RKM Software is committed to protecting personal data and ensuring compliance with the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR). We apply data protection principles across our operations, service delivery, and technology platforms to safeguard the confidentiality, integrity, and availability of personal data.

Our Commitment to Data Protection

We process personal data lawfully, fairly, and transparently. Our practices ensure that personal data is:

• Collected for specified, legitimate purposes
• Processed only where there is a lawful basis
• Accurate and kept up to date
• Retained only as long as necessary
• Protected using appropriate security measures

Data protection is embedded into our operational and technical processes.

Data Protection Principles

RKM Software follows the core GDPR principles:

• Lawfulness, fairness, and transparency
• Purpose limitation
• Data minimisation
• Accuracy
• Storage limitation
• Integrity and confidentiality
• Accountability

Lawful Basis for Processing

We process personal data only where a lawful basis applies, including:

• Consent provided by individuals
• Performance of a contract
• Legitimate business interests
• Compliance with legal obligations

We maintain records of processing activities where required.

Data Subject Rights

Individuals have the following rights under GDPR:

• Right of access to personal data
• Right to rectification of inaccurate data
• Right to erasure (“right to be forgotten”)
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent

Requests may be submitted to: privacy@rkmsoftware.com

Data Protection by Design and Default

• Data minimisation controls
• Role-based access restrictions
• Secure architecture and system design
• Defined data retention policies
• Logical separation of client data

Where required, we support Data Protection Impact Assessments (DPIAs).

Security Measures

• Access control and authentication measures
• Secure hosting and infrastructure environments
• Encryption where appropriate
• Monitoring and incident response procedures
• Secure development and deployment practices

Our approach aligns with internationally recognised standards, including ISO/IEC 27001 principles.

International Data Transfers

Where personal data is transferred outside the UK or European Economic Area, appropriate safeguards are applied, including Standard Contractual Clauses (SCCs), UK International Data Transfer Agreements (IDTA), and technical and organisational safeguards.

Data Processing Roles

• RKM Software may act as a data controller, or
• RKM Software may act as a data processor on behalf of clients.

Roles and responsibilities are defined contractually where applicable.

Sub-processors and Third Parties

We work only with trusted service providers who meet appropriate security and data protection standards. Where third parties process personal data on our behalf, contractual safeguards and obligations are enforced.

Breach Notification

We maintain procedures for identifying, reporting, and responding to data protection incidents. Where required by law, affected parties and relevant authorities are notified without undue delay.

Contact for GDPR Enquiries