GDPR Compliance Statement 

1. Purpose and scope 
This document provides a statement of compliance for Broadleaf Global Limited (“Broadleaf”) with respect to the General Data Protection Regulation (GDPR). This document is intended to supplement but not replace any other policy in place by Broadleaf.

2. Statement of Compliance
Broadleaf are Controllers of our client, supplier and partner contact information required to manage and deliver services under contract with Broadleaf, and Controllers for personnel information in relation to Broadleaf employees. If you have questions about Broadleaf’s GDPR and data protection activities, please contact our Data Protection Office at dpo@broadleafglobal.net

2.1 Commitment
‍Broadleaf is committed to the principles inherent to the GDPR and particularly the concepts of privacy by design, the right to be forgotten, consent, and a risk-based approach. In addition, we aim to ensure:
‍
• Transparency with regard the use of data.
• Any processing is lawful, fair, transparent and necessary for a specific purpose.
• Data is accurate, kept up-to-date, and removed when no longer necessary.
• Data is kept safely and securely. 

2.2 Safeguarding measures 
‍Broadleaf takes the privacy and security of individuals and their personal information very seriously and takes every reasonable measure and precaution to protect and secure the personal data that we process. We have policies, procedures, and logical and physical measures in place to protect personal information from unauthorised access, alteration, disclosure or destruction. We comply with the standards of and are certified under the UK National Cyber Security Centre (NCSC) Cyber Essentials Plus scheme. We are registered with the UK Information Commissioners Office (reference number ZA765114).

2.3 Data subject rights 
In addition to the measures outlined above, we recognise the rights of data subjects that data processors must uphold:
‍
• What personal data we hold about them.
• The purposes of the processing.
• The categories of personal data concerned.
• The recipients to whom the personal data has/will be disclosed.
• How long we intend to store your personal data for.
• If we did not collect the data directly from them, information about the source.
• The right to have incomplete or inaccurate data about them corrected or completed and the process for requesting this.
• The right to request erasure of personal data (where applicable) or to restrict processing in accordance with the data protection laws, as well as to object to any direct marketing from us and be informed about any automated decision-making that we use.
• The right to lodge a complaint.
‍
2.4 Third party processing 
‍Where we store or transfer personal information outside the EU, we have safeguarding measures in place to secure, encrypt and maintain the integrity of the data. We carry out checks with all recipients of personal data to assess and verify that they have appropriate safeguards in place to protect the information.

‍2.5 Privacy Policy
Our privacy policy is available at: https://www.broadleafglobal.net/privacy-policy.

‍2.6 Contact Information
Should you require any further information about Broadleaf’s GDPR and data protection activities, please feel free to contact us using the following information:
‍
Data Protection Office
Broadleaf Global Limited
The Rectory, 1 Toomers Wharf,
Canal Walk, Newbury
Berkshire RG14 1DY
United Kingdom

Phone: +44 (0) 1635 936 720
Email: dpo@broadleafglobal.net


‍


‍