AB2K LTD - GDPR Policy Statement

AB2K Ltd. is committed to ensuring compliance with the requirements of the Data Protection Act 2018. This means recognising the balance between keeping information confidential and secure and the need to be able to use and share it where necessary.

Our 6 key management system principles for the processing of personal information:

  • All personal information shall be processed lawfully, fairly and in a transparent manner,
  • Shall be collected for specific, explicit and legitimate purposes and only processed in accordance with the purpose(s) it is collected,
  • Personal information data shall be limited, relevant and accurate as necessary for the purpose it is collected,
  • Personal information shall be kept up-to-date where required,
  • Personal information shall be stored in a format adequate to readily identify the subject for no longer than necessary,
  • All personal information shall be processed in a secure manner including unauthorised access controls.


AB2K Ltd. and our IT Systems supplier (MORCAN) both hold Cyber Essentials certification as part of our protection of our and your data. 

How we Store your Personal Information 

Your information is securely stored electronically on the company server in files that can only be accessed by approved individuals and will only be used for the intended purposes. 

We will keep all information for the duration of your employment and up to the statutory 6 years after termination of employment. We will then dispose of your information by deleting all electronic copies of your information and cross shredding of paper based records. 

AB2K Ltd will only use a registered (ICO) and compliant (EU GDPR) company for the data wiping and data destruction of all obsolete or used data bearing media from PC’s, laptops, servers, printers and mobile devices. 

We will receive a certificate of destruction at the end of each project which details the destruction of all media by quantity and where applicable by serial number and host asset. 

Your Data Protection Rights

Under the Data Protection Act 2018, you have rights including:

  • Right of access – you have the right to ask us for copies of your personal information, and other supplementary information,
  • Right to rectification – you have the right to ask us to rectify personal information you think is inaccurate.You also have the right to ask us to complete information you think is incomplete,
  • Right to erasure – you have the right to erase your personal information in certain circumstances,
  • Right to restrict processing – you have the right to ask us to restrict the processing of your personal information in certain circumstances,
  • Right to data portability – you have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances,
  • Right to object – you have the right to object to the processing of your personal information in certain circumstances.

Where possible Quattro Group eliminate paper records however where required GDPR protected records are stored in secure locked cabinets accessible only by the Human Resources Team.


The Quattro Group PIMS processes include:

  • Data storage, retention, classification and erasure
  • Data processing, communication and transfer
  • Data user access control, access request, access violation & data breach
  • Emergency responses & disaster recovery
  • Training & competence
  • Data Controller Team DBS verification
  • Auditing, control of non-conformances and corrective action


John Murphy 
Managing Director 
AB2K Ltd May 2024 

As HR Manager of AB2K Ltd, I countersign this policy statement and shall ensure it is communicated and implemented.

Melanie Webb 
HR Manager 
AB2K Ltd May 2024


Date of Issue: 05/04/24 
M Webb – HR Manager                
Doc Ref: GDPR
Document Title: GDPR 
Version: 1.0