles of Data Protection
We adhere to the following principles when processing personal data:
-
Lawfulness, fairness, and transparency
-
Purpose limitation
-
Data minimization
-
Accuracy
-
Storage limitation
-
Integrity and confidentiality
4. Data Collection and Use
We collect and process personal data only for legitimate business purposes, with appropriate consent and lawful basis. Personal data will be used solely for the purposes for which it was collected.
5. Data Minimization
We collect only the minimum personal data necessary to achieve our business objectives. Unnecessary data will not be collected or retained.
6. Data Security
We implement technical and organizational measures to ensure the security of personal data, including encryption, access controls, and regular security assessments.
​
7. Data Access and Sharing
Access to personal data is limited to authorized personnel who require it for their roles. Personal data will not be shared with third parties unless necessary for business purposes and with appropriate safeguards.
8. Data Subject Rights
Individuals have the right to access, rectify, erase, restrict processing, object to processing, and data portability. Requests related to these rights should be directed to the Data Protection Officer (DPO).
9. Data Breach
Response We have procedures in place to detect, assess, and respond to data breaches promptly. In the event of a breach, affected individuals and supervisory authorities will be notified as required by GDPR.
10. Cross-Border Data Transfers
When transferring personal data outside the European Economic Area, we ensure that appropriate safeguards are in place, as required by GDPR.
11. Data Retention
Personal data will be retained only for the period necessary to fulfill the purposes for which it was collected, unless legal or regulatory requirements dictate otherwise.
12. Employee Training and Awareness
We provide regular training to our employees to ensure their awareness of data protection principles and their responsibilities in protecting personal data.
13. Policy Review and Update
This policy will be reviewed annually to ensure its continued relevance and compliance with GDPR and any other relevant regulations.
Efficient Growth Consulting is dedicated to upholding the highest standards of data protection and privacy. By implementing this Data Protection Policy, we strive to maintain the trust of our clients, partners, and employees in our commitment to safeguarding personal data.
Data Protection Officer (DPO):
Owen Lewis, Director of Operations
owen@efficientgrowthconsulting.net
​
Policy Owner:
Owen Lewis, Director of Operations
Date of Policy Adoption:
18th January 2023
Date of Last Revision:
3rd April 2023