DisplayNote Technologies Limited Data Protection Policy July 2014



Similar documents
Data Protection Policy & Procedure

Personal Data Security Breach Management Policy

Plus500CY Ltd. Statement on Privacy and Cookie Policy

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments

Employees - recruitment, records and monitoring

Corporate Standards for data quality and the collation of data for external presentation

Data Protection Act Data security breach management

How To Ensure Your Health Care Is Safe

Privacy Policy. The Central Equity Group understands how highly people value the protection of their privacy.

Key Steps for Organizations in Responding to Privacy Breaches

Privacy and Security Training Policy (PS.Pol.051)

MAYFAIR INSURANCE & MORTGAGE CONSULTANTS LTD 11 Lurke Street, Bedford MK40 3HZ Telephone:

First Global Data Corp.

Process for Responding to Privacy Breaches

WHAT YOU NEED TO KNOW ABOUT. Protecting your Privacy

Heythrop College Disciplinary Procedure for Support Staff

Self- certification Criteria for companies participating in the European Self- Regulatory Programme on OBA. Document version: 1.1

FAYETTEVILLE STATE UNIVERSITY

GUIDANCE FOR BUSINESS ASSOCIATES

ALBAN CHURCH OF ENGLAND ACADEMY COMPUTER SECURITY POLICY. Approved by Governing Body on: 6 th May 2015

FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT

Our Privacy Policy and Credit Reporting Privacy Policy. 1. Privacy at FlexiGroup Our Privacy Policy and Credit Reporting Privacy Policy

Letter of Engagement. as instructed from time to time in respect of your/the company/trusts affairs

Multi-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company,

THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM

VCU Payment Card Policy

Public consultation paper

General Records Authority 33. Accredited Training

RQ10.06 AACo Share Trading Policy

Professional indemnity insurance arrangements for enrolled nurses, registered nurses and nurse practitioners

NYU Langone Medical Center NYU Hospitals Center NYU School of Medicine

HIPAA HITECH ACT Compliance, Review and Training Services

Payroll Giving: Employer s Pack. You could make a world of difference

TITLE: RECORDS AND INFORMATION MANAGEMENT POLICY

NHS WEST NORFOLK CLINICAL COMMISSIONING GROUP SAFEHAVEN POLICY

Accessible Service Policy

Texas Woman's University University Policy Manual

NAIC Replacement Requirements For Certain Life Insurance Policies And Annuity Contracts

Peratr Accreditatin and Services in Queensland

BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS

HIPAA Notice of Privacy Practices. Central Ohio Surgical Associates, Inc.

Investment Adviser Switch Workshop

Odyssey Systems Ltd, 3 Lockheed Court, Preston Farm, Stockton on Tees, TS18 3SH

expertise hp services valupack consulting description security review service for Linux

7 October Re: Themed Inspection into Third Party Personal Injury Claims. Dear

Bill Payment Agreement & Disclosures

Kentwood Police Department 4742 Walma Ave SE Kentwood, Michigan (616) REPORTING IDENTITY THEFT

CMS Eligibility Requirements Checklist for MSSP ACO Participation

NSW FAIR TRADING. Real Estate Fraud Prevention Guidelines

Malpractice and Maladministration Policy

New Hampshire. Address: New Hampshire Real Estate Commission 64 South Street Concord, NH

To clarify terms used within these policies, the following definitions are provided:

nbn is committed to identifying hazards, preventing workplace accidents and minimising dangerous health safety and environment incidents.

New York Institute of Technology Faculty and Staff Retention Policy

Internet and Policy User s Guide

UNIVERSAL MUSIC GROUP PRIVACY POLICY. Universal Music AB ("We") are committed to protecting and respecting your privacy.

Maryland General Service (MGS) Area 29 Treatment Facilities Committee (TFC) TFC Instructions

How To Ensure That The Internet Is Safe For A Health Care Worker

Your child s health is our priority. Bupa schools scheme. bupa.co.uk ONLY PER TERM PER CHILD. Provided by

SPENCER STUART CANDIDATE DATA PROTECTION STANDARDS

Hampton Roads Orthopaedics & Sports Medicine. Notice of Privacy Practices

Project Open Hand Atlanta. Health Insurance Portability and Accountability Act (HIPAA) NOTICE OF PRIVACY PRACTICES

STEP 1: Student Application Submission

BUPA DENTAL PLAN A P P L I C AT I O N F O R M

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy

CUSTOMER SERVICE CHARTER

DATE APPROVED March Version Date Comments / Changes 1.0 March 2011 Initial policy released

