Everyone has rights with regard to the way in which their personal data is handled. During the course of our activities we will collect, store and process personal data about our customers, suppliers and other third parties, and we recognise that the correct and lawful treatment of this data will maintain confidence in the organisation and will provide for successful business operations.
We reserve the right to change this policy at any time. Where appropriate, we will notify data subjects of those changes by mail or email.
Processing for limited purposes
In the course of our business, we may collect and process personal data. This may include data we receive directly from a data subject (for example, by completing forms or by corresponding with us by mail, phone, email or otherwise) and data we receive from other sources (including, for example, business partners, sub-contractors in technical, payment and delivery services, credit reference agencies and others).
We will only process personal data for the specific purposes notified to the data subject when the data was first collected or any other purposes specifically permitted by the Act. Should it become necessary to change the purpose for which the data is processed, the data subject will be informed of the new purpose for which the data is processed as soon as possible.
Data protection principles
Anyone processing personal data must comply with the eight enforceable principles of good practice. These provide that personal data must be:
- Processed fairly and lawfully.
- Processed for limited purposes and in an appropriate way.
- Adequate, relevant and not excessive for the purpose.
- Not kept longer than necessary for the purpose.
- Processed in line with data subjects' rights.
- Not transferred to people or organisations situated in countries without adequate protection.
Adequate, relevant and non-excessive processing
We will only collect personal data to the extent that it is required for the specific purpose notified to the data subject.
We will ensure that personal data we hold is accurate and kept up to date. We will check the accuracy of any personal data at the point of collection and at regular intervals afterwards. We will take all reasonable steps to destroy or amend inaccurate or out-of-date data.
We will not keep personal data longer than is necessary for the purpose or purposes for which they were collected. We will take all reasonable steps to destroy, or erase from our systems, all data which is no longer required.
Processing in line with data subjects' rights
We will process all personal data in line with data subjects' rights, in particular their right to:
- Request access to any data held about them by a data controller.
- Prevent the processing of their data for direct-marketing purposes.
- Ask to have inaccurate data amended.
- Prevent processing that is likely to cause damage or distress to themselves or anyone else.
We will take appropriate security measures against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.
We will put in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. Personal data will only be transferred to a data processor if they agree to comply with those procedures and policies, or if they put in place adequate measures themselves.
We will maintain data security by protecting the confidentiality, integrity and availability of the personal data, defined as follows:
- Confidentiality means that only people who are authorised to use the data can access it.
- Integrity means that personal data should be accurate and suitable for the purpose for which it is processed.
- Availability means that authorised users should be able to access the data if they need it for authorised purposes.