1. Policy Statement
CFS UK Services Limited is committed to protecting personal data and ensuring compliance with
the UK GDPR and Data Protection Act 2018.
2. Scope
This policy applies to all employees, contractors, and systems handling personal data.
3. Principles
Data is processed lawfully, fairly, and transparently; collected for specified purposes; limited to what is necessary; accurate; stored securely; and retained only as long as required.
4. Data Security
CFS uses secure systems including BreatheHR, access controls, password protection, and secure
storage to protect personal data.
5. Data Subject Rights
Individuals have rights including access, rectification, erasure, restriction, portability, and objection.
Requests are handled within statutory timeframes.
6. Data Breach Management
All data breaches are reported, investigated, and managed promptly in line with ICO requirements.
7. Data Transfers
Personal data is not transferred outside the UK unless appropriate safeguards are in place.
8. Training & Awareness
Staff receive training on data protection responsibilities and compliance.
9. Monitoring & Review
This policy is reviewed regularly to ensure ongoing compliance and improvement.
10. ICO Registration
CFS UK Services Limited is registered with the Information Commissioner’s Office (Reference:
ZB426817).
Signed: Sapna Chawla, Director