ACG Incorporated's Data Protection Commitments to You
We will, in relation to any Personal Data Processed by us on your behalf:
- Process that Personal Data only on your instructions or as otherwise agreed in writing with you, unless we are required by applicable laws to Process that Personal Data. When we rely on applicable laws to Process Personal Data on your behalf, we will promptly notify you of this before we carry out the Processing unless those applicable laws prevent us from doing so.
- ensure we have in place appropriate security measures to protect against unauthorized or unlawful Processing of Personal Data.
- ensure that everyone who has access to and/or Processes that Personal Data is obliged to keep the Personal Data confidential.
- not transfer any Personal Data outside of the European Economic Area without your consent. We will let you know if we change our data subcontractors, and you can object to any changes. We will remain fully responsible to you for the acts or omissions of our data subcontractors.
- help you, at your cost, in responding to any request from a Data Subject and in ensuring compliance with your obligations under the Data Protection Legislation in relation to security, breach notifications, impact assessments, audits, and consultations with supervisory authorities or regulators.
- notify you without undue delay upon becoming aware of a Personal Data breach.
- at your direction, delete or return the Personal Data and any copies we have to you on termination of the license or services agreement between us, unless we are required by applicable laws to store the Personal Data for longer.
- maintain complete and accurate records and information to demonstrate our compliance with this paragraph 1.1.
When we refer to “Data Protection Legislation” on this webpage, we mean:
- unless and until the GDPR is no longer directly applicable in the UK, the General Data Protection Regulation ((EU) 2016/679).
- any national implementing laws, regulations, and secondary legislation, as amended or updated from time to time, in the UK and then any successor legislation to the GDPR or the Data Protection Act 1998.
If we have capitalized something on this webpage, those words have the meaning given to them in the Data Protection Legislation.