Data Protection Policy

Data Protection Policy

October 2025

At Bedrock Ltd (“Bedrock”, “we”, “us”, or “our”), we are committed to protecting personal data and respecting the rights of individuals. We process personal information responsibly and securely in line with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the NHS Data Security and Protection Toolkit (DSPT) standards. 

This policy explains how we protect the personal information we handle as part of our business activities, including when you use our website or engage with our services. 


Our Data Protection Principles 

We apply the following principles whenever we process personal data: 

  • Lawful, Fair & Transparent — We process personal information only where there is a clear and lawful reason. 

  • Purpose Limitation — We only use personal data for the purposes for which it was collected. 

  • Data Minimisation — We collect only what is needed to deliver our services effectively. 

  • Accuracy — We keep information accurate and up to date. 

  • Storage Limitation — We retain personal data only for as long as necessary to meet legal or business requirements. 

  • Security & Confidentiality — We protect data through appropriate technical and organisational security controls. 

  • Accountability — We take responsibility for complying with UK data protection law. 


How We Protect Personal Data 

We use a range of security measures to safeguard personal information, including: 

  • Encryption and secure transfer protocols 

  • Role-based access controls and authentication 

  • Monitoring and auditing for security and compliance 

  • Staff training and confidentiality obligations 


We do not sell or share personal data with external third parties for marketing purposes. 


Data Breaches 

We take any data incident seriously. 
If a data breach occurs, we will: 

  • Investigate immediately 

  • Take action to minimise impact 

  • Notify affected individuals where required 

  • Notify the Information Commissioner’s Office (ICO) within 72 hours if legally required 


Your Rights 

Under UK GDPR, you have rights over your personal data, including the right to:

  • Request access to your information 

  • Ask us to correct or delete data 

  • Object to or restrict processing 

  • Withdraw consent (where consent is the legal basis) 

  • Request a copy of your data in a portable format 

We will respond to all valid requests within one calendar month

To make a request, please contact us at: 

info@bedrockdw.com

If you are unhappy with how we handle your data, you can raise a concern with the Information Commissioner’s Office: ico.org.uk 


Training & Awareness 

All Bedrock employees and contractors are required to complete annual training on GDPR, information governance, and data security


Policy Review 

We review this Data Protection Policy regularly. Any updates will be published on this page with an updated revision date. 

Last updated: November 2025 


Contact 

If you have questions about this policy or how we handle personal information, please contact: 

Data Protection Lead 
Bedrock Ltd 
info@bedrockdw.com
United Kingdom