Kingston Landscape Group – Data Protection Policy
Effective Date: 2nd June 2025 Review Date: 2nd June 2026 Approved by: Abbey Swanson
1. Introduction
Kingston Landscape Group (“the Company”) is committed to protecting the personal data of its employees, clients, suppliers, and all other stakeholders. This Data Protection Policy outlines our commitment to privacy and explains how we collect, use, store, and share personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Scope
This policy applies to all employees, contractors, and third parties who process personal data on behalf of Kingston Landscape Group. It covers all personal data processed in any form – whether digital, paper, verbal, or other.
3. Definitions
- Personal Data: Any information relating to an identified or identifiable natural
- Processing: Any operation performed on personal data, including collection, use, storage, sharing, or deletion.
- Data Subject: The individual to whom the personal data
- Data Controller: Kingston Landscape Group, which determines the purposes and means of processing personal data.
- Data Processor: Any third party who processes data on behalf of Kingston Landscape
4. Data Protection Principles
We adhere to the following data protection principles:
1. Lawfulness, fairness, and transparency
We process personal data lawfully, fairly, and in a transparent manner.
2. Purpose limitation
We collect data only for specified, explicit, and legitimate purposes.
3. Data minimisation
We collect only the data necessary for the intended purpose.
4. Accuracy
We ensure personal data is accurate and kept up to date.
5. Storage limitation
We retain personal data only as long as necessary.
6. Integrity and confidentiality
We ensure security of personal data through technical and organizational measures.
7. Accountability
We take responsibility for and can demonstrate compliance with data protection laws.
5. Lawful Basis for Processing
We process personal data under one or more of the following lawful bases:
- Consent
- Contractual necessity
- Legal obligation
- Vital interests
- Legitimate interests
- Public task (where applicable)
6. Data Subject Rights
Data subjects have the following rights under the GDPR:
- Right to access
- Right to rectification
- Right to erasure (the “right to be forgotten”)
- Right to restrict processing
- Right to data portability
- Right to object
- Rights in relation to automated decision-making and profiling
Requests can be submitted to: abbey@klguk.com for internal queries and opt outs or Sales@klguk.com for client / external queries / Opt outs
7. Data Collection and Use
We may collect and process the following categories of personal data:
For Clients:
- Name, contact details, address
- Project details
- Payment information
For Employees:
- HR records
- Payroll and bank details
- Emergency contacts
For Suppliers/Contractors:
- Business contact details
- Bank information
8. Data Security
We implement appropriate security measures including:
- Password-protected systems
- Secure storage of paper files
- Data encryption
- Regular access reviews
- Staff training
9. Data Breach Response
In the event of a data breach, we will:
- Contain and assess the breach
- Notify affected individuals if there is a high risk
- Notify the ICO within 72 hours if required
- Maintain a record of all data breaches
10. Data Retention
We retain personal data only as long as necessary for the purposes for which it was collected, and in line with statutory requirements. A Data Retention Schedule is available upon request.
11. Responsibilities
- Data Protection Officer (if appointed): Abbey Swanson
- Management: Ensure implementation and compliance
- Employees: Follow the policy and report concerns
12. Training and Awareness
All staff receive training on data protection principles and are required to acknowledge their understanding and compliance with this policy.
13. Policy Review
This policy will be reviewed annually or when there are significant changes to data protection law or the Company’s operations.
14. Contact Information
For questions or concerns about this policy, contact:
