Data handling policy

This Policy sets out rules and guidance for all employees, agents, contractors, or other parties
working on behalf of the Company regarding the handling of personal data.

1. Introduction

Limited, a company registered in United Kingdom under number 16103947, whose registered office is at128 City Road, London, EC1V 2NX (“the Company”) regarding data protection and the rights of staff, customers and business contacts.

2. Definitions

  • Consent: Freely given, specific, informed, and unambiguous indication of agreement to the processing of personal data.
  • Data Protection Legislation: All UK data protection laws, including the UK GDPR, Data Protection Act 2018, and others.
  • Data Subject: An identifiable individual whose personal data the company holds.
  • Personal Data: Information that identifies a data subject directly or indirectly. Includes special categories like racial or ethnic origin and health data.
  • Personal Data Breach: A breach leading to accidental or unlawful destruction, loss, or unauthorized disclosure of personal data.
  • Processing: Any operation on personal data, such as collection, storage, or erasure.
  • Special Category Personal Data: Personal data revealing racial or ethnic origin, political opinions, or health information.

3. Data Protection Officer & Scope of Policy

  • The Data Protection Officer (DPO) is Rob Chambers. The DPO oversees policy implementation.
  • Managers must ensure employees, agents, and contractors comply with this policy and provide necessary training.
  • Questions about this policy or data protection should be directed to the DPO.

4. Data Protection Principles

  • Personal data is collected and processed only for specified, lawful purposes.
  • Excessive personal data must not be collected.
  • Personal data must be accurate and up-to-date.
  • Data is retained only as long as necessary and securely deleted when no longer required.
  • Refer to the Data Retention Policy for details on retention periods.

5. Data Security

  • Personal data must be kept secure to prevent unauthorized processing, loss, or damage.
  • Access is limited to authorized personnel with a genuine need.
  • Data security involves maintaining confidentiality, integrity, and availability.

6. Data Handling Guidelines

  • Encrypt and mark emails containing personal data as “confidential.”
  • Use secure networks for data transmission.
  • Store personal data in secure locations (e.g., locked cabinets or encrypted drives).
  • Delete personal data securely when no longer needed.
  • Avoid saving personal data on mobile or personal devices unless necessary and approved.
  • Limit access to personal data based on job requirements.
  • Train and supervise employees handling personal data.

7. Accountability and Record-Keeping

  • The DPO administers this policy and ensures compliance.
  • The company follows a “privacy by design” approach and conducts Data Protection Impact Assessments when necessary.
  • Regular training and audits ensure compliance with data protection laws.

8. Implementation of Policy

This policy is effective as of 7th December 2024 and applies only to matters occurring on or after this date

Compliance at Your Fingertips

Take the hassle out of managing compliance with our easy-to-use portal. Track monitor and stay ahead of potential issues all in one place.

Book a demo