Devito Codes Ltd

Data Protection & Privacy Policy

1. Introduction

Devito Codes Ltd (“we,” “us,” “our”) is committed to safeguarding the personal data of our employees, contractors, and business partners. This policy explains our approach to handling personal data in compliance with relevant laws and regulations, including the EU General Data Protection Regulation (GDPR), the UK Data Protection Act, and other applicable standards.

2. Scope

This policy applies to:

  • All personal data collected or processed by Devito Codes Ltd, regardless of medium (electronic or paper).
  • All Devito Codes Ltd personnel, including employees and contractors, who handle personal data on our behalf.

3. Data We Collect

We typically collect and process:

  • Employee/Contractor Data: Name, contact details, bank info for payroll, and other HR-related information.
  • Business Partner Data: Contact details of individuals at partner organizations (e.g., emails, phone numbers).
  • Website Analytics (Minimal): Basic usage statistics on our site (IP addresses may be captured in standard server logs).

We do not ordinarily process sensitive personal data (e.g., health, biometric, or political affiliation), unless specifically required for legal or contractual obligations, and then only with proper safeguards.

We process personal data for one or more of the following lawful bases:

  1. Performance of a Contract: To fulfill HR or business agreements.
  2. Compliance with Legal Obligations: E.g., tax or employment law.
  3. Legitimate Interests: E.g., limited marketing, analytics, or improving our HPC services, where this does not override individual privacy rights.
  4. Consent: Where required by law, we seek explicit consent (e.g., optional subscriptions or newsletters).

5. How We Use and Store Data

  • Cloud Storage: We securely store encrypted and can only be accessed using multi-factor authentication.
  • Access Control: We limit access to personal data strictly to those who need it for their job role or contractual duties.
  • Retention: We retain personal data only as long as necessary for legitimate business needs or as required by law. Once no longer needed, we securely delete or anonymize it.

6. Data Sharing and Disclosure

  • Third Parties: We may share personal data with service providers who assist in HR, IT, or legal compliance, under strict data protection agreements.
  • Legal Requirements: We disclose data if compelled by law or regulatory authorities, or to protect our rights and safety (e.g., in a court order).

7. Data Subject Rights

Where applicable (e.g., under GDPR or UK law), individuals have the right to:

  • Access: Request a copy of the personal data we hold about them.
  • Rectification: Correct incomplete or inaccurate data.
  • Erasure (“Right to be Forgotten”): Request deletion of personal data, subject to legal limitations.
  • Restriction: Ask us to temporarily limit processing of personal data.
  • Object: Object to certain processing activities based on legitimate interests.
  • Data Portability: Obtain personal data in a structured, commonly used format.
  • Withdraw Consent: Where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise these rights or make inquiries, please contact our data privacy channel at compliance@devitocodes.com.

8. Security Measures

  • Encryption: We use encryption, both in transit (HTTPS, TLS) and at rest.
  • Access Controls: Strict password policies, multi-factor authentication, and role-based access.
  • Incident Response: If a data breach occurs, we will follow our Incident Response Plan, including notifying affected individuals and regulatory bodies as required by law.

9. International Transfers

Data stored in cloud storage may be processed in data centers outside the UK or EU. The cloud company provides adequate safeguards (e.g., Standard Contractual Clauses) to ensure compliance with GDPR and other relevant regulations.

10. Training and Awareness

All Devito Codes Ltd employees and contractors receive periodic briefings on data protection responsibilities, including safe handling of personal data and reporting potential breaches.

11. Updates to this Policy

We may update this policy from time to time to reflect changes in legal requirements or our data processing practices. Any significant changes will be posted on our website and communicated where appropriate.

12. Contact Us

For questions or concerns about this policy or how we handle personal data, please reach out to:
Data Privacy Team
Email: compliance@devitocodes.com.