AlOne Login
AlOne Login

Omnia Smart Technologies Limited

Data Protection Policy

The purpose of this policy is to set out how Omnia Smart Technologies Limited (“Omnia”) ensures compliance with the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018 and related legislation („data protection law‟).Data protection law applies to the storing or handling („processing‟) of information („personal data‟) about living identifiable individuals („data subjects‟).

Data Protection Principles

Omnia as Controller and in cases, Processor, must be able to demonstrate compliance with data protection law. This policy outlines Omnia‟s compliance with Article 5 of the UK GDPR and Data Protection Principles in that data shall be:
  • processed lawfully, fairly and in a transparent manner
  • collected for specified, explicit and legitimate purposes
  •  adequate, relevant and limited to what is necessary in relation to the purposes for
    which they are processed
  • accurate and, where necessary, kept up to date
  • kept for no longer than is necessary for the purposes for which the personal data
    are processed;
  • processed in a manner that ensures appropriate security.
  • Omnia will ensure that all personal data will comply with the above principles and
    ensure it satisfies one of the lawful grounds for processing set out below.
Omnia will ensure that all personal data will comply with the above principles and ensure it satisfies one of the lawful grounds for processing set out below.

Processing Data Lawfully

Omnia will ensure that it has a „lawful basis‟ or „grounds for processing‟before legally processing personal data. There are six (6) different grounds for processing:
  • Consent – the individual/data subject has freely given their consent to the processing and data must be collected through a clear affirmative action;
  • Contractual – processing is necessary for the performance of a contract or agreement to which the individual is party or is required prior to entering into a contract;
  • Legal Requirement – processing is necessary for compliance with a legal obligation to which the individual is subject;
  • Public Interest – processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • Legitimate Interests – processing is necessary for the purposes of the legitimate interests of the organisation or a third party where the interest and rights and freedoms of the individual are not overridden, and the data is used in ways which people would reasonably expect;
  • Vital Interests – processing is necessary to protect the vital interests of the individual or of another person.

Legitimate Purpose

Omnia will ensure that personal data collected is necessary for processing and not further processed in a manner that is incompatible with those purposes; under UK GDPR further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes. Omnia will communicate in a clear and transparent manner ensuring that all data subjects are informed of the purpose for their data being processed and only use their personal data in a way that the data subject expects and with accordance to their rights.

Adequacy and Relevance

Omnia will ensure that the data processed will be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed, and those purposes will be transparent and clear. If intentions are to use the data for any other purpose data subjects are informed and have the right to object.

Retention Periods

Omnia will not store data for any time longer than necessary or if the data subject withdraws consent or objects to its processing (unless there is another legal ground to justify its retention). As a general rule, when personal data is no longer needed for the purposes for which it was collected, this personal data should be securely destroyed as soon as practicable.

Data Security

Omnia depends on information and communications technology systems to operate its business and administrative functions. Security of these systems, the hardware and networks on which they reside and the data which they host is necessary both to
honour Omnia‟s obligations to providers of data (employees, suppliers, customers and sub-contractors) as required under UK GDPR (Articles 25 and 32) and to protect Omnia‟s systems and data from damage loss or corruption whether it be accidental or deliberate.

Omnia employs best practice measures to ensure data security within its business, such measures include the use of strong passwords and encryption, Data is backed
up in line with Omnia’s backup procedures. All servers and PCs containing sensitive data are protected by security software and strong firewall.

Data Security

In the usual course of business Omnia will not transfer data to any country outside the United Kingdom. If Omnia transfers any personal data outside the United Kingdom it will ensure that the personal data once transferred is subject to an adequate level of protection
(whether through an adequacy decision or the implementation of appropriate safeguards) and enforceable data subject rights and effective legal remedies for data subjects are available.

Disclosure to Third Parties

  • Due diligence – Omnia will select a third-party supplier who provides sufficient guarantees with respect to data security and the handling of personal data generally. (This is separate from and additional to any assessment that may be required in respect of a transfer of personal data outside the United Kingdom).
  • Contractual obligations – Omnia will ensure that there is a written contract in place with any third-party supplier which includes specific data privacy obligations protecting personal data (including the mandatory data processor terms from Article 28 of UK GDPR if it is appointing a processor to process personal data on behalf of Omnia).
  • Information and audit – Omnia will take steps to monitor any third-party‟s compliance with its contractual and legal commitments in relation to data protection law through the exercise of information requests and audit rights;
  • International transfers – If engaging a third-party Omnia will involve personal data being processed outside the United Kingdom, additional contractual safeguards will be put in place giving appropriate protection according to the country where such data processing will take place.

