Privacy Policy

DATA PROTECTION POLICY  

About the policy 

During the course of our activities we will process personal data (which may he held on paper, electronically, or otherwise) about our staff and we recognise the need to treat it in an appropriate and lawful manner, in accordance with the Data Protection Act 2018 (DPA).  The Data Protection Act 2018 is the UK implementation of the General Data Protection Regulations (UK-GDPR).  The purpose of this policy is to make you aware of how we will handle your personal data.  The policy does not form part of any employees’ contract of employment, and we may amend it at any time. The company has achieved compliance with the DPA and UK-GDPR by: 

Ensuring all data is held securely 

Technical and organisational measures include: 

Encryption 

Access Control 

Pseudonymisation 

Firewalls, anti-malware, intrusion detection 

Regular security audits 

Appointing a data controller 

Providing data protection training to all employees. Training will include: 

What is the UK GDPR and Data Protection Act 2018? 

What counts as personal data and special category data? 

Data Subject Rights (e.g., access, erasure, objection) 

The role of the Information Commissioner’s Office (ICO) 

Data Protection Principles 

Lawfulness, fairness, transparency 

Data minimisation and purpose limitation 

Security and accountability 

Data protection principles 

Everyone responsible for using personal data has to follow strict rules called ‘data protection principles.  They must make sure the information is: 

Used fairly, lawfully and transparently 

Used for specified, explicit purposes 

Used in a way that will adequate, relevant and limited to only what is necessary 

Accurate and, where necessary, kept up to date 

Kept for no longer than necessary 

Handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage 

“Personal data" means recorded information we hold about you from which you can be identified. It may include contact details, other personal information, photographs, expressions of opinion about you or indications as to our intentions about you. "Processing" means doing anything with the data, such as accessing, disclosing, destroying or using the data in any way.

©Copyright. All rights reserved.

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.