info@adlinx.co.uk
0161 519 0454
Facebook Map-marker-alt
Contact Us
Contact Us

Data Protection Policy

Data Protection Policy 2025 – Adlinx Ltd

  1. Purpose
    This Data Protection Policy sets out how Adlinx Ltd ensures compliance with the UK
    General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA
    2018). It outlines the standards and principles for protecting personal data processed by
    the company.
  2. Scope
    This policy applies to:
  • All employees, temporary workers, contractors, and third-party service providers.
  • All personal data processed by Adlinx Ltd, whether held electronically or in hard copy.
  • All operations and systems that collect, store, transfer, or otherwise process personal data.
  1. Definitions
  • Personal Data: Information relating to an identified or identifiable natural person.
  • Special Category Data: Includes data revealing racial/ethnic origin, political opinions,
    religious beliefs, health, genetic or biometric data.
  • Data Subject: The individual whose data is being processed.
  • Processing: Any action taken with data, including collection, use, storage, alteration, and
    deletion.
  • Data Controller: Determines the purposes and means of processing.
  • Data Processor: Processes personal data on behalf of the controller.
  1. UK GDPR Principles
    All personal data must be processed in line with the following UK GDPR principles:
  2. Lawfulness, Fairness, and Transparency
  3. Purpose Limitation
  4. Data Minimisation
  5. Accuracy
  6. Storage Limitation
  7. Integrity and Confidentiality (Security)
  8. Accountability
  9. Lawful Bases for Processing
    Adlinx Ltd will only process personal data when a lawful basis under UK GDPR applies,
    including:
  • Consent
  • Contractual necessity
  • Legal obligation
  • Vital interests
  • Public task
  • Legitimate interests (with appropriate assessments)
  1. Data Subject Rights (UK Specific)
    Under the UK GDPR, data subjects have the following rights:
  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to erasure (“right to be forgotten”)
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Rights related to automated decision-making and profiling
    Requests must be responded to within one calendar month, and procedures are in place to
    verify identity and log responses.
  1. Roles and Responsibilities
  • Data Protection Officer (DPO): Oversees compliance and handles data subject requests and
    breach notifications.
  • All Employees: Must adhere to this policy and undertake regular data protection training.
  • Managers: Ensure their teams implement and maintain compliant data practices.
  1. Data Handling and Security
  • Personal data must be protected with appropriate technical and organisational security
    measures.
  • Systems must use encryption, secure access controls, and up-to-date antivirus protection.
  • Data access is based on job necessity (“least privilege” model).
  1. Data Breaches
    In the event of a personal data breach:
  • Employees must immediately report the breach to the DPO.
  • The DPO will assess the breach and, if necessary, report to the Information
    Commissioner’s Office (ICO) within 72 hours.
  • Affected data subjects will be informed when required.
  1. Data Retention
  • Retention schedules will be defined per data category.
  • Personal data must not be retained longer than necessary.
  • Secure disposal methods (shredding, digital wiping) will be used when data is no longer
    required.
  1. Third-Party Data Processors
  • All data processors must sign a Data Processing Agreement (DPA).
  • Due diligence must be performed to ensure third-party compliance with UK GDPR.
  1. International Data Transfers
    [Company Name] will not transfer personal data outside the UK unless:
  • The country has an adequacy decision from the UK government, or
  • Appropriate safeguards are in place (e.g., International Data Transfer Agreement (IDTA),
    Binding Corporate Rules)
  1. Training and Awareness
  • All staff will undergo data protection training on induction and annually thereafter.
  • Regular updates and reminders will be issued regarding best practices and regulatory
    changes.
  1. Monitoring and Review
    This policy will be:
  • Reviewed annually or upon significant legal or business changes.
  • Monitored for effectiveness through audits and incident tracking.
  1. Contact
    For data protection enquiries or to exercise your data rights:
    Data Protection Officer (DPO)
    Michele Oldfield
    info@adlinx.co.uk
    0161 519 0454
Facebook

About Us

AdlinX, your destination for web design, social media management, lead generation, SEO, and marketing solutions. With over three decades of industry expertise, we’ve established ourselves as the go-to choice for businesses of all sizes across the United Kingdom.

Sitemap

Address

Office

Worsley Golf Club Business Centre, Stableford Ave, Eccles, Manchester M30 8AP

© 

2025

Adlinx | All rights reserved.

Book a demo