GDPR Statement

J7 Enterprise Ltd General Data Protection Regulation Statement

The General Data Protection Regulation (GDPR) came into effect on 25th May, 2018. The UK government published the Data Protection Bill in September 2017, which will implement and supplement the GDPR in the UK.

All defined terms in this GDPR Statement shall have the meaning ascribed to them under the GDPR.

J7 Enterprise Ltd will in some instances act as a data processor and on some occasions act as a data controller and/or joint data controller. To ensure that there is consistency with regard to the statements it makes in relation to GDPR and to reinforce that J7 takes its obligations under the legislation very seriously, J7 advises that:

  1. When J7 Enterprise Ltd is acting as a Data Processor,J7 Enterprise Ltd will:
  2. not process personal data except on instructions from the data controller; and
  3. agree a data processing agreement with the relevant data controller;
  4. use reasonable endeavours to assist any controller, whose personal data it is processing, in fulfilling its obligations to respond to requests from data subjects; 
  5. implement and maintain an information security programme;
  6. ensure that people authorised to process personal data are subject to a duty of confidentiality; 
  7. co-operate with Supervisory Authorities;
  8. inform the controller without undue delay after becoming aware of any personal data breach.
  9. not sub contract processing activities without prior written authorisation from the relevant controller; and 
  10. put in place adequate processes to ensure that personal data is adequately protected if transferred outside the EU.
  11. When J7 Enterprise Ltd is acting as a Data Controller,J7 Enterprise Ltd will:
  12. process personal data in accordance with the principles and grounds for processing set out in the legislation; 
  13. provide the necessary information to data subjects when it collects personal data; 
  14. put in place processes and procedures to allow data subjects to exercise their data subject rights;
  15. put in place suitable measures to safeguard data subject’s rights where automated decision making is necessary; 
  16. embrace the concepts of privacy by design and default;
  17. agree a data processor agreement with any processors;
  18. co-operate with Supervisory Authorities;
  19. implement and maintain an information security programme;
  20. make all notifications required under the legislation upon becoming aware of any personal data breach which requires notification;
  21. where required will carry out Data Protection Impact Assessments;
  22. put in place adequate processes to ensure that personal data is adequately protected if transferred outside the EU.