The Company, and its subsidiaries, is fully committed to compliance with the requirements of the General Data
Protection Regulation (GDPR) and all other data protection legislation currently in force. The Regulation applies to anyone processing personal data and sets out principles which should be followed and gives rights to those whose data is being processed.
To this end, the Company endorses fully and adheres to the Data Protection Principles listed below. When processing data we will ensure that it is:
- processed lawfully, fairly and in a transparent way (‘lawfulness, fairness and transparency’)
- processed no further than the legitimate purposes for which that data was collected (‘purpose limitation’)
- limited to what is necessary in relation to the purpose (‘data minimisation’)
- accurate and kept up to date (‘accuracy’)
- kept in a form which permits identification of the data subject for no longer than is necessary (‘storage limitation’)
- processed in a manner that ensures security of that personal data (‘integrity and confidentiality’)
- processed by a controller who can demonstrate compliance with the principles (‘accountability’)
These rights must be observed at all times when processing or using personal information. Therefore, through appropriate management and strict application of criteria and controls, the Company will:
- observe fully the conditions regarding having a lawful basis to process personal information
- meet its legal obligations to specify the purposes for which information is used
- collect and process appropriate information only to the extent that it is necessary to fulfil operational needs or to comply with any legal requirements
- ensure the information held is accurate and up to date
- ensure that the information is held for no longer than is necessary
- ensure that the rights of people about whom information is held can be fully exercised under the GDPR (i.e. the right to be informed that processing is being undertaken, to access personal information on request; to prevent processing in certain circumstances, and to correct, rectify, block or erase information that is regarded as wrong information)
- take appropriate technical and organisational security measures to safeguard personal information
- ensure that personal information is not transferred outside the EU, to other countries or international organisations without an adequate level of protection