Company Contact Details:
River Stewardship Company in association with CyanSec Ltd.
Unit 1 Newhall Road Industrial Estate
A copy of our complete GDPR Policy Set can be requested using the contact details above.
The Purposes of the Processing and Legal Basis:
River Stewardship Company is a social enterprise and company limited by guarantee, delivering commercial watercourse maintenance and community engagement. The River Stewardship Company employs paid staff on a variety of contracts (permanent, fixed-term and zero-hours), as well as working with volunteers.
The company holds the personal data of its paid and voluntary staff for payment processing and working patterns only. The only other contact by opt-in for newsletters is provided electronically.
Data Protection Objectives:
Necessary processing tasks are reviewed every month. System updates and processes are reflected within the full GDPR policy as data sets, also available upon request using the contact details above.
Management access levels are restricted to admin staff only.
GDPR metrics have been recently implemented, and the company has been provided with a monitoring framework to revise privacy and quality control to conform to the EU regulation from 25th May 2018.
Password policies follow the standard strong password procedure and data is kept secure, with several backup and perimeter hardening controls to prevent damage or breach.
Collection of data is on request only and the company communicates casual data using Mailchimp.
Other necessary tasks are addressed on individual merit.
Advertising of services is supported on the public-facing company domain and social media including Twitter, Instagram, Facebook and LinkedIn. No personal data is permitted on any of these platforms.
Data Analysis and Retention:
Retention of private data by legal obligation is kept for six years following termination of services as an employee, either paid or voluntary.
There is no special data and the company’s policy of data retention has been classed as very LOW risk.
SARs (Subject Access Requests):
Subjects have the right to obtain data that the company holds on them at any point. This can be obtained from the contact information at the top of this page.
Data portability is provided in a range of formats, via the online portal, emailed and encrypted PDF, or a one-time pad link to enable security.
Data can be provided in the form of writing or via telephone conversation.
Data can be withdrawn at any point from the storage by means of service termination, but will remain in archive for the legal duration of six years for employees.
The right to complain must in the first instance be through support offered via the website contact page or email directly to email@example.com
If this cannot be resolved, the subject may escalate to the RSC Chair.
Following unresolved dispute from this point, please refer to the Terms and Conditions included at the footer of the main website to proceed with legal escalation.
The right to restrict processing can be made with immediate effect any point of your choosing.
The right to rectification can be made with immediate effect following the discovery of any inaccurate information we hold.
This rectification may only be permitted by the subject themselves.
SARs are logged on request.