Data Protection & GDPR Policy

Omfys Technologies UK Ltd is committed to protecting the privacy and security of personal data. The company processes personal information in accordance with applicable data protection laws, including the UK General Data Protection Regulation and the Data Protection Act 2018.

The company ensures that personal data is handled responsibly, transparently, and securely across all its operations and digital platforms.

• Ensure compliance with UK data protection legislation
• Protect personal data processed by the company
• Establish clear principles for the collection, use, storage, and sharing of data
• Promote transparency and accountability in data processing activities

This policy applies to:

• Directors and employees
• Contractors and consultants
• Third-party service providers
• All personal data processed by Omfys Technologies UK Ltd in the course of its business operations

This includes data processed through digital platforms such as eMigrant and other company systems.

Personal data refers to any information relating to an identified or identifiable individual.

Examples include:

• names and contact details
• identification documents
• employment information
• visa or immigration-related data
• financial or transactional data
• digital identifiers such as IP addresses

Certain categories of data, such as health or biometric data, may be considered special category data and require additional safeguards.

Personal data processed by the company may rely on one or more lawful bases including:

• contractual necessity
• legitimate business interests
• legal or regulatory obligations
• consent where required

Omfys Technologies UK Ltd implements appropriate technical and organisational measures to protect personal data.

These may include:

• secure cloud-based systems
• controlled access to sensitive information
• encryption and secure data storage
• regular monitoring of system access and security

Employees and contractors are required to handle personal data securely and responsibly.

Personal data will only be shared with third parties when necessary and lawful.

Third parties receiving data must:

• comply with applicable data protection regulations
• process the data only for agreed purposes
• implement appropriate security measures

Examples may include regulatory authorities, service providers, or professional advisers.

Personal data will be retained only for as long as necessary to fulfil its intended purpose or to comply with legal obligations.

Retention periods may vary depending on regulatory requirements, contractual obligations, or operational needs.

Individuals whose data is processed by the company have certain rights under data protection laws, including:

• the right to access their personal data
• the right to request correction of inaccurate data
• the right to request deletion of data in certain circumstances
• the right to restrict or object to processing
• the right to data portability where applicable

Requests will be handled in accordance with legal requirements.

Any suspected data breach must be reported immediately to company management.

The company will assess the breach and take appropriate action, including notifying relevant authorities if required by law.

All employees and contractors must comply with this policy when handling personal data.

Management is responsible for ensuring appropriate governance and oversight of data protection practices.

This policy will be reviewed periodically to ensure continued compliance with applicable laws and evolving best practices.