Surplush is committed to protecting the privacy and data of its employees, customers, and other stakeholders. This GDPR policy outlines our commitment to comply with the General Data Protection Regulation (GDPR) and to safeguard the personal data we process.
This policy applies to all employees, contractors, and any third parties who process personal data on behalf of Surplush.
Surplush adheres to the following principles of data protection:
Data subjects have the following rights under GDPR:
Surplush has implemented appropriate technical and organisational measures to protect personal data against data breaches, unauthorised access, and other security threats.
Any suspected or actual data breach must be reported to Surplush's Data Protection Officer and relevant authorities within 72 hours of becoming aware of the breach.
All employees and relevant third parties will receive training on data protection and GDPR compliance.
This GDPR policy will be reviewed and updated as needed to ensure compliance with evolving data protection regulations.
For questions or concerns regarding this policy or data protection matters, please contact our Data Protection Officer at info@surplush.co.uk
Last updated: February 2025