Data Protection Policy

This Data Protection Policy outlines our commitment to processing data according to applicable data protection requirements. We ensure personal data is handled lawfully, fairly, and transparently.

1. Data Protection Principles

We commit to processing data according to DPA requirements, ensuring personal data is:

2. General Provisions

This policy applies organization-wide. A designated Responsible Person oversees compliance. Annual reviews occur, and the organization registers with the Information Commissioner's Office.

3. Lawful, Fair and Transparent Processing

We maintain a Register of Systems (reviewed annually). Individuals may request access to their personal data, which we handle promptly.

4. Lawful Purposes

Data processing relies on one of six bases: consent, contract, legal obligation, vital interests, public task or legitimate interests. The Register notes applicable bases. Consent requires opt-in evidence, with clear revocation mechanisms.

5. Data Minimization

Personal data collected must be adequate, relevant and limited to what is necessary for stated purposes.

6. Accuracy

We take reasonable steps ensuring accuracy and maintain current information where required by processing lawful basis.

7. Archiving/Removal

Annual archiving policies specify retention periods and rationales for each data processing area.

8. Security

Data is stored using updated modern software. Access restricts to necessary personnel. Deletion is irreversible. Backup and disaster recovery systems exist.

9. Breach

Security breaches involving accidental or unlawful destruction, loss, alteration of data trigger prompt risk assessment and potential ICO reporting.