Here are our Data Protection and UK-GDPR Compliance Policy:

1. Policy Statement

Univac Systems Limited is committed to protecting the personal data of employees, customers, suppliers, partners, and stakeholders, in accordance with the UK General Data Protection Regulation (UK-GDPR) and the Data Protection Act 2018. This policy sets out our approach to ensuring the privacy, integrity, and security of personal data—especially within the domains of industrial 5G, artificial intelligence, and manufacturing innovation.

2. Scope

This policy applies to all personal data processed by Univac Systems Limited, whether in digital or physical format. It includes data collected, stored, or processed through our industrial 5G platforms, AI solutions, edge devices, cloud services, and collaborative research projects across the manufacturing sector.

3. Definitions
  • Personal Data: Information that can identify a living individual.
  • Data Subject: The individual whose personal data is processed.
  • Processing: Any operation performed on personal data.
  • Data Controller: Univac Systems Limited, determining how and why data is processed.
  • Data Processor: Third parties processing data on behalf of Univac Systems.
4. Data Protection Principles

We follow the principles of data protection as set out in Article 5 of the UK-GDPR:

  • Lawfulness, fairness, and transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality
  • Accountability
5. Lawful Basis for Processing

We process personal data only when a lawful basis applies:

  • Consent
  • Contractual necessity
  • Legal obligation
  • Vital interests
  • Public task
  • Legitimate interests (especially in R&D, network security, AI analytics)
6. Rights of the Data Subject

Univac Systems Limited ensures individuals can exercise their rights under the UK-GDPR, including:

  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Rights related to automated decision making and profiling
7. Data Security

We implement appropriate technical and organisational measures including:

  • Network segmentation, VPN, and encryption across 5G infrastructure
  • Secure AI model training and federated learning approaches
  • Multi-factor authentication (MFA)
  • Data anonymisation and pseudonymisation
  • Secure device provisioning and lifecycle management

8. Data Breaches

All breaches must be reported immediately to the Data Protection Officer (DPO). Where applicable, the ICO will be notified within 72 hours. Affected individuals will also be informed when required.

9. Data Retention

Data will be retained only for as long as necessary to fulfil its intended purpose, contractual obligations, or legal requirements. Automated lifecycle policies will be applied to datasets processed through AI platforms and sensor networks.

10. Data Processors and Third Parties

Contracts with all third parties handling personal data will include data protection clauses, ensuring GDPR-compliant processing. This includes telecom vendors, AI partners, system integrators, and cloud service providers.

11. International Data Transfers

Transfers of personal data outside the UK will be carried out using appropriate safeguards such as adequacy decisions, standard contractual clauses, or binding corporate rules.

12. Responsibilities
  • Data Protection Officer (DPO): Oversees GDPR compliance, provides advice, and serves as a point of contact with the ICO.
  • All employees and contractors: Required to understand and follow this policy, especially those involved in AI, connectivity, and digital manufacturing projects.
13. Policy Review

This policy will be reviewed annually or when regulatory, operational, or technological changes occur.

Version: 1.0

Approval Date: 25/09/2025

Next Review Date: 25/09/202