Privacy Policy

Privacy Policy 

Contents

  1. Introduction

  2. Purpose

  3. Policy

Policy Author/Reviewer 

Alex Jay Lynam

Policy approval Date

05.05.2024

Review date

05.05.2025 

Signed: 

Company Director: Alex Lynam 

 

  1. Introduction

  1. The Company is required to process relevant personnel data regarding employees, customer or clients, as part of its operation and shall take all reasonable steps to do so in accordance with this policy.  

  2. Processing may include obtaining, recording, holding, disposing, destroying or otherwise using data.  The Company will endeavour to ensure that all personal data is processed in compliance with this policy and the principles of the Data Protection Act 1998.  

  3. The Company has appointed a Data Protection Controller (“DPC”) who is the Director. 

  4. The DPC will endeavour to ensure that all personal data is processed in compliance with this policy and the principles of the Data Protection Act 1998.

 

  1. Purpose 

The Company is required to comply with the Data Protection principles (“the principles”) contained in the Data Protection Act to ensure all data is:-

 

  1. Fairly and lawfully processed

  2. Processed for limited purposes

  3. Adequate, relevant and not excessive

  4. Accurate and up to date

  5. Not kept for longer than necessary

  6. Processed in accordance with the data subject rights

  7. Protected and Secure

  8. Not transferred to other countries without adequate protection

 

  1. Policy

 

Personal Data

  1. Personal Data covers both facts and opinions about an individual.  Personal data may include, but is not limited to names and addresses, bank details, academic, disciplinary, attendance records and references.

 

Processing of Personal Data or Business Contacts

 

  1. Any information which falls within the definition of personal data and is not otherwise exempted will remain confidential and will only be disclosed to third parties with the consent of the appropriate individual or under the terms of this Policy.  

 

Sensitive Personal Data

 

  1. The Company may from time to time be required to process sensitive personal data regarding an employee, customer or client.  Where sensitive personal data is processed by the Company, the explicit consent of the appropriate individual will generally be required in writing.  

 

  1. The processing of sensitive personal data is subject to the above mentioned eight data protection principles.  

 

Rights of Access

  1. Individuals have a right of access to personal data held by the Company relating to themselves.  Any individual wishing to access their personal data should put their request in writing to the director.  The Company will endeavour to respond to any such written request as soon as is reasonably practicable and in any event usually within 30 days. 

 

  1. You should be aware that certain data is exempt from the right of access under the Data Protection Act.  This may include information which identifies other individuals, information which the Company reasonably believes is likely to cause damage, distress or information which is subject to legal professional privilege.

 

  1. The Company will also treat as confidential any reference given to the Company for the purpose of training, employment of any employee, customer or client. However, such a reference will only be disclosed if such disclosure will not identify the source of the reference or where, notwithstanding this, the referee has given their consent or if disclosure is reasonable in all the circumstances.

 

Exemptions

  1. Certain data is exempted from the provisions of the Data Protection Act which includes data relating to the following:

  1. The prevention or detection of crime.

  2. The assessment of any tax or duty.

  3. Whether processing is necessary to exercise a right or obligation conferred or imposed by law upon the Company.

The above are examples of only some of the exemptions under the Act.  

 

Disclosure of Information

 

  1. The Company may receive requests from third parties to disclose personal data it holds about employees.  The Company confirms it would generally disclose information unless the individual has withheld their consent.  In particular the Company will disclose such data as is necessary to third parties in order to provide a reference for an employee when they are seeking alternative employment.

 

  1. Where the Company receives a disclosure request from a third party, it will take reasonable steps to verify the identity of that party before making any disclosure.

 

Accuracy

 

  1. The Company will endeavour to ensure that all personal data held in relation to an employee, customer or client is accurate.  Employees, customers or client must notify the director of any changes to information held about them.  An employee, customers or client has the right to request that inaccurate information about them is erased or corrected.

Security

 

  1. All employees, customers and client will be made aware of this Policy and their duties under the Data Protection Act. The Company will ensure that all personal information is held securely and is not accessible to unauthorised persons.

 

Enforcement

 

  1. If an individual believes the Company has not complied with this policy or acted otherwise than in accordance with the Data Protection Act, they should utilise the Grievance Procedure and should also notify the director. 

 

  1. Further Information

 

  1. For further information/guidance contact the director.

Shopping Cart
Scroll to Top