- The company needs to gather and use certain information about individuals. This can include participants, suppliers, business contacts, contractors and other people the company has a relationship with or may need to contact. To ensure that the company remains in compliance of the Data Protection Act 2018, and the General Data Protection Regulation 2018, it will ensure that it adheres to the following data protection principles;
All gathered and stored data will be;
- used fairly and lawfully – data is only to be collected and processed if there is a lawful basis to do so (defined by the ICO GDPR)
- used for limited, specifically stated purposes
- used in a way that is adequate, relevant and not excessive
- kept for no longer than is necessary
- handled according to people’s data protection rights
- kept safe and secure
- not transferred outside the European Economic Area without adequate protection
- There are two main groups of individuals that Standing Start Solutions Ltd hold data for: Contacts including correspondences and clients, and Participants.
Contacts – Contacts are the significantly larger group, however the data held for each individual is minimal. The data for contacts is ‘Customer relationship data’ which can include an individual’s name, employer, job title or role, and contact details. Standing Start Solutions Ltd processes this data for the purposes of managing our relationships with contacts, keeping records of those communications and promoting our products and services to relevant bodies. The legal basis for this processing is our legitimate interests, namely the proper management of our business and contact relationships.
Participants– Current, prospective and past participants whom we deal with make up a much smaller group of individuals, but the data we hold on them is far more expansive and potentially sensitive. The legal basis for holding this information is consent of the individual.
- Standing Start Solutions Ltd maintain a procedure to deal with personal Data requests, including sharing all data held with the subject, updating any data and deleting data on request.
The GDPR provides the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
- Respond to the inquiry within one month
- Observe the above rights of the individual at all times.