Data Protection Policy
This policy sets out our obligations in relation to personal data. We take the management of personal data seriously, and if you have any questions or concerns about this policy, our role in relation to it or how your personal data is managed, please contact us.
Definition Of Personal Data
References to “personal data” in this policy mean any data that contains information from which a person can both be identified – for example a name and address or email address. This might be the personal data of our colleagues or of our customers or suppliers. All information that we encounter is treated with appropriate care, and in accordance with this policy.
Principles of Data Protection legislation
- Personal data shall be processed fairly and lawfully.
- Personal data shall be held only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or purposes.
- Personal data shall be adequate, relevant and not excessive in relation to that purpose or those purposes.
- Personal data shall be accurate and where necessary kept up to date.
- Personal data held for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
- Personal data shall be processed in accordance with the rights of the data subject under the Act.
- Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
- Personal data shall not be transferred to a country or territory outside the European Economic Area unless the country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Management and protection of personal data
To effectively manage and protect personal data, we apply the following principles:
- All personal data we have is stored securely within approved systems and servers.
- We never send personal information to any third party without proper authority.
- Personal information given to us is only processed for the purpose for which it was originally received.
- Our team are trained on data protection and data security.
You have the following rights, which you can exercise free of charge:
| Access | The right to be provided with a copy of your personal information |
| Rectification | The right to require us to correct any mistakes in your personal information |
| To be forgotten | The right to require us to delete your personal information |
| Restriction of processing | The right to require us to restrict processing of your personal information |
| Data portability | The right to receive personal information you provided to us, in a structured, commonly used and machine-readable format |
| To object | The right to object to your personal information being processed for direct marketing |
Data Subject Requests
From time to time, we may receive a data subject access request (also known as a DSAR) from a person who believes we hold personal data about them. If any of our team receive such a request, or any other request relating to data rights (such as a request to delete data) they will notify their director immediately.
Special Category Data
Certain sensitive personal data (referred to as special category data) includes information about an individual’s race, ethnicity, religious beliefs, sexual orientation, political opinions, trade union membership, a person’s health, genetic/biometric data or criminal convictions and offences.
We do not receive, store or use this type of data from our customer or suppliers.
Data leaks or breaches
A data leak or breach is any incident which might affect the confidentiality, integrity or availability of personal data. Examples of a data leak can include (but are not limited to) the accidental loss of data, data being sent to the wrong recipient, or theft of data. In circumstances where we know or suspect a data leak has occurred, we will promptly inform the individual/company affected and confirm the action taken.
| Version | Version 1 July 2023 |
| Author | Catherine Wood |
