Green Postie GDPR Compliance and Data Protection Policy

Green Postie is committed to safeguarding the privacy and security of personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy outlines how Green Postie ensures compliance with these regulations, protects the rights of users, and maintains the highest standards of data protection across its services.

Data protection is a fundamental aspect of Green Postie’s operations, ensuring that all personal information is handled responsibly, securely, and transparently. The company prioritizes the security of user data while maintaining compliance with relevant legal requirements and industry best practices. This document provides a comprehensive overview of Green Postie's commitment to GDPR compliance, user rights, lawful processing, and data security measures.

Alignment with UK GDPR and the Data Protection Act 2018

1. Principles of Data Protection

Green Postie adheres to the seven key principles of data protection under UK GDPR, ensuring that all personal data processing activities comply with these fundamental guidelines:

  1. Lawfulness, fairness, and transparency – Data is collected and processed in a lawful, fair, and transparent manner, with users informed about how their data will be used.

  2. Purpose limitation – Data is collected for specified, explicit, and legitimate purposes, and is not processed in a way that is incompatible with these purposes.

  3. Data minimization – Green Postie only collects the minimum amount of personal data necessary to provide its services and fulfill its legal obligations.

  4. Accuracy – Ensuring that personal data remains accurate, complete, and up to date, with mechanisms for users to update or correct their information when necessary.

  5. Storage limitation – Personal data is retained only for as long as necessary to fulfill its intended purpose, after which it is securely deleted or anonymized.

  6. Integrity and confidentiality (security) – Appropriate technical and organizational measures are implemented to protect personal data from unauthorized access, loss, or misuse.

  7. Accountability – Green Postie is responsible for demonstrating compliance with UK GDPR, maintaining documentation and evidence of data protection efforts.

2. Lawful Basis for Processing Data

Green Postie ensures that all personal data processing is conducted under a valid legal basis, in accordance with UK GDPR. The key lawful bases under which Green Postie processes data include:

  • Contractual necessity – Processing is required to provide Green Postie services, such as creating user accounts and delivering email communication.

  • Legal obligation – Green Postie complies with legal and regulatory requirements, such as responding to requests from law enforcement or government authorities.

  • Legitimate interests – Data processing is carried out when it is necessary for security measures, fraud prevention, service improvement, and operational efficiency.

  • Consent – Where applicable, Green Postie obtains explicit user consent before processing data for specific purposes, such as marketing communications.

3. Individual Rights Under UK GDPR

Under UK GDPR and the Data Protection Act 2018, users have a range of rights regarding their personal data. Green Postie upholds these rights and ensures users can exercise them easily:

  • Right to be informed – Users receive clear and accessible information on how their data is collected and processed.

  • Right of access – Users can request a copy of their personal data held by Green Postie.

  • Right to rectification – Users can correct any inaccurate or incomplete data.

  • Right to erasure ('Right to be forgotten') – Users can request the deletion of their data when it is no longer necessary or where processing is based on consent.

  • Right to restrict processing – Users can request that their data be processed only for specific purposes or under certain conditions.

  • Right to data portability – Users can request their data in a structured, commonly used, and machine-readable format.

  • Right to object – Users can object to processing based on legitimate interests, including direct marketing.

  • Rights related to automated decision-making and profiling – Users are protected against decisions made solely by automated means without human intervention.

Green Postie provides users with a simple process for submitting requests related to their data rights, ensuring compliance with response timeframes outlined in UK GDPR.

4. Data Security and Storage

Green Postie prioritizes data security and implements robust measures to protect personal data from unauthorized access, loss, or corruption. Security measures include:

  • Encryption – Personal data is encrypted both in transit and at rest to prevent unauthorized access.

  • Access controls – Strict user authentication and role-based permissions ensure that only authorized personnel can access sensitive data.

  • Regular security audits – Ongoing assessments and penetration testing help identify vulnerabilities and enhance security.

  • Data retention policies – Data is stored only for the necessary duration, after which it is securely deleted or anonymized.

  • Secure backup systems – Regular data backups are performed to prevent data loss in case of a security incident or system failure.

  • Employee training – Staff handling personal data receive training on best practices and security protocols to maintain compliance and prevent breaches.

5. Data Breach Notification

In the event of a data breach, Green Postie follows a structured incident response procedure in compliance with UK GDPR:

  • Any breach that may pose a risk to users’ rights and freedoms is reported to the Information Commissioner’s Office (ICO) within 72 hours of discovery.

  • If the breach poses a significant risk to affected individuals, Green Postie promptly notifies them with relevant details and guidance on protective measures.

  • Affected users receive clear instructions on how to mitigate potential risks associated with the breach.

  • A thorough investigation is conducted to determine the cause of the breach, and corrective measures are implemented to prevent future incidents.

6. Data Protection Officer (DPO) and Accountability

Green Postie appoints a Data Protection Officer (DPO) responsible for overseeing compliance with UK GDPR and ensuring that all data protection policies are followed. The DPO’s responsibilities include:

  • Monitoring compliance with data protection laws and regulations.

  • Advising on best practices and guiding the company’s approach to GDPR compliance.

  • Responding to user inquiries and handling data-related complaints.

  • Conducting internal audits to ensure continuous compliance.

  • Liaising with the ICO and relevant authorities in case of regulatory inquiries.

Additionally, Green Postie maintains detailed records of all data processing activities, including data collection, storage, sharing, and security measures. This documentation supports accountability and demonstrates compliance with regulatory requirements.

Conclusion

Green Postie is committed to upholding the highest data protection standards, ensuring full compliance with UK GDPR and the Data Protection Act 2018. By implementing strict security measures, maintaining transparency, and respecting user rights, Green Postie fosters a secure and trustworthy environment for its users.

Users are encouraged to review Green Postie’s Privacy Policy for additional details on data processing activities. For any concerns, questions, or data requests, users can contact Green Postie’s Data Protection Officer at support@greenpostie.co.uk.