Sparrows Group: statement of GDPR compliance

As part of our preparations for GDPR, an internal cross-functional team (the GDPR Steering Committee) was set up to lead Sparrows’ approach to GDPR. The GDPR Steering Committee will assume the responsibilities of the Data Protection Officer, actively monitoring the implementation of our policies and procedures relating to GDPR and providing an advisory service, thereby ensuring we remain compliant.

When processing personal data, sparrows group has adopted the following principles, as laid down in the EU GDPR regulation:

  1. Personal Data shall be processed lawfully, fairly and in a transparent way.
  2. Personal Data shall be collected for specified, explicit and legitimate purposes only.
  3. Personal Data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
  4. Personal Data shall be accurate and, kept up to date. This means Sparrows must have in place processes for identifying and addressing out-of-date, incorrect and redundant Personal Data.
  5. Personal Data shall be kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the Personal Data is processed.
  6. The integrity and confidentiality of Personal Data is maintained at all times through appropriate technical and organisational measures, including protection against unauthorised or unlawful Processing, and against accidental loss, destruction or damage.

Data subject rights

GDPR is intended to give individuals, such as our employees, more power over how organisations like us manage their Personal Data. In-line with the GDPR we have reviewed and enhanced our procedures to enable such data to be located and anonymised or erased, in order to respond to requests to delete, rectify, transfer, access or restrict the Processing of Data. This will enable us to facilitate the below enhanced rights:

  • Handling Data Subject Access Requests
  • Handling data portability and rectification requests
  • The application of retention periods and the secure erasure of personal data

In the unlikely event that a data breach should occur, we will implement a procedure for rectification, reporting to the Information Commissioner’s Office (ICO) and, where required, to the Data Subject in accordance with the regulation.

Transfer of data

Sparrows Group are an international employer with employees all over the world and offices in the UK, Europe, USA, Africa and MEICAP region and, as such, the Data we collect may be transferred to, and stored at, a destination outside the European Economic Area (‘EEA'). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. In line with the GDPR, Sparrows have the necessary safeguards in place to ensure data is safely and appropriately transferred.

Compliance will be supported by a review of existing contracts with data controllers and processors and any data export/sharing arrangements.

Our Privacy Policies and Data Protection Policy can be found on our Website and Intranet site (SIMS).


Click here to view our privacy notice for business customers and suppliers

Click here to view our privacy notice for using our website