Last Updated: 25 March 2025 | Next Review Due: 25 March 2026
This policy outlines SmartTechHub's approach to personal-data management and compliance with the UK GDPR and Data Protection Act 2018. It applies to all employees, contractors, and partners.
We process personal data under: Contract, Legal obligation, Legitimate interest, and Consent (where applicable).
Only relevant data is collected and kept accurate and up-to-date. We review records regularly and securely delete data when no longer required.
Encryption, MFA, firewalls, EDR, regular patching, secure configurations, network segmentation, off-site backups, and security monitoring.
Employee training, vetting, least-privilege access, supplier audits, incident response plan, annual policy reviews.
All data-bearing devices are sanitised or destroyed per HMG Infosec Standard 5 (Higher) and NIST 800-88 Rev.1, with serial-numbered verification and certificates.
Data stays within the UK/EEA where possible. If transfer is necessary, appropriate safeguards are applied via adequacy decisions or standard clauses.
We recognise and support all data-subject rights under UK GDPR. Requests to exercise rights should be sent to dpo@smarttechhub.co.uk.
Any breach posing risk to individuals will be reported to the ICO within 72 hours. Affected parties will be informed without undue delay.
We maintain Records of Processing Activities (RoPA), conduct DPIAs where necessary, and carry out annual audits and staff refresh training. Senior management oversees compliance.
All marketing is opt-in only. Subscribers can unsubscribe at any time. We never sell or rent marketing data.
Personal data retained for minimum periods needed to satisfy contractual and legal requirements (typically six years) then securely erased.
Data Protection Officer – SmartTechHub Limited
Email: dpo@smarttechhub.co.uk
Address: 7 Bell Yard, London WC2A 2JR
Our Data Protection Officer is available to assist with any GDPR-related inquiries.