top of page
SIR-logo-new-text-no-background.png

Step into Reality Ltd
Data Protection Policy 2025

1. Introduction

 

Step into Reality Ltd is committed to protecting the privacy, confidentiality, and security of personal data processed through our data-delivery platform and related business activities. This Data Protection Policy sets out our commitment to complying with applicable data-protection laws and regulations, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

 

2. Scope

 

This policy applies to all personal data collected, processed, stored, or transmitted by Step into Reality Ltd in connection with our data-delivery platform. It applies to all employees, contractors, suppliers, partners, and third parties who have authorised access to personal data as part of their duties.

 

3. Data Protection Principles

 

Step into Reality Ltd adheres to the following core principles when processing personal data:

 

3.1 Lawfulness, Fairness, and Transparency

 

Personal data is processed lawfully, fairly, and in a transparent manner, with clear information provided to data subjects.

 

3.2 Purpose Limitation

 

Personal data is collected for specific, explicit, and legitimate purposes related to the operation of our data-delivery platform and is not further processed in ways incompatible with those purposes.

 

3.3 Data Minimisation

 

Only personal data that is relevant, adequate, and necessary for the intended purposes is collected and processed.

 

3.4 Accuracy

 

We take reasonable steps to ensure personal data is accurate and kept up to date. Inaccurate or outdated data is corrected or deleted without undue delay.

 

3.5 Storage Limitation

 

Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is legally required.

 

3.6 Integrity and Confidentiality

 

Personal data is processed using appropriate technical and organisational measures to protect against unauthorised access, unlawful processing, accidental loss, destruction, or damage.

 

4. Data Collection and Processing

 

4.1 Lawful Basis for Processing

 

Step into Reality Ltd will process personal data only where a valid lawful basis exists. These may include:

- Performance of a contract

- Compliance with legal obligations

- Protection of vital interests

- Legitimate interests pursued by Step into Reality Ltd or a third party

- Consent, where required

 

4.2 Data Minimisation

 

We collect and process only the personal data necessary to deliver, manage, and support our survey-data services.

 

4.3 Consent

 

Where consent is required, Step into Reality Ltd will obtain clear, informed, and freely given consent from the individual.

 

4.4 Data Accuracy

 

We take reasonable steps to ensure personal data is accurate. Data subjects may request corrections to inaccurate or incomplete data.

 

4.5 Data Retention

 

We retain personal data only for the duration necessary to fulfil the data-delivery purpose, unless legal or contractual obligations require longer retention. A formal retention schedule is maintained to support compliance.

 

5. Data Security

 

5.1 Technical and Organisational Measures

- Encryption and pseudonymisation where appropriate
- Secure hosting and restricted access controls
- Regular security monitoring and testing
- Policies and procedures governing secure data handlin

These measures ensure a level of security appropriate to the nature, scope, and risks associated with data processing activities.

 

5.2 Data Breach Response

 

In the event of a personal data breach, Step into Reality Ltd will promptly assess the risk to individuals’ rights and freedoms. Where required, the Information Commissioner’s Office (ICO) and affected individuals will be notified within statutory timeframes.

 

6. Data Subject Rights

 

Step into Reality Ltd upholds the following data-subject rights in accordance with the law:

 

6.1 Access and Rectification

 

Individuals have the right to access their personal data and request that inaccurate data be corrected.

 

6.2 Erasure and Restriction

 

Individuals may request the deletion or restriction of their personal data in certain circumstances.

 

6.3 Data Portability

 

Individuals have the right to receive their personal data in a structured, commonly used, machine-readable format and to transmit it to another controller where technically feasible.

 

6.4 Objection and Automated Decision-Making

 

Individuals may object to certain types of processing and have the right not to be subject to automated decisions that significantly affect them, including profiling.

 

7. Training and Awareness

 

Step into Reality Ltd provides regular data-protection training and awareness programmes for employees and contractors. Training ensures that individuals understand their responsibilities and comply with this policy and data-protection legislation.

 

8. Compliance and Monitoring

 

We regularly monitor and review compliance with this Data Protection Policy. Any breaches of policy are investigated promptly, and corrective measures are implemented to prevent recurrence.

 

9. Contact Information

 

For questions, concerns, or to exercise your data-subject rights, please contact us at:

Email: info@stepintoreality.com

 

10. Policy Review

 

This Data Protection Policy is reviewed regularly and updated where necessary to ensure ongoing compliance with applicable data-protection laws and best practices.

 

Signed: GN

Gary Nel

CEO

Step into Reality Ltd

bottom of page