National Australia Bank Limited Group Disclosure & External Communications Policy

Bank switching service - Regulation

FORM ADV (Paper Version) UNIFORM APPLICATION FOR INVESTMENT ADVISER REGISTRATION AND REPORT FORM BY EXEMPT REPORTING ADVISERS

Draft for consultation

CLIENT AGREEMENT School Based Trainees

RUTGERS POLICY. Responsible Executive: Vice President for Information Technology and Chief Information Officer

Colorado Rapids Youth Soccer Club Social Media and Electronic Communication Policies

Privacy Plicy Welcme, Sensati & JHI

Issuing of qualifications and statement of attainment Policy and Procedures Version: 3.0 Last Modified: 1 March 2015

Skrill Merchant Services Application Form

INFORMATIONAL NOTICE MISCELLANEOUS TAX Issued: January 02, 2013

IMPORTANT INFORMATION ABOUT MEDICAL CARE FOR YOUR WORK-RELATED INJURY OR ILLNESS

Document Management/Archiving Records general guidelines for the UBC Department of Medicine

CFD AND SPOT FOREX TERMS: DEPOSIT ACCOUNTS

MDSB. MemberDirect Small Business. User Guide

POLICIES AND PROCEDURES

A.M. BEST RATING SERVICES, INC. RATING DIVISION INTERNAL POLICY AND PROCEDURE. Subject: Dissemination Number: CRPC Policy 5

How To Write A Scial Media Plicy

Cell Phone & Data Access Policy Frequently Asked Questions

All Harvard University schools, tubs, local units, Affiliate Institutions, Allied Institutions and University-wide Initiatives.

UNIVERSITY OF WINCHESTER

Frequently Asked Questions About I-9 Compliance

NHVAS Mass Management Spot Check Checklist

Finance, Performance and Risk Committee 2014/2015

Listed Places of Worship: Roof Repair Fund - Receiving a Grant Monitoring; Permission to Start; and Grant payment

Remote Working (Policy & Procedure)

Norwood Public Schools Internet & Cell Phone Use Agreement School Year

IMPLEMENTATION DETAILS

OUR DISCIPLINARY POLICY

10.0 Electronic Data Interchange (EDI) Requirements

Australian Institute of Psychology. Human Research Ethics Committee. Terms of Reference

Records management guidance 12. Disposing of Information

Transcription:

DisplayNte Technlgies Limited Data Prtectin Plicy July 2014 1. Intrductin This dcument sets ut the bligatins f DisplayNte Technlgies Limited ( the Cmpany ) with regard t data prtectin and the rights f peple with whm it wrks in respect f their persnal data under the Data Prtectin Act 1998 ( the Act ). This Plicy shall set ut prcedures which are t be fllwed when dealing with persnal data. The prcedures set ut herein must be fllwed by the Cmpany, its emplyees, cntractrs, agents, cnsultants, partners r ther parties wrking n behalf f the Cmpany. The Cmpany views the crrect and lawful handling f persnal data as key t its success and dealings with third parties. The Cmpany shall ensure that it handles all persnal data crrectly and lawfully. 2. The Data Prtectin Principles This Plicy aims t ensure cmpliance with the Act. The Act sets ut eight principles with which any party handling persnal data must cmply. All persnal data: 2.1 Must be prcessed fairly and lawfully (and shall nt be prcessed unless certain cnditins are met); 2.2 Must be btained nly fr specified and lawful purpses and shall nt be prcessed in any manner which is incmpatible with thse purpses; 2.3 Must be adequate, relevant and nt excessive with respect t the purpses fr which it is prcessed; 2.4 Must be accurate and, where apprpriate, kept up-t-date; 2.5 Must be kept fr n lnger than is necessary in light f the purpse(s) fr which it is prcessed; 2.6 Must be prcessed in accrdance with the rights f data subjects under the Act; 2.7 Must be prtected against unauthrised r unlawful prcessing, accidental lss, destructin r damage thrugh apprpriate technical and rganisatinal measures; and 2.8 Must nt be transferred t a cuntry r territry utside f the Eurpean Ecnmic Area unless that cuntry r territry ensures an adequate level f prtectin fr the rights and freedms f data subjects in relatin t the prcessing f persnal data. DisplayNte Technlgies Data Prtectin Plicy- July 2014 Page 1 f 6

