This Privacy Standard sets out how O&A DESIGN LTD. (”we”, “our”, “us”, “the Company”) handle the Personal Data of our clients, employees, workers and other third parties. This Privacy Standard applies to all Personal Data we Process regardless of the media on which that data is stored or whether it relates to past or present employees, workers, customers, clients or supplier contacts, website users or any other Data Subject. We recognise that the correct and lawful treatment of Personal Data will maintain confidence in the Company and will provide for successful business operations. Protecting the confidentiality and integrity of Personal Data is a critical responsibility that we take seriously at all times. The Company is exposed to potential fines of up to EUR20 million (approximately £18 million) or 4% of total worldwide annual turnover, whichever is higher and depending on the breach, for failure to comply with the provisions of the GDPR. This Privacy Standard applies to all Personnel (”you”, “your”). You must read, understand and comply with this Privacy Standard when Processing Personal Data on our behalf and attend training on its requirements. This Privacy Standard sets out what we expect from you in order for the Company to comply with applicable law. Your compliance with this Privacy Standard is mandatory. Any breach of this Privacy Standard may result in disciplinary action. This Privacy Standard and any other privacy-related documents and templates referred to in it are for internal use only and cannot be shared with third parties, clients or regulators without prior authorisation from the DPL. In this Privacy Standard the following terms have the following meanings: Business Contact: any individual, whether acting in their own capacity or representing a business, you come into interaction with in the course of your working for the Company and participating in work-related events, whether at the Company’s request or of your own accord. Client: an individual, whether acting in their own capacity or representing a business, who has engaged the Company for the provision of services or sale of goods, or has taken steps toward such engagement. Personnel: all employees, workers (contractors, agency workers, consultants), directors, members and others. Consent: agreement which must be freely and given, specific, informed and be an unambiguous indication of the Data Subject’s wishes by which they, by a statement or by a clear affirmative action, signifies agreement to the Processing of Personal Data relating to them. Data Controller: the person or organisation that determines when, why and how to process Personal Data. It is responsible for establishing practices and policies in line with the GDPR. We are the Data Controller of all Personal Data relating to our Personnel and Personal Data used in our business for our own commercial purposes. Data Subject: a living, identified or identifiable individual about whom we hold Personal Data. Data Subjects may be nationals or residents of any country and may have legal rights regarding their Personal Data.