GDPR Compliance Policy

Effective Date: 03.09.2025
Last Updated: 03.09.2025

1. Purpose

This policy outlines how The Knowledge Nexus complies with the UK General Data Protection Regulation (UK GDPR) and the EU GDPR. It sets out our approach to data protection, data subject rights, and our responsibilities as a data controller and processor.

2. Scope

This policy applies to all personal data processed by The Knowledge Nexus, including data from clients, suppliers, employees, and website visitors.

3. Legal Basis for Processing

We process personal data under one or more of the following lawful bases:

     Consent

     Contractual necessity

     Legal obligation

     Legitimate interest

4. Data Collection & Use

We collect personal data for purposes including:

      Responding to enquiries and providing consultancy services

      Managing client relationships and contracts

      Sending newsletters and updates (with consent)

      Improving our website and services

      Meeting legal and regulatory obligations

We do not sell personal data or use it for automated decision-making.

5. Data Subject Rights

Individuals have the right to:

      Access their personal data

      Request correction or deletion

      Object to or restrict processing

      Withdraw consent at any time

      Lodge a complaint with the ICO (UK) or relevant EU authority

Requests can be submitted to: enquiries@theknowledgenexus.co.uk

6. Data Retention

We retain personal data only as long as necessary for the purpose it was collected, or as required by law. Retention periods are reviewed annually.

7. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

      Secure cloud storage

      Access controls and encryption

      Staff training and confidentiality agreements

8. Third Parties & International Transfers

Where necessary, we share data with trusted third parties (e.g. IT providers, accountants) under written agreements. We do not transfer personal data outside the UK or EEA, and if this is required we will ensure adequate safeguards are in place.

9. Data Breach Protocol

In the event of a data breach, we will:

      Assess the risk and impact

      Notify affected individuals if required

      Report to the ICO within 72 hours (if applicable)

      Document the incident and response

10. Policy Review & Updates

This policy is reviewed annually or when significant changes occur in our processing activities or legal obligations.