Personal Data Protection Policy

Version: 1.0
Effective Date: 13th May 2025
Owner: Justin Norton
Company: J Norton Interactive Design LTD

1. Purpose

This policy defines how J Norton Interactive Design LTD handles personal data in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR). It ensures that personal data is processed lawfully, transparently, and securely.

2. Scope

This policy applies to all personal data processed by J Norton Interactive Design LTD, including client data, website visitors' data, and any personal data processed as part of consultancy or development services.

3. Roles and Responsibilities

  • Data Protection Lead: Justin Norton
    • Ensures compliance with this policy and relevant data protection laws
    • Maintains documentation of processing activities
    • Responds to data subject requests
    • Provides guidance on data protection issues

All staff, contractors, or subcontractors must adhere to this policy.

4. Data Protection Principles

J Norton Interactive Design LTD commits to the following principles:

  1. Lawfulness, Fairness, Transparency – Personal data is processed lawfully, fairly, and in a transparent manner.
  2. Purpose Limitation – Data is collected for specified, explicit, and legitimate purposes.
  3. Data Minimization – Only the minimum data necessary is collected and processed.
  4. Accuracy – Personal data is kept accurate and up to date.
  5. Storage Limitation – Data is retained only as long as necessary.
  6. Integrity and Confidentiality – Data is processed securely to prevent unauthorized access or loss.

5. Lawful Basis for Processing

Personal data is processed based on one or more of the following:

  • Consent
  • Contractual necessity
  • Legal obligation
  • Legitimate interests (where applicable)

6. Data Subject Rights

We respect individuals’ rights to:

  • Access their personal data
  • Correct inaccuracies
  • Erase data ("right to be forgotten")
  • Restrict processing
  • Object to processing
  • Data portability

Requests can be made via [email protected]. Responses will be provided within 30 days.

7. Data Security Measures

We implement appropriate technical and organizational measures:

  • Secure local and cloud storage (e.g. encrypted services)
  • Password management and access control
  • Regular backups
  • Device encryption and antivirus
  • Secure code and development practices

8. Data Breach Response

In the event of a data breach:

  • The Data Protection Lead will assess the breach
  • Where required, relevant authorities and affected individuals will be notified within 72 hours

9. Third-Party Processors

We only engage third-party processors who comply with GDPR and offer adequate data protection guarantees. All processors are under written agreements that reflect data protection obligations.

10. Policy Review

This policy is reviewed annually or whenever significant changes occur in our data processing activities.

Approved by:
Mr Justin Norton
13/05/2025