Data protection principles
The Company processes personal data in accordance with the following data protection principles:
The Company processes personal data lawfully, fairly and in a transparent manner.
The Company collects personal data only for specified, explicit and legitimate purposes.
The Company processes personal data only where it is adequate, relevant and limited to what is necessary for the purposes of processing.
The Company keeps accurate personal data and takes all reasonable steps to ensure that inaccurate personal data is rectified or deleted without delay.
The Company keeps personal data only for the period necessary for processing.
The Company adopts appropriate measures to make sure that personal data is secure, and protected against unauthorised or unlawful processing, and accidental loss, destruction or damage.
The Company tells individuals the reasons for processing their personal data, how it uses such data and the legal basis for processing in its privacy notices. It will not process personal data of individuals for other reasons.
Where the Company processes special categories of personal data or criminal records data to perform obligations or to exercise rights in employment law, this is done in accordance with a policy on special categories of data and criminal records data.
The Company will update personal data promptly if an individual advises that their information has changed or is inaccurate.
The periods for which the Company holds HR-related personal data are contained in the Company’s GDPR – Breach of Data Risk assessment.
Rights of access, correction, erasure, and restriction
Under certain circumstances, by law you have the right to:
Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request the erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to stop processing personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground.
Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal data to another party.
If you want to review, verify, correct or request erasure of your personal data object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact us. Data security
The Company takes the security of personal data seriously. The Company has internal policies and controls in place to protect personal data against loss, accidental destruction, misuse or disclosure, and to ensure that data is not accessed, except by employees in the proper performance of their duties.
Where the Company engages third parties to process personal data on its behalf, such parties do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and Company measures to ensure the security of data. Further details about the Company’s security procedures can be found in its data security protocols, in the Company’s GDPR - Breach of Data Risk assessment.