GDPR Compliance Statement

1. Introduction

1.1 Since May 25, 2018, any company that operates within the EU is required to meet certain obligations under the EU General Data Protection Regulations.
1.2 Markey Group and associated companies, which include Premiere, Markey Construction, Markey Building Services and Student Digs (“we” or “the Group”) have implemented policies, standards and guidance to ensure that the appropriate controls and safeguards are in place to protect all personal data that we use.
1.3 We are committed to ensuring that all personal data that we hold is processed fairly and lawfully, kept up to date and accurate, adequately secured and protected, collected expressly for legitimate purposes and kept in such a way as to allow data subjects to exercise their rights.

2. Preparation

2.1 The Group has set up a GDPR review to ensure that all areas of the Company are compliant prior to the new regulations coming into force. This has allowed us to identify and take any necessary steps to ensure we are compliant.
2.2 This review has included senior managers from HR, IT and the Senior Leadership Team to ensure we identify and mitigate risks in all areas.
2.3 As part of this review, we are undertaking a systematic audit of the data we store, maintain, manage, process and control in relation to lawfulness, purpose, minimisation, accuracy, consent, limitation, integrity & confidentiality, record keeping and accountability. This includes any offline storage and paper records.

3. Commitment

3.1 We will only request and hold data for the purposes of creating records, ongoing administration and to meet legal or contractual obligations. This data may be collected though our websites, emails, letters, forms or by telephone.
3.2 We will only share data with carefully selected third parties to enable us to carry out required services in the proper management of our dealings with our customers or suppliers.
3.3 Any data transferred to these third parties is done so in a manner that ensures the security of the data no matter how this is transferred.
3.4 All data that we hold is stored within the UK either electronically on servers or in paper format. Access to this data is restricted on a business need basis and is appropriate based on the role of the individual being given such access. Passwords changes are system requested and confidentiality of passwords is strictly maintained. Processes are in place to ensure that leavers of the business have access removed.

4. Compliance

4.1 The Group will be complying with GDPR as a Data Controller and a Data Processor. 
4.2 The Group has reviewed and put in place GDPR compliant privacy policies both internally and externally. All staff who handle any data have received GDPR training and are aware of procedures and responsibilities of staff and stakeholders in regard to GDPR.
4.3 We are using all reasonable endeavours to ensure that any third party or supplier who processes personal data on our behalf is compliant with GDPR. This includes ensuring we have written contracts in place where required. 
4.4 We have in place electronic and paper-based forms that capture personal data, details about GDPR compliance along with link to our privacy policy.

5. Further Information

5.1 Should you require any further information on GDPR, our compliance, or anything else related to this, please contact our Data Controller on hradmin@Markeygroup.co.uk.