Data Protection Policy
We are fully committed to complying with the requirements of the Data Protection Act 1998, which came into force on 1 March 2000.
In order to operate effectively and comply with government legislation, we need to collect and use certain types of information about the people with who we deal. We recognise that all personal information must be dealt with correctly. Under the Data Protection Act there is a duty to handle personal data properly and confidentially at all times, regardless of the format it is in. We regard the lawful and correct treatment of personal information as vital to successful operations. We will ensure that we treat personal information lawfully and correctly.
The Data Protection Act 1998 contains eight Principles relating to the collection, use, processing and disclosure of data and the rights of data subjects to have access to personal data concerning themselves.
These principles are that all data shall be:
- Processed fairly and lawfully and in particular, shall not be processed unless specific conditions are met.
- Obtained only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes.
- Adequate, relevant and not excessive in relation to the purpose or purposes for which it is processed.
- Accurate and where necessary, kept up to date.
- Not be kept for longer than is necessary for that purpose or those purposes.
- Processed in accordance with the rights of data subjects under the Act.
- Kept secure ie protected by an appropriate degree of security.
- Not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of data protection.
Our Data Protection Policy (PDF: 288 Kb / 7 pages) was updated and formally adopted on 1 April 2016.