Anti-Slavery and Human Trafficking PolicY
This policy applies to all persons working for IWA Group Ltd (IWA) or on behalf of IWA in any capacity, including employees at all levels, directors, officers, agency workers, seconded workers, volunteers, agents, contractors and suppliers.
IWA Group Ltd strictly prohibits the use of modern slavery and human trafficking in our operations and supply chain. We have and will continue to be committed to implementing systems and controls aimed at ensuring that modern slavery is not taking place anywhere within our organisation or in any of our supply chains. We expect that our suppliers will hold their own suppliers to the same high standards.
Modern slavery is a term used to encompass slavery, servitude, forced and compulsory labour, bonded and child labour and human trafficking. Human trafficking is where a person arranges or facilitates the travel of another person with a view to that person being exploited. Modern slavery is a crime and a violation of fundamental human rights.
We shall be a company that expects everyone working with us or on our behalf to support and uphold the following measures to safeguard against modern slavery:
Date of Issue: 1st December 2024
Review Date: 1st December 2025
IWA Group Ltd strictly prohibits the use of modern slavery and human trafficking in our operations and supply chain. We have and will continue to be committed to implementing systems and controls aimed at ensuring that modern slavery is not taking place anywhere within our organisation or in any of our supply chains. We expect that our suppliers will hold their own suppliers to the same high standards.
Modern slavery is a term used to encompass slavery, servitude, forced and compulsory labour, bonded and child labour and human trafficking. Human trafficking is where a person arranges or facilitates the travel of another person with a view to that person being exploited. Modern slavery is a crime and a violation of fundamental human rights.
We shall be a company that expects everyone working with us or on our behalf to support and uphold the following measures to safeguard against modern slavery:
- We have a zero-tolerance approach to modern slavery in our organisation and our supply chains.
- The prevention, detection and reporting of modern slavery in any part of our organisation or supply chain is the responsibility of all those working for us or on our behalf. Workers must not engage in, facilitate or fail to report any activity that might lead to, or suggest, a breach of this policy.
- We are committed to engaging with our stakeholders and suppliers to address the risk of modern slavery in our operations and supply chain.
- We take a risk based approach to our contracting processes and keep them under review. We assess whether the circumstances warrant the inclusion of specific prohibitions against the use of modern slavery and trafficked labour in our contracts with third parties.
- If we find that other individuals or organisations working on our behalf have breached this policy we will ensure that we take appropriate action. This may range from considering the possibility of breaches being remediated and whether that might represent the best outcome for those individuals impacted by the breach to terminating such relationships.
Date of Issue: 1st December 2024
Review Date: 1st December 2025
GDPR Policy
GDPR POLICY
1. Introduction
IWA Group Ltd ("the Company") is committed to ensuring compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy outlines how the Company collects, uses, stores, and protects personal data.
2. Scope
This policy applies to all employees, contractors, and third parties acting on behalf of IWA Group Ltd. It governs all personal data processed by the Company, irrespective of the medium or location.
3. Definitions
4. Principles of Data Protection
IWA Group Ltd adheres to the following principles:
5. Roles and Responsibilities
6. Data Collection
IWA Group Ltd collects personal data via various means, including forms, emails, and contracts. Examples include:
7. Lawful Basis for Processing
The Company processes personal data under the following lawful bases:
8. Data Subject Rights
Data subjects have the following rights:
9. Data Security
IWA Group Ltd implements robust measures to protect personal data, including:
10. Data Breach Management
In the event of a data breach:
11. Third-Party Processors
The Company ensures third-party processors comply with UK GDPR by:
12. Retention and Disposal
Data is retained only for as long as necessary. Disposal methods include shredding, deletion, and secure erasure of electronic media.
13. Monitoring and Review
This policy is reviewed annually or in response to significant changes in data protection laws or Company operations.
14. Contact and Complaints
For queries or complaints, contact:
Approval
Approved by: Graham Rudd, Director
1. Introduction
IWA Group Ltd ("the Company") is committed to ensuring compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy outlines how the Company collects, uses, stores, and protects personal data.
2. Scope
This policy applies to all employees, contractors, and third parties acting on behalf of IWA Group Ltd. It governs all personal data processed by the Company, irrespective of the medium or location.
3. Definitions
- Personal Data: Any information relating to an identifiable individual, including names, addresses, email addresses, identification numbers, and more.
- Processing: Any operation performed on personal data, such as collection, storage, use, or disposal.
- Data Controller: The entity that determines the purposes and means of processing personal data.
- Data Subject: The individual whose personal data is processed.
4. Principles of Data Protection
IWA Group Ltd adheres to the following principles:
- Lawfulness, Fairness, and Transparency: Personal data is processed lawfully, fairly, and transparently.
- Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
- Data Minimisation: Only the data necessary for the purposes is collected and processed.
- Accuracy: Personal data is kept accurate and up-to-date.
- Storage Limitation: Data is retained only for as long as necessary for processing purposes.
- Integrity and Confidentiality: Personal data is processed securely to prevent unauthorised access or loss.
5. Roles and Responsibilities
- Data Protection Officer (DPO): The DPO oversees data protection compliance and is the point of contact for queries.
- Employees: All staff must adhere to this policy and attend relevant training.
- Email: [email protected]
- Phone: 01383 324 335
6. Data Collection
IWA Group Ltd collects personal data via various means, including forms, emails, and contracts. Examples include:
- Employees: Contact details, payroll information, performance records.
- Clients: Names, email addresses, project details.
- Suppliers: Contact and payment details.
7. Lawful Basis for Processing
The Company processes personal data under the following lawful bases:
- Consent.
- Contractual necessity.
- Compliance with legal obligations.
- Legitimate interests.
8. Data Subject Rights
Data subjects have the following rights:
- Access: To know what personal data is held and processed.
- Rectification: To correct inaccurate or incomplete data.
- Erasure: To request deletion of data under certain circumstances.
- Restriction: To limit processing in certain scenarios.
- Data Portability: To receive personal data in a machine-readable format.
- Objection: To object to data processing based on legitimate interests.
9. Data Security
IWA Group Ltd implements robust measures to protect personal data, including:
- Encryption of sensitive data.
- Regular security audits.
- Restricted access to personal data.
- Secure disposal of data.
10. Data Breach Management
In the event of a data breach:
- Identify: The breach is identified and assessed.
- Contain: Immediate steps are taken to mitigate further risks.
- Notify: The Information Commissioner’s Office (ICO) is notified within 72 hours if required.
- Review: An investigation is conducted, and preventive measures are implemented.
11. Third-Party Processors
The Company ensures third-party processors comply with UK GDPR by:
- Conducting due diligence.
- Having contracts outlining data protection obligations.
12. Retention and Disposal
Data is retained only for as long as necessary. Disposal methods include shredding, deletion, and secure erasure of electronic media.
13. Monitoring and Review
This policy is reviewed annually or in response to significant changes in data protection laws or Company operations.
14. Contact and Complaints
For queries or complaints, contact:
- Data Protection Officer
- Email: [email protected]
- Address: 54 Hope Street, Inverkeithing, KY11 1LN
Approval
Approved by: Graham Rudd, Director