GDPR Compliance Policy

Effective Date: 03.09.2025
Last Updated: 03.09.2025

1. Purpose

This policy outlines how The Knowledge Nexus complies with the UK General Data Protection Regulation (UK GDPR) and the EU GDPR. It sets out our approach to data protection, data subject rights, and our responsibilities as a data controller and processor.

2. Scope

This policy applies to all personal data processed by The Knowledge Nexus, including data from clients, suppliers, employees, and website visitors.

3. Legal Basis for Processing

We process personal data under one or more of the following lawful bases:

  •      Consent

  •      Contractual necessity

  •      Legal obligation

  •      Legitimate interest

4. Data Collection & Use

We collect personal data for purposes including:

  •       Responding to enquiries and providing consultancy services

  •       Managing client relationships and contracts

  •       Sending newsletters and updates (with consent)

  •       Improving our website and services

  •       Meeting legal and regulatory obligations

We do not sell personal data or use it for automated decision-making.

5. Data Subject Rights

Individuals have the right to:

  •       Access their personal data

  •       Request correction or deletion

  •       Object to or restrict processing

  •       Withdraw consent at any time

  •       Lodge a complaint with the ICO (UK) or relevant EU authority

Requests can be submitted to: enquiries@theknowledgenexus.co.uk

6. Data Retention

We retain personal data only as long as necessary for the purpose it was collected, or as required by law. Retention periods are reviewed annually.

7. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

  •       Secure cloud storage

  •       Access controls and encryption

  •       Staff training and confidentiality agreements

8. Third Parties & International Transfers

Where necessary, we share data with trusted third parties (e.g. IT providers, accountants) under written agreements. We do not transfer personal data outside the UK or EEA, and if this is required we will ensure adequate safeguards are in place.

9. Data Breach Protocol

In the event of a data breach, we will:

  •       Assess the risk and impact

  •       Notify affected individuals if required

  •       Report to the ICO within 72 hours (if applicable)

  •       Document the incident and response

10. Policy Review & Updates

This policy is reviewed annually or when significant changes occur in our processing activities or legal obligations.