Agile Relocations – Data Protection Policy

Introduction

Agile Relocations collects and uses personal data relating to clients, suppliers, partners,
employees, and other contacts. This policy explains how we collect, handle, and protect
this data to comply with legal requirements and maintain our high standards of privacy and
security.

Purpose of This Policy

This policy ensures Agile Relocations:

• Complies with relevant data protection laws and best practices
• Safeguards the rights of individuals whose data we process
• Is transparent about how personal data is used and stored
• Protects the company against risks associated with data breaches

Data Protection Legislation

Data protection laws set out strict rules about how personal data must be handled —
whether stored digitally, on paper, or other formats. Agile Relocations commits to:

• Collecting and using data fairly and lawfully
• Keeping data safe and secure
• Not disclosing data improperly

These laws are based on eight key principles, meaning personal data must:

1. Be processed lawfully, fairly, and transparently
2. Be collected only for specific and legitimate purposes
3. Be relevant and limited to what is necessary
4. Be accurate and kept up to date
5. Not be kept longer than necessary
6. Be processed in line with individual rights
7. Be kept secure with appropriate safeguards
8. Not be transferred to countries without adequate protection

Scope

This policy applies to:

• All Agile Relocations offices and operations
• All employees, contractors, and third parties working on our behalf
• All personal data relating to identifiable individuals, including:
  • Names
  • Contact details (addresses, emails, phone numbers)
  • Employment and financial information
  • Any other personally identifiable information

Risks Covered by This Policy

We use this policy to help prevent risks such as:

• Unauthorized disclosure of confidential information
• Improper use of data without individual consent
• Damage to our reputation caused by data breaches or hacks

Responsibilities

Everyone working with Agile Relocations has a role in protecting personal data. Key
responsibilities include:

• Data Protection Contact Person: A designated staff member (appointed by
  management) will oversee compliance, update management on data risks, arrange
  training when needed, handle subject access requests, and review contracts
  involving personal data.
• IT Responsibilities: Outsourced IT provider or nominated internal staff member is responsible for ensuring network and system security, malware protection, monitoring data storage systems, and evaluating third-party data services.
• Management Team: Ensures that all company communications (including marketing) comply with data protection laws and approves any updates to this policy.
• All Staff: Must follow this policy, safeguard data, and report any concerns immediately.

General Staff Guidelines

• Access personal data only if necessary for your work.
• Do not share confidential data informally—request access via proper channels.
• Keep physical and electronic data secure, especially when working remotely.
• Use strong, unique passwords and never share them.
• Do not send personal data via unsecured email; encrypt data before electronic
  transfer.
• Regularly review and update personal data, deleting any that is no longer needed.
• Seek guidance if unsure about any aspect of data protection.

Data Storage

• Paper records must be securely stored and locked when not in use.
• Printed data should never be left unattended in public areas and must be shredded when no longer needed.
• Electronic data must be protected by strong passwords and stored only on approved servers or cloud services.
• Perform and test regular backups.
• Do not save data to personal devices; use company Dropbox instead.
• All IT systems must be protected with updated security software and firewalls.

Data Use and Accuracy

• Always lock computer screens when unattended.
• Use only central, authorized data sources to avoid duplicates or outdated info.
• Keep data accurate by confirming details during interactions.
• Provide easy ways for individuals to update their information.
• Remove or correct inaccurate data promptly.
• Marketing data must be reviewed against industry suppression lists twice a year.

Subject Access Requests

Individuals have the right to:

• Know what personal data Agile Relocations holds about them
• Understand how their data is used
• Request access to their data
• Ask to update or correct their data

Disclosing Data

Agile Relocations will only disclose personal data to law enforcement or legal
authorities when required by law. All such requests will be verified for legitimacy before
compliance.

Transparency and Privacy Notices

We are committed to keeping individuals informed about how we use their data. Our
privacy notice explains:

• What data we collect
• How and why we use it
• Individuals’ rights regarding their data

This notice is available upon request and published on our website.