We adhere to the principles relating to Processing of Personal Data set out in the GDPR which require Personal Data to be:
Processed lawfully, fairly and in a transparent manner (Lawfulness, Fairness and Transparency).
Collected only for specified, explicit and legitimate purposes (Purpose Limitation).
Adequate, relevant and limited to what is necessary in relation to the purposes for which it is Processed (Data Minimisation).
Accurate and where necessary kept up to date (Accuracy).
Not kept in a form which permits identification of Data Subjects for longer than is necessary for the purposes for which the data is Processed (Storage Limitation).
Processed in a manner that ensures its security using appropriate technical and organisational measures to protect against unauthorised or unlawful Processing and against accidental loss, destruction or damage (Security, Integrity and Confidentiality).
Not transferred to another country without appropriate safeguards being in place (Transfer Limitation).
Made available to Data Subjects and Data Subjects allowed to exercise certain rights in relation to their Personal Data (Data Subject’s Rights and Requests).
We are responsible for and must be able to demonstrate compliance with the data protection principles listed above (Accountability).
What data breach procedures we have in place –
The GDPR requires Data Controllers to notify any Personal Data Breach to the applicable regulator and, in certain instances, the Data Subject.
We have put in place procedures to deal with any suspected Personal Data Breach and will notify Data Subjects or any applicable regulator where we are legally required to do so.
If you know or suspect that a Personal Data Breach has occurred, do not attempt to investigate the matter yourself. Immediately contact the designated DPO Cheryl Simpson on firstname.lastname@example.org as the key point of contact for Personal Data Breaches. You should preserve all evidence relating to the potential Personal Data Breach.