GDPR Compliance

1. Introduction:
ONSITE, is committed to ensuring compliance with the EU General Data Protection Regulation (GDPR). This document outlines our policies, practices, and measures to safeguard personal data while providing IT consultancy, cyber security solutions, technology solution design, project implementation, and support services.
2. Data Protection Principles:
ONSITE adheres to the following GDPR principles:
Lawfulness, fairness, and transparency: Personal data is processed lawfully, fairly, and transparently.
Purpose limitation: Data is collected for specified, explicit, and legitimate purposes.
Data minimization: Only data necessary for the specified purpose is collected and processed.
Accuracy: Personal data is accurate and kept up to date.
Storage limitation: Data is retained only as long as necessary.
Integrity and confidentiality: Data is processed securely to protect against unauthorized access, loss, or destruction.
Accountability: ONSITE is accountable for its compliance and can demonstrate adherence to GDPR principles.
3. Roles and Responsibilities
Director (Technical) Oversees GDPR compliance and serves as the point of contact for data protection matters. Employees: Ensure compliance with GDPR in their respective roles. Third Parties: Any third parties processing personal data on behalf of ONSITE must comply with GDPR requirements..
4. Data Collection and Use: ONSITE collects and processes personal data for the following purposes:
Failure to comply with this Anti-Bribery Policy or any applicable anti-bribery laws may result in civil or criminal penalties, as well as the termination of the employment or business relationship.
IT consultancy projects
Technology solution design and implementation
Ongoing support services
5. Legal Basis for Data Processing: ONSITE processes personal data based on the following legal grounds:
Consent from data subjects
Performance of a contract
Compliance with legal obligations
Legitimate interests pursued by ONSITE
6. Data Subject Rights: ONSITE respects the rights of data subjects, which include:
Right to access personal data
Right to rectification of inaccurate data
Right to erasure (‘right to be forgotten’)
Right to restrict processing
Right to data portability
Right to object to data processing
Right to lodge a complaint with a supervisory authority
7. Data Protection Measures: ONSITE has implemented technical and organizational measures to protect personal data, including:
Access control policies
Encryption and pseudonymization of personal
Employee training on data protection
Data Regular security assessments and audits
8. Data Breach Policy: ONSITE has established procedures to address data breaches, including:
Immediate notification to the Director (Technical)
Containment and mitigation measures
Notification to the supervisory authority within 72 hours (if required)
Communication with affected data subjects (if necessary)
9. Third-Party Processors: ONSITE ensures that third-party processors adhere to GDPR through:
Data Processing Agreements (DPAs)
Regular compliance audits
Security assessments of third-party systems
10. Record of Processing Activities (RoPA): ONSITE maintains a detailed RoPA, documenting all personal data processing activities, including:
Purpose of processing
Categories of data subjects and personal data
Data retention periods
Security measures in place
11. Data Retention Policy:
Personal data is retained only as long as necessary to fulfill the purposes for which it was collected or as required by law. Retention periods are reviewed periodically.
12. Employee Training and Awareness:
ONSITE conducts regular training sessions to ensure employees are aware of GDPR requirements and their responsibilities in handling personal data.
13. Review and Updates:
This GDPR compliance document is reviewed annually or whenever there are significant changes in data processing activities or legal requirements.
Contact Information:
For any queries or concerns regarding GDPR compliance, Please contact: Director (Technical), Email: gdpr@onsite.com.pk Phone: +92 300 4875 128
Declaration:
ONSITE is committed to ensuring the highest standards of data protection and compliance with GDPR. This document serves as our formal declaration of adherence to GDPR principles and practices.
Review: This policy may be reviewed as needed & It will also be made publicly available on our website.

This policy is endorsed by the leadership of ONSITE & This document will be shared with employees, clients, and other stakeholders to demonstrate ONSITE's commitment to GDPR compliance.
Document Created Date: 1st January 2024, Revision Number: 1.0.