We ensure that personal data is processed according to applicable lawful bases, and apply internal processes that ensure compliance with local legislation.
We ensure that our clients are aware of their roles in protecting personal data, and work with them under defined contractual terms for the sharing of personal data.
Rights of Data Subjects
Amrop takes the individual rights of data subjects seriously. We respect individuals’ rights:
- to be informed about their data processing
- to have access to their personal data that we may hold
- to rectify and update their personal data
- to erase their data and be forgotten
- to restrict or object to the processing of their personal data.
When required, Amrop offices obtain valid consent from data subjects for the processing of their personal data.
Data Quality & Proportionality
Amrop believes that holding accurate, up-to-date data is fundamental to its successful performance as a business. We only collect data that is relevant for specific purposes related to our business, and do not retain data longer than necessary.
Amrop takes all necessary measures to ensure the security of data we process against unlawful access or loss, including specific actions related to potential data breaches. We have policies and processes in place for safeguarding data, devices and systems. We ensure that our 3rd party vendors are aware of their roles in data protection.
International Data Transfers
Some national or regional legislation requires that international transfers of personal data must include special safeguards and mechanisms to ensure that the ‘protection travels with the data’. Notably, under the GDPR, this applies to data that is transferred from the EEA to non-EEA countries.
Amrop offices have entered into mutual Standard Contractual Clauses in order to ensure the safe and efficient flow of personal data within our global organization.