3. Rights f Data Subjects Under the Act, data subjects have the fllwing rights: The right t be infrmed that their persnal data is being prcessed; The right t access any f their persnal data held by the Cmpany within 40 days f making a request; The right t prevent the prcessing f their persnal data in limited circumstances; and The right t rectify, blck, erase r destry incrrect persnal data. 4. Persnal Data Persnal data is defined by the Act as data which relates t a living individual wh can be identified frm that data r frm that data and ther infrmatin which is in the pssessin f, r is likely t cme int the pssessin f, the data cntrller, and includes any expressin f pinin abut the individual and any indicatin f the intentins f the data cntrller r any ther persn in respect f the individual. The Act als defines sensitive persnal data as persnal data relating t the racial r ethnic rigin f the data subject; their plitical pinins; their religius (r similar) beliefs; trade unin membership; their physical r mental health cnditin; their sexual life; the cmmissin r alleged cmmissin by them f any ffence; r any prceedings fr any ffence cmmitted r alleged t have been cmmitted by them, the dispsal f such prceedings r the sentence f any curt in such prceedings. The Cmpany nly hlds persnal data which is directly relevant t its dealings with a given data subject. That data will be held and prcessed in accrdance with the data prtectin principles and with this Plicy. The fllwing data may be cllected, held and prcessed by the Cmpany frm time t time: Name; jb title; prfessin; cntact infrmatin such as email addresses and telephne numbers demgraphic infrmatin such as pst cde, preferences and interests; financial infrmatin such as credit / debit card numbers; 5. Prcessing Persnal Data Any and all persnal data cllected by the Cmpany (including that detailed in Sectin 4 f this Plicy) is cllected in rder t ensure that the Cmpany can facilitate efficient transactins with third parties including, but nt limited t, its custmers, partners, assciates and affiliates and efficiently manage its emplyees, cntractrs, agents and cnsultants. Persnal data shall als be used by the Cmpany in meeting any and all relevant bligatins DisplayNte Technlgies Data Prtectin Plicy- July 2014 Page 2 f 6

impsed by law. Persnal data may be disclsed within the Cmpany. Persnal data may be passed frm ne department t anther in accrdance with the data prtectin principles and this Plicy. Under n circumstances will persnal data be passed t any department r any individual within the Cmpany that des nt reasnably require access t that persnal data with respect t the purpse(s) fr which it was cllected and is being prcessed. The Cmpany shall ensure that: All persnal data cllected and prcessed fr and n behalf f the Cmpany by any party is cllected and prcessed fairly and lawfully; Data subjects are made fully aware f the reasns fr the cllectin f persnal data and are given details f the purpse fr which the data will be used; Persnal data is nly cllected t the extent that is necessary t fulfil the stated purpse(s); All persnal data is accurate at the time f cllectin and kept accurate and upt-date while it is being held and / r prcessed; N persnal data is held fr any lnger than necessary in light f the stated purpse(s); All persnal data is held in a safe and secure manner, taking all apprpriate technical and rganisatinal measures t prtect the data; All persnal data is transferred using secure means, electrnically r therwise; N persnal data is transferred utside f the UK r EEA (as apprpriate) withut first ensuring that apprpriate safeguards are in place in the destinatin cuntry r territry; and All data subjects can exercise their rights set ut abve in Sectin 3 and mre fully in the Act. 6. Data Prtectin Prcedures The Cmpany shall ensure that all f its emplyees, cntractrs, agents, cnsultants, partners r ther parties wrking n behalf f the Cmpany cmply with the fllwing when prcessing and / r transmitting persnal data: All emails cntaining persnal data must be encrypted; Persnal data may be transmitted ver secure netwrks nly transmissin ver unsecured netwrks is nt permitted in any circumstances; Persnal data may nt be transmitted ver a wireless netwrk if there is a wired alternative that is reasnably practicable; Persnal data cntained in the bdy f an email, whether sent r received, shuld be cpied frm the bdy f that email and stred securely. The email itself shuld be deleted. All temprary files assciated therewith shuld als be deleted; Where Persnal data is t be sent by facsimile transmissin the recipient shuld be infrmed in advance f the transmissin and shuld be waiting by the fax DisplayNte Technlgies Data Prtectin Plicy- July 2014 Page 3 f 6

