Protecting privacy, ensuring transparency, and maintaining trust across every system we manage.
CaminhoIT fully complies with the UK General Data Protection Regulation (UK GDPR) and the EU GDPR. As both a data controller (for our own business operations) and a data processor (for client systems and services), we uphold the principles of fairness, transparency, and accountability in all data handling activities.
All data collected and processed by CaminhoIT is done lawfully, with a clear purpose and communicated transparently to individuals. We ensure that users are informed of how their data will be used at the time of collection.
We process personal data only for legitimate business functions — such as account management, service delivery, or compliance with legal obligations — and never for unrelated purposes.
CaminhoIT collects only the minimum personal data required to provide services effectively. We avoid excessive or irrelevant data collection and regularly review stored data for necessity.
Clients and users can update their data at any time. CaminhoIT maintains internal review processes to ensure that personal data remains accurate and up-to-date across all systems.
Personal data is retained only for as long as required to deliver services or meet regulatory requirements. When no longer needed, data is securely deleted or anonymized according to GDPR Article 5(1)(e).
CaminhoIT implements technical and organizational measures to protect personal data from unauthorized access, alteration, or destruction. This includes encryption, network monitoring, access logging, and restricted administrative permissions.
Under GDPR, you have the right to:
CaminhoIT acts as:
Where external service providers are used (e.g., Microsoft for 365 or Azure services), CaminhoIT ensures appropriate data protection agreements (DPAs) are in place. We only engage vendors that demonstrate GDPR compliance and provide adequate safeguards.
CaminhoIT’s infrastructure is located within the UK and EU. Any transfer of personal data outside these regions occurs only when necessary and with approved mechanisms such as Standard Contractual Clauses (SCCs).
In the unlikely event of a personal data breach, CaminhoIT will promptly notify affected clients and relevant authorities in accordance with GDPR Articles 33 and 34.
CaminhoIT’s appointed Data Protection Lead oversees compliance and privacy strategy. For GDPR-related enquiries, contact privacy@caminhoit.com.
CaminhoIT maintains internal policies, staff training, and technical documentation to ensure GDPR compliance is embedded across all levels of operation.
Our GDPR practices are reviewed regularly to adapt to new legal interpretations, client requirements, and technological developments.
CaminhoIT — Powering Smarter IT, Sustainably.
For any GDPR or data protection concerns, please contact privacy@caminhoit.com.