1. Purpose
‍
‍1.1 The purpose of this Policy is to ensure that Elysium Vanguard Ltd (“EVL”) complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1.2 This Policy sets out the principles, responsibilities, and procedures for handling personal data within EVL.

2. Scope
‍
‍2.1 This Policy applies to all employees, contractors, and subcontractors engaged by EVL.

2.2 It covers all personal data processed in connection with EVL’s Technical SurveillanceCounterMeasures (TSCM) search services, including client data, staff data, and supplier data.

3. Data Protection Principles
‍
‍3.1 EVL adheres to the following principles of data protection:    (a) Lawfulness, fairness, and transparency.    (b) Purpose limitation.    (c) Data minimisation.    (d) Accuracy.    (e) Storage limitation.    (f) Integrity and confidentiality.    (g) Accountability.

4. Roles and Responsibilities
‍
‍4.1 Data Controller: EVL is the Data Controller for all personal data processed.

4.2 Data Protection Officer (DPO): [Insert Name/Role] is responsible for overseeing compliance and acting as the point of contact for data protection matters.

4.3 Employees and Contractors: All personnel must comply with this Policy and report anydata protection concerns or breaches immediately.

5. Lawful Basis for Processing
‍
‍5.1 EVL processes personal data under the following lawful bases:    (a) Contractual necessity – to deliver agreed services.    (b) Legal obligation – to comply with statutory requirements.    (c) Legitimate interests – to ensure the security and integrity of services.    (d) Consent – where required for specific purposes.

6. Data Subject Rights
‍
‍6.1 EVL recognises and upholds the rights of individuals under UK GDPR, including:    (a) Right of access.    (b) Right to rectification.    (c) Right to erasure.    (d) Right to restrict processing.    (e) Right to data portability.    (f) Right to object.    (g) Rights in relation to automated decisionmaking and profiling.

7. Data Security
‍
‍7.1 EVL implements appropriate technical and organisational measures to protect personaldata, including:    (a) Secure storage of records and reports.    (b) Restricted access to authorised personnel only.    (c) Encryption and secure communications where applicable.    (d) Regular review of security practices.

8. Data Breach Management
‍
‍8.1 All suspected data breaches must be reported immediately to the DPO.

8.2 The DPO will investigate and, where necessary, notify the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of a breach.

8.3 Affected individuals will be informed where the breach is likely to result in a high risk to their rights and freedoms.

9. Training and Awareness
‍
‍9.1 All staff and contractors will receive training on data protection and GDPR compliance.

9.2 Training will be refreshed periodically to ensure ongoing awareness.

10. Data Retention
‍
‍10.1 Personal data will be retained only for as long as necessary to fulfil contractual obligations and comply with legal requirements.

10.2 Retention periods will be defined in EVL’s Data Retention Schedule.

11. International Transfers
‍
‍11.1 EVL does not routinely transfer personal data outside the UK or EEA.

11.2 Where transfers are necessary, appropriate safeguards will be applied in line with UKGDPR requirements.

12. Policy Review
‍
‍12.1 This Policy will be reviewed annually or sooner if required by changes in law or businesspractices.

12.2 Updates will be approved by senior management and communicated to all staff.

13. Contact
‍
‍13.1 For questions regarding this Policy, please contact:    (a) Data Protection Officer (DPO): Ellie Sanders    (b) Email: ellie@elysiumvanguard.co.uk