machine t receive the data; Where Persnal data is t be transferred in hardcpy frm it shuld be passed directly t the recipient. Using an intermediary is nt permitted; All hardcpies f persnal data shuld be stred securely in a lcked bx, drawer, cabinet r similar; All electrnic cpies f persnal data shuld be stred securely using passwrds and suitable data encryptin, where pssible n a drive r server which cannt be accessed via the internet; and All passwrds used t prtect persnal data shuld be changed regularly and shuld nt use wrds r phrases which can be easily guessed r therwise cmprmised. 7. Organisatinal Measures The Cmpany shall ensure that the fllwing measures are taken with respect t the cllectin, hlding and prcessing f persnal data: A designated fficer ( the Designated Officer ) within the Cmpany shall be appinted with the specific respnsibility f verseeing data prtectin and ensuring cmpliance with the Act. All emplyees, cntractrs, agents, cnsultants, partners r ther parties wrking n behalf f the Cmpany are made fully aware f bth their individual respnsibilities and the Cmpany s respnsibilities under the Act and shall be furnished with a cpy f this Plicy. All emplyees, cntractrs, agents, cnsultants, partners r ther parties wrking n behalf f the Cmpany handling persnal data will be apprpriately trained t d s. All emplyees, cntractrs, agents, cnsultants, partners r ther parties wrking n behalf f the Cmpany handling persnal data will be apprpriately supervised. Methds f cllecting, hlding and prcessing persnal data shall be regularly evaluated and reviewed. The Perfrmance f thse emplyees, cntractrs, agents, cnsultants, partners r ther parties wrking n behalf f the Cmpany handling persnal data shall be regularly evaluated and reviewed. All emplyees, cntractrs, agents, cnsultants, partners r ther parties wrking n behalf f the Cmpany handling persnal data will be bund t d s in accrdance with the principles f the Act and this Plicy by cntract. Failure by any emplyee t cmply with the principles r this Plicy shall cnstitute a disciplinary ffence. Failure by any cntractr, agent, cnsultant, partner r ther party t cmply with the principles r this Plicy shall cnstitute a breach f cntract. In all cases, failure t cmply with the principles r this Plicy may als cnstitute a criminal ffence under the Act. All cntractrs, agents, cnsultants, partners r ther parties wrking n behalf DisplayNte Technlgies Data Prtectin Plicy- July 2014 Page 4 f 6

f the Cmpany handling persnal data must ensure that any and all f their emplyees wh are invlved in the prcessing f persnal data are held t the same cnditins as thse relevant emplyees f the Cmpany arising ut f this Plicy and the Act. Where any cntractr, agent, cnsultant, partner r ther party wrking n behalf f the Cmpany handling persnal data fails in their bligatins under this Plicy that party shall indemnify and hld harmless the Cmpany against any csts, liability, damages, lss, claims r prceedings which may arise ut f that failure. 8. Access by Data Subjects A data subject may make a subject access request ( SAR ) at any time t see the infrmatin which the Cmpany hlds abut them. SARs must be made in writing, accmpanied by the crrect fee. The Cmpany currently requires a fee f 10 (the statutry maximum) with all SARs. [A fee f 2 shall be required fr access t a credit file.] Upn receipt f a SAR the Cmpany shall have a maximum perid f 40 days within which t respnd. The fllwing infrmatin will be prvided t the data subject: Whether r nt the Cmpany hlds any persnal data n the data subject; A descriptin f any persnal data held n the data subject; Details f what that persnal data is used fr; Details f any third-party rganisatins that persnal data is passed t; and Details f any technical terminlgy r cdes. 9. Ntificatin t the Infrmatin Cmmissiner s Office As a data cntrller, the Cmpany is required t ntify the Infrmatin Cmmissiner s Office that it is prcessing persnal data. The Cmpany is registered in the register f data cntrllers. Data cntrllers must renew their ntificatin with the Infrmatin Cmmissiner s Office n an annual basis. Failure t ntify cnstitutes a criminal ffence. Any changes t the register must be ntified t the Infrmatin Cmmissiner s Office within 28 days f taking place. The Designated Officer shall be respnsible fr ntifying and updating the Infrmatin Cmmissiner s Office. 10. Implementatin f Plicy This Plicy shall be deemed effective as f Jul 2014. N part f this Plicy shall have retractive effect and shall thus apply nly t matters ccurring n r after this date. DisplayNte Technlgies Data Prtectin Plicy- July 2014 Page 5 f 6

This Plicy has been apprved & authrised by: Name: Psitin: Paul Brwn CEO Date: 09/07/2014 Signature: DisplayNte Technlgies Data Prtectin Plicy- July 2014 Page 6 f 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information