Upholding Rights And Freedoms

Individuals have the following legal rights in relation to their personal data:
  • Right to be informed – Omnia will give individuals very specific information about how it processes their personal data, to ensure that its processing is fair and
    transparent.
  • Right of access – Individuals are entitled to receive confirmation from Omnia as to whether or not it is processing personal data about them and, if it is, to access itand be provided with certain information in relation to it, such as the purpose(s) for which it is processed, the persons to whom it is disclosed and the period for which i it will be stored. Omnia has in place processes to respond to requests for what information it is holding (Subject Access Requests);
  • Right to rectification – Individuals can require Omnia to correct any inaccuracies without undue delay;
  • Right to erasure – Individuals can require Omnia to erase their personal data, without undue delay, if Omnia no longer require it for the purpose for which they have it or if it is being unlawfully processed or if erasure is required to comply with a legal obligation to which Omnia are subject. There are some exceptions to this right (i.e. the “right to be forgotten”);
  • Right to restrict processing – Individuals can require Omnia to restrict processing in certain circumstances including if the personal data is inaccurate or if the processing is unlawful;
  • Right to data portability – Individuals can, in certain circumstances, receive the personal data in a structured, commonly used and machine-readable format so
    that it can be transferred to another provider;
  • Right to object – individuals have the right to object to processing where Omnia‟s lawful basis is legitimate interests or where Omnia directly market to them;
  • Rights related to automated decision making – Individuals can object to: (i) any decision Omnia makes which is based solely on “automated processing” (i.e. without any human involvement) subject to some limits and exceptions to this right; and (ii) Omnia processing their personal data where it is relying on the lawful basis that its processing is necessary for a legitimate interest;
  • Right to withdraw consent – Individuals have the right to withdraw their consent to Omnia‟s processing of their personal data at any time. If this happens, Omnia will stop processing their personal data unless there is another lawful basis Omnia can rely on – in which case, Omnia will inform the individual.

Upholding Rights And Freedoms

A personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
This includes breaches that are the result of both accidental and deliberate causes. It also means that a breach is more than just about losing personal data.
UK GDPR requires that a breach must be reported to the Information Commissioner‟s Office (“ICO”) unless the personal data breach is unlikely to result in
a risk to the rights and freedoms of individuals. The timeframes for reporting to the ICO are without undue delay and, where feasible, not later than seventy two (72)
hours after having become aware of the personal data breach. The timeframe for reporting to data subjects is without undue delay.
Omnia will risk assess as to whether any individuals, third parties or other stakeholders should be notified of the breach in accordance with the legislation. This
will depend on the nature of the breach; any notification must be carefully managed. It is important to build a detailed understanding of the breach quickly to avoid
providing misinformation when notifying; Where it is not possible to provide complete information in relation to a breach, the ICO requires that information is be provided in phases as it becomes available without undue further delay.

Upholding Rights And Freedoms

A Data Protection Impact Assessment (“DPIA”) is a methodology or tool used to identify and reduce the privacy risks of individuals when planning projects or policies that involve the processing of personal data. Omnia manages all new data assessments through its DPIA management process which is based upon the ICO template and guidance, adapted to suit each project. Where the context is relevant for a particular project Omnia will develop a DPIA in conjunction with the Customer and/or other project partners.

Privacy by Design

Omnia has a general obligation to implement technical and organisational measures to show that it has considered and integrated data protection into its personal data processing activities (e.g. when building new IT systems for storing or accessing personal data; developing policies or strategies that have privacy implications; embarking on a data sharing initiative; or using data for new purposes). Privacy by design means that Omnia identifies and minimises the data protection risks of a project or new initiative.

Privacy by Default

Omnia will implement appropriate technical and organisational measures to ensure that, by default, it only processed personal data which are necessary for each specific purpose of the processing.

Training

Omnia will ensure that training and information will be made available to all its employees and sub-contractors in relation to compliance with data protection law and such training will be updated and refreshed on a regular basis. Omnia will keep appropriate records of such training it provides.

Governance

Omnia‟s MD on behalf of the Omnia Board acts as its data protection officer and is responsible for the following governance measures in relation to this Policy:
  • overseeing changes to systems and processes;
  • monitoring compliance with the UK GDPR and the Data Protection Act 2018;
  •  completing DPIAs;
  • reporting on data protection and compliance with legislation to the Omnia board
    and wider business, as appropriate;
  • liaising, if required, with the Information Commissioner‟s Office (ICO).

Review

Omnia will regularly test the privacy measures implemented and conduct periodic reviews and audits to assess compliance, including using results of testing to demonstrate compliance improvement effort. This Policy will be reviewed by Omnia‟s MD and board of directors on a regular basis (at least annually) and may be amended from time to time.

Do you want to be updated on our

journey? Subscribe now

At Omnia, we believe that the future of fleet management lies in advanced technology, and we are dedicated to delivering that future to you. Our team of experts has worked tirelessly to develop an efficient and cost-effective solution to meet the growing needs of the transportation industry.
Company
Contact info
Stay Connected
© 2023 by Omnia Smart Technologies.