GDPR Compliance Policy

1. Introduction

Fuzion Digital Ltd (“we”, “our”, “us”) is committed to protecting the privacy and security of personal data. This GDPR Compliance Policy outlines how we collect, use, store, and protect personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Scope

This policy applies to all employees, contractors, and third-party service providers who process personal data on behalf of Fuzion Digital Ltd.

3. Principles of Data Protection

We comply with the following principles when processing personal data:

• Lawfulness, fairness, and transparency

• Purpose limitation

• Data minimisation

• Accuracy

• Storage limitation

• Integrity and confidentiality

• Accountability

4. Lawful Basis for Processing

We process personal data on one or more of the following lawful bases:

• Consent

• Contractual necessity

• Legal obligation

• Legitimate interests

• Vital interests

• Public task

5. Data Subject Rights

Data subjects have the right to:

• Access their personal data

• Rectify inaccurate or incomplete data

• Erase personal data (“right to be forgotten”)

• Restrict processing

• Object to processing

• Data portability

• Lodge a complaint with the Information Commissioner’s Office (ICO)

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting requirements.

7. Data Security

We implement appropriate technical and organisational measures to ensure the security of personal data, including:

• Encryption

• Access controls

• Regular audits

8. Data Breach Notification

In the event of a data breach, we will:

• Notify the ICO within 72 hours

• Notify affected individuals where required, in compliance with GDPR

9. Third-Party Processors

We ensure that all third-party processors are GDPR-compliant and enter into appropriate data processing agreements with them.