Gulf Project Solutions – Privacy Policy

Gulf Project Solutions - Privacy Policy

1. Introduction

Gulf Project Solutions (GPS) is committed to ensuring the protection and privacy of personal data. This policy outlines the obligations and requirements of users, visitors, and the company concerning data protection under the General Data Protection Regulation (GDPR) (EU) 2016/679/ FAR 52.224-2 Privacy Act

2. Data Protection Principles

·         2.1. Lawfulness, Fairness, Transparency: Personal data will be processed lawfully, fairly, and in a transparent manner in relation to the data subject.

·         2.2. Purpose Limitation: Personal data will be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

·         2.3. Data Minimization: Personal data will be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.

·         2.4. Accuracy: Personal data will be accurate and, where necessary, kept up to date.

·         2.5. Storage Limitation: Personal data will be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

·         2.6. Integrity and Confidentiality: Personal data will be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

3. Lawful Basis for Processing

GPS processes personal data only when necessary for the purposes of legitimate interests pursued by GPS or a third party, except where such interests are overridden by the rights of the data subject. We will always inform data provider about the processing and the interests pursued.

4. Data Collected

As a data processor GPS collects personal data required to obtain Host Country Residency Permits, Host Country Driving Licenses,  Access US Military Installations, and to obtain Host National Required Health Insurance Policies. Data are required to sign a consent form acknowledging the specified use of the information.

5. Rights of Data Subjects

GPS acknowledges that data subjects have the right to access, rectify, erase, restrict processing, object to processing, and port their data. To exercise these rights, data subjects can submit a request to our Data Protection Officer via email at Privacy@gps-gulf.com. Requests will be processed within one month of receipt, as required by the GDPR.

6. Data Security

GPS has implemented physical, electronic, and managerial procedures to ensure the security of personal data. This includes:

·         Encryption of personal data during transit and at rest.

·         Limited access to personal data based on role-specific permissions.

·         Regular security training for all staff members to prevent accidental data breaches.

·         Regular audits of data processing activities and security controls.

·         Antivirus software and firewalls to prevent unauthorized access.

7. Data Breaches

In the event of a data breach, GPS has an internal protocol to manage such situations:  The breach will be contained immediately, and the IT team will assess the scope and impact.  The Data Protection Officer will notify the relevant supervisory authority within 72 hours, as required by the GDPR.  Affected data subjects will be notified without undue delay.  The cause of the breach will be identified and measures will be taken to prevent future occurrences.

8. Data Retention

GPS retains personal data only as long as necessary for the fulfillment of the purposes mentioned. We will periodically review the data we hold, and erase or anonymize it when data is no longer necessary.

9. International Data Transfers

If personal data is transferred outside of the EEA, we ensure that appropriate safeguards are in place as required by the GDPR. This may include data transfer agreements or other legal mechanisms.

10. Changes to this Policy

GPS reserves the right to modify this policy at any time. We will always update this policy on our website and notify you of any changes, so please check regularly for updates.

11. Data Protection Officer

GPS has appointed a Data Protection Officer who is responsible for overseeing GDPR compliance. For any queries or requests related to this policy or your personal data, please contact our Data Protection Officer at Privacy@gps-gulf.com.

12. Complaints

If you have a complaint about how we have handled your personal data, you can contact us at [Insert contact details here] and we will investigate the matter. If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can file a complaint with our supervisory authority.