Data Protection Policy

1. Introduction

Sip and Solve Ltd is committed to protecting the rights and privacy of individuals in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and any other applicable data protection laws. This policy outlines how we handle, store, and process personal data to ensure compliance with legal obligations.

2. Scope

This policy applies to all employees, contractors, partners, and third parties who have access to personal data processed by Sip and Solve Ltd. It covers all personal data, regardless of the format or medium in which it is held.

3. Data Protection Principles

We adhere to the following principles when processing personal data:
• Lawfulness, fairness, and transparency
• Purpose limitation
• Data minimisation
• Accuracy
• Storage limitation
• Integrity and confidentiality (security)
• Accountability

4. Legal Basis for Processing

Sip and Solve Ltd ensures that all data processing activities are lawful by identifying at least one valid legal basis for each activity, such as consent, contractual necessity, legal obligation, vital interests, public task, or legitimate interests.

5. Data Subject Rights

Individuals have the following rights regarding their personal data:
• The right to be informed
• The right of access
• The right to rectification
• The right to erasure
• The right to restrict processing
• The right to data portability
• The right to object
• Rights in relation to automated decision making and profiling

6. Data Security

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
• Encryption
• Access controls
• Secure storage and disposal
• Regular training for staff
• Incident response procedures

7. Data Breaches

All data breaches must be reported immediately to the Data Protection Officer. Significant breaches will be reported to the Information Commissioner’s Office (ICO) within 72 hours as required by law.

8. Data Retention

Personal data will be retained only for as long as necessary to fulfil the purposes it was collected for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

9. Responsibilities

All staff are responsible for ensuring that they understand and comply with this policy. The Data Protection Officer (DPO) is responsible for overseeing data protection strategy and implementation.

10. Review and Updates

This policy will be reviewed annually or whenever there is a significant change in the business or applicable legislation. Last reviewed on: 14 January 2026.

11. Contact Information

Sip and Solve Ltd
7-9 Marketway, Portsmouth, PO1 4BX
Phone: 07312199070
Email: gareth@sipandsolve.uk
Data Protection Officer: Gareth Beeston