top of page

Data Protection & GDPR Statement

PublicTec – Data Protection & GDPR Statement

Our Commitment to Data Protection

PublicTec is committed to protecting the privacy, confidentiality, and security of all personal data entrusted to us. We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, ensuring that data is handled lawfully, fairly, transparently, and securely at all times.

Data protection is integral to how we design, deliver, and operate our services.

 

Lawful Processing of Personal Data

PublicTec only collects and processes personal data where there is a clear and lawful basis to do so. This may include:

  • Performance of a contract

  • Compliance with a legal obligation

  • Legitimate interests (where these do not override the rights of the data subject)

  • Explicit consent from the data subject

Personal data is collected only for specified, explicit, and legitimate purposes and is not further processed in a manner incompatible with those purposes.

 

Data Minimisation and Purpose Limitation

We adhere to the principle of data minimisation and only collect data that is strictly necessary to deliver our services. Personal data is:

  • Relevant and limited to what is required

  • Accurate and kept up to date

  • Retained only for as long as necessary for the stated purpose

 

Data Security and Safeguards

PublicTec implements appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures include, but are not limited to:

  • Secure systems and access controls

  • Role-based access to data

  • Encryption where appropriate

  • Staff training and confidentiality obligations

  • Regular review of data protection practices

 

Data Sharing and Third Parties

PublicTec does not share, sell, or disclose personal data to third parties as part of its standard operations.

Exceptions

In the limited circumstances where data sharing is required, this will only occur when:

  • It is strictly necessary to deliver an agreed service and

  • There is a lawful basis for sharing and

  • Written consent has been obtained from the data subject, or the data controller where applicable

Any such data sharing will be clearly documented, limited in scope, and subject to appropriate contractual and security safeguards.

 

Consent and Transparency

Where consent is required, PublicTec ensures that it is:

  • Freely given

  • Specific and informed

  • Unambiguous

  • Recorded in writing

Data subjects have the right to withdraw consent at any time, without detriment.

 

Data Subject Rights

PublicTec fully respects the rights of data subjects under UK GDPR, including the right to:

  • Access their personal data

  • Request rectification or erasure

  • Restrict or object to processing

  • Request data portability

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

Requests relating to data protection rights will be handled promptly and in accordance with statutory timescales.

 

Accountability and Review

PublicTec takes accountability for its data protection responsibilities seriously. Our data handling practices are reviewed regularly to ensure ongoing compliance with GDPR and evolving best practice.

 

Contact

For any questions regarding data protection, privacy, or GDPR compliance, or to exercise your data protection rights, please contact PublicTec directly.

bottom of page