1. 1.1
   The policy is subject to regular review to reflect, for example, changes to legislation or to the structure or policies of the FSA or other relevant regulatory authority. All our staff are expected to apply the policy and to seek advice when required.
2. 1.2
   We need to collect and use certain types of information about people with whom we deal in order to operate at full potential. The personal information we collect must be dealt with properly however it is collected, recorded and used – whether on paper, electronically, or other means as outlined by the safeguards appointed by the powers of the Data Protection Act 1998.
3. 1.3
   We regard the lawful and correct treatment of your personal information as important to the achievement of our objectives, the success of our operations, and to maintaining confidence and strong business partnerships with you our customers. We therefore need to ensure that we treat personal information with the due diligence above and beyond the level of legislation demanded by the Data Protection Act 1998.

2. Principales

1. 2.1

   The eight fundamental Principles required in the protection of personal information are set out by the legislation are:
   1. 2.1.1
      Your information will be processed fairly and lawfully;
   2. 2.1.2
      Your information shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes;
   3. 2.1.3
      Your information shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed;
   4. 2.1.4
      Your information shall be accurate and, where necessary, kept up to date;
   5. 2.1.5
      Your information shall not be kept for longer than is necessary for the specified purpose(s);
   6. 2.1.6
      Your information shall be processed in accordance with the rights of data subjects under the Act
   7. 2.1.7
      Your information should be subject to appropriate technical and organisational measures to prevent the unauthorised or unlawful processing of personal data, or the accidental loss, destruction, or damage to personal data;
   8. 2.1.8
      Your information shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
2. 2.2
   Therefore, through appropriate management and strict application of criteria and controls we will do above and beyond the requirements of the legislation to protect your personal information. How we will do this is firstly complying with the above principles of the Act but above the requirements of the legislation, SIDEWAYS LTD and Crea d.o.o. are in the process of implementing the procedural steps know as a Privacy Impact Assessment. This process helps assess privacy risks to individuals in the collection, use and disclosure of information. PIAs help identify privacy risks, foresee problems and bring forward solutions when handling personal information. There is no statutory requirement for any organisation to complete a PIA. However, central government departments have been instructed to complete PIAs by Cabinet Office, which in turn has resulted in the PIA becoming good practice among organisations.
3. 2.3

   We (the Supplier) abide by the following principles when handling your personal information and the protection of data;
   1. 2.3.1
      To observe fully conditions regarding the fair collection and use of information;
   2. 2.3.2
      To meet the legal obligations to specify the purposes for which information is used;
   3. 2.3.3
      To collect and process appropriate information only to the extent that it is needed to for fill our operational needs or to comply with any legal requirements;
   4. 2.3.4
      To ensure the quality of information used;
   5. 2.3.5
      To ensure that the information is held for no longer than is necessary;
   6. 2.3.6
      To ensure that the rights of people about whom information is held can be fully exercised under the Act (i.e. the right to be informed that processing is being undertaken, to access one’s personal information; to prevent processing in certain circumstances, and to correct, rectify, block or erase information that is regarded as wrong information);
   7. 2.3.7
      To take appropriate technical and organisational security measures to safeguard personal information;
   8. 2.3.8
      To ensure that personal information is not transferred abroad without suitable safeguards.
4. 2.4

   To assist in achieving compliance with these principles, we have;
   1. 2.4.1
      Appointed an Information Protection Officer with specific responsibility for data protection within our company;
   2. 2.4.2
      The process of implementing the procedural requirements needed to perform Privacy Impact Assessments to further safeguard personal information.

3. Data Protection Promise

We (the Supplier) promise to:
1. 3.1
   Value the personal information entrusted to us and make sure we respect that trust;
2. 3.2
   Go further than just the letter of the law when it comes to handling personal information, and adopt good practice standards;
3. 3.3
   Consider and address the privacy risks first when we are planning to use or hold personal information in new ways, such as when introducing new systems;
4. 3.4
   Be open with individuals about how we use their information and who we give it to;
5. 3.5
   Make it easy for individuals to access and correct their personal information;
6. 3.6
   Keep personal information to the minimum necessary and delete it when we no longer need it;
7. 3.7
   Have effective safeguards in place to make sure personal information is kept securely and does not fall into the wrong hands;
8. 3.8
   Provide training to staff who handle personal information and treat it as a disciplinary matter if they misuse or fail to look after personal information properly;
9. 3.9
   Put appropriate financial and human resources into looking after personal information to make sure we can live up to our promises;
10. 3.10
    Put appropriate financial and human resources into looking after personal information to make sure we can live up to our promises;