Data protection policy
-
1.1The policy is subject to regular review to reflect, for example, changes to legislation or to the structure or policies of the FSA or other relevant regulatory authority. All our staff are expected to apply the policy and to seek advice when required.
-
1.2We need to collect and use certain types of information about people with whom we deal in order to operate at full potential. The personal information we collect must be dealt with properly however it is collected, recorded and used – whether on paper, electronically, or other means as outlined by the safeguards appointed by the powers of the Data Protection Act 1998.
-
1.3We regard the lawful and correct treatment of your personal information as important to the achievement of our objectives, the success of our operations, and to maintaining confidence and strong business partnerships with you our customers. We therefore need to ensure that we treat personal information with the due diligence above and beyond the level of legislation demanded by the Data Protection Act 1998.
2. Principales
-
2.1The eight fundamental Principles required in the protection of personal information are set out by the legislation are:
-
2.1.1Your information will be processed fairly and lawfully;
-
2.1.2Your information shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes;
-
2.1.3Your information shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed;
-
2.1.4Your information shall be accurate and, where necessary, kept up to date;
-
2.1.5Your information shall not be kept for longer than is necessary for the specified purpose(s);
-
2.1.6Your information shall be processed in accordance with the rights of data subjects under the Act
-
2.1.7Your information should be subject to appropriate technical and organisational measures to prevent the unauthorised or unlawful processing of personal data, or the accidental loss, destruction, or damage to personal data;
-
2.1.8Your information shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
-
-
2.2Therefore, through appropriate management and strict application of criteria and controls we will do above and beyond the requirements of the legislation to protect your personal information. How we will do this is firstly complying with the above principles of the Act but above the requirements of the legislation, SIDEWAYS LTD and Crea d.o.o. are in the process of implementing the procedural steps know as a Privacy Impact Assessment. This process helps assess privacy risks to individuals in the collection, use and disclosure of information. PIAs help identify privacy risks, foresee problems and bring forward solutions when handling personal information. There is no statutory requirement for any organisation to complete a PIA. However, central government departments have been instructed to complete PIAs by Cabinet Office, which in turn has resulted in the PIA becoming good practice among organisations.
-
2.3We (the Supplier) abide by the following principles when handling your personal information and the protection of data;
-
2.3.1To observe fully conditions regarding the fair collection and use of information;
-
2.3.2To meet the legal obligations to specify the purposes for which information is used;
-
2.3.3To collect and process appropriate information only to the extent that it is needed to for fill our operational needs or to comply with any legal requirements;
-
2.3.4To ensure the quality of information used;
-
2.3.5To ensure that the information is held for no longer than is necessary;
-
2.3.6To ensure that the rights of people about whom information is held can be fully exercised under the Act (i.e. the right to be informed that processing is being undertaken, to access one’s personal information; to prevent processing in certain circumstances, and to correct, rectify, block or erase information that is regarded as wrong information);
-
2.3.7To take appropriate technical and organisational security measures to safeguard personal information;
-
2.3.8To ensure that personal information is not transferred abroad without suitable safeguards.
-
-
2.4To assist in achieving compliance with these principles, we have;
-
2.4.1Appointed an Information Protection Officer with specific responsibility for data protection within our company;
-
2.4.2The process of implementing the procedural requirements needed to perform Privacy Impact Assessments to further safeguard personal information.
-
3. Data Protection Promise
-
3.1Value the personal information entrusted to us and make sure we respect that trust;
-
3.2Go further than just the letter of the law when it comes to handling personal information, and adopt good practice standards;
-
3.3Consider and address the privacy risks first when we are planning to use or hold personal information in new ways, such as when introducing new systems;
-
3.4Be open with individuals about how we use their information and who we give it to;
-
3.5Make it easy for individuals to access and correct their personal information;
-
3.6Keep personal information to the minimum necessary and delete it when we no longer need it;
-
3.7Have effective safeguards in place to make sure personal information is kept securely and does not fall into the wrong hands;
-
3.8Provide training to staff who handle personal information and treat it as a disciplinary matter if they misuse or fail to look after personal information properly;
-
3.9Put appropriate financial and human resources into looking after personal information to make sure we can live up to our promises;
-
3.10Put appropriate financial and human resources into looking after personal information to make sure we can live up to our promises;
We (the Supplier) promise to: