Data Protection Policy
Data Protection Policy – THE POLICY
Ajenta LTD is committed to best practice, and all activities are carried out in line with relevant UK and EU legislation. This includes, but is not limited to, EU General Data Protection Regulation (“GDPR”). Ajenta ensure that the rights and freedoms of natural persons are protected at all times.
Personal Data means any information from which it is possible to identify a natural living person (data subject).
Data Protection Principals:
- Lawfulness, fairness and transparency: Personal data shall be processed lawfully, fairly and in a transparent manner.
- Purpose Limitation: Personal data shall be obtained for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Data Minimisation: Personal data shall be adequate, relevant and limited to what is necessary
- Accuracy: Personal data shall be accurate and, where necessary, kept up to date.
- Storage Limitation: Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
Integrity & Confidentiality: Appropriate technical and organisational measures shall be taken against unauthorised and unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data
- Accountability: Ajenta assume responsibility for ensuring that processing of personal data is carried out in compliance with the EU General Data Protection Regulation (“GDPR”) and is prepared to demonstrate this compliance if requested to do so.
Although all staff have a responsibility for adhering to our Data Protection Policy, the Heads of Departments have day-to-day responsibility for developing, implementing and monitoring the data protection policy. This ensures the policy is effectively managed and co-ordinated.
Education and Awareness
All staff are briefed on their data protection responsibilities upon appointment, with training updates at regular intervals or when required. Specialist training for staff with specific duties, such as marketing, information security and database management, is provided.
To ensure the processing of data is fair Ajenta are transparent about how it intends to use the data. As good practice, the company includes privacy notices on its website and on any forms used to collect data. These clearly explain the reasons for using the data.
Personal data is not processed in any manner that is ‘incompatible’ with its specified purpose.
Responding to access requests
Access Requests are to be made either by email to firstname.lastname@example.org, of in writing to Ajenta, 96/2 Commercial Quay, Edinburgh, EH6 6LX. Individual requests are recognised and responded to within statutory timescales.
Data quality & accuracy
Ajenta ensures that the personal data it holds is adequate and accurate. Data is not collected without a legitimate business reason and only the minimum required to meet the purposes for which it is needed is obtained. Reasons for requesting personal date are specified in the privacy notice. All personal data held is accurate and, where necessary, kept up-to-date. Regular reviews of information are carried out to identify and correct inaccurate records, remove irrelevant ones and update out-of-date ones.
Retention and disposal
Ajenta ensures that personal data is not kept for longer than is necessary. Checks are carried out to identify which records or data sets are held, and when they should be deleted or anonymised. Heads of Department are accountable for recording retention and disposal dates for information they hold. Data is disposed of securely.
Ajenta has an established Information Security Management System Policy which sets the standards to be adhered to. In the unlikely event data and/or security is compromised, a Security Breach Procedure will be implemented and all staff are trained and aware of their responsibilities.
Ajenta ensures an adequate level of protection for any personal data processed by others on its behalf or transferred outside the European Economic Area. When determining whether to use an external provider, Ajenta requires proof of their adherence to Data Protection Legislation both in the UK and EU. New Supplier forms must be completed by all third parties, which request proof of their credentials and compliance requirements before Ajenta will consider engaging their services.
Privacy by Design
As required under The EU General Data Protection Regulation (GDPR), Ajenta ensures that any new projects or initiatives are privacy-proofed at the planning stage. Privacy by Design considerations are an early part of all projects plans or initiatives that involve the processing of personal data. Risk assessments are conducted during the development, testing and delivery stages of any project to evaluate the origin, nature, particularity and severity of the risk to the rights and freedoms of natural persons before processing personally identifiable information. Assessments include the measures, safeguards and mechanisms envisaged for mitigating” the identified risks.
Authorised By: Gavin McKenzie Title: COO Review Date: May 2019