June Fair processing notice Our policy for handling personal data

Similar documents
Data Protection Policy

CORK INSTITUTE OF TECHNOLOGY

Corporate ICT & Data Management. Data Protection Policy

GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4

DATA PROTECTION ACT 1998 COUNCIL POLICY

Human Resources and Data Protection

Little Marlow Parish Council Registration Number for ICO Z

2. Scope 2.1 This policy covers all the activities and processes of the University that uses personal information in whatever format.

DATA PROTECTION POLICY

HERTSMERE BOROUGH COUNCIL

Policy Document Control Page

Data Protection Policy

Data protection policy

The Manitowoc Company, Inc.

Merthyr Tydfil County Borough Council. Data Protection Policy

Rick Parsons Information Governance Officer County Hall

DATA PROTECTION POLICY. Examples of personal data which TWM may require from clients include the following and for the reasons ascribed to each;

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY

AlixPartners, LLP. General Data Protection Statement

Data Protection Act. Privacy & Security in the Information Age. April 26, Ministry of Communications, Ghana

OBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data;

Office of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, A Guide for Data Controllers

Information Governance Policy

Policy and Procedure Title: Maintaining Secure Learner Records Policy No: CCTP1001 Version: 1.0

Data Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk

Data Security and Extranet

DATA PROTECTION POLICY

Index. Definitions. What is Data Protection? Rights of Individuals. The 8 Principles of Data Protection

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19

Data Protection Good Practice Note

Data Protection Act a more detailed guide

DATA PROTECTION POLICY

Data Protection and Privacy Policy

Data Protection Policy

Data Protection in Ireland

ATMD Bird & Bird. Singapore Personal Data Protection Policy

Data Compliance. And. Your Obligations

The Manchester College

Data Protection Policy

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1

DATA SECURITY BREACH MANAGEMENT POLICY AND PROCEDURE

Data Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document

Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website

PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE

Data Protection and Data security Policy

John Leggott College. Data Protection Policy. Introduction

DATA PROTECTION AUDIT GUIDANCE

How To Protect Your Personal Information At A College

Scottish Rowing Data Protection Policy

Data Protection. Policy and Application July 2009

Data Protection Policy

Data Protection Policy

MENTAL HEALTH TRIBUNAL FOR SCOTLAND: RECORDS MANAGEMENT POLICY. Ensuring Information is Accurate and Fit for Purpose

Data Protection and Information Security. Procedure for reporting a breach of data security. April 2013

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN better health cover shouldn t hurt

Policy and Procedure for approving, monitoring and reviewing personal data processing agreements

Code of Practice on the Identity Card Number and other Personal Identifiers Compliance Guide for Data Users

Human Resources Policy No. HR46

DATA PROTECTION POLICY

DATA PROTECTION POLICY

Data Protection Guidance

G74 5DD. We only offer products from a limited number of companies.?? We only offer a particular product from a single group of companies.

Human Resources Policy documents. Data Protection Policy

technical factsheet 176

An overview of UK data protection law

Your duties as a registrant. How to complete your continuing professional development profile

White Paper Security. Data Protection and Security in School Management Systems

about our equity release services

How To Understand The Data Protection Act

Client Agreement for Investments & Insurances

Information Security Policy. Appendix B. Secure Transfer of Information

Human Resources People and Organisational Development. Disciplinary Procedure for Senior Staff

PRIVACY AND CREDIT REPORTING POLICY

Data Protection Procedures

DATA PROTECTION MANUAL

SUBJECT ACCESS REQUEST PROCEDURE

Guidelines on Data Protection. Draft. Version 3.1. Published by

Data Protection Policy

SCOTLAND S COMMISSIONER FOR CHILDREN AND YOUNG PEOPLE STANDARD CONDITIONS OF CONTRACT FOR SERVICES

Subject Access Request, Procedure, Guidance and Information

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS

Transcription:

June 2016 Fair processing notice Our policy for handling personal data

The Government Actuary s Department (GAD) handles personal information in compliance with the Data Protection Act 1998 (the Act). We recognise the importance of the correct and lawful processing of personal data in maintaining confidence in our operations. We fully endorse and adhere to the principles set out in the Act. GAD s registration as a data controller GAD is a data controller under the Act. GAD holds information for the reasons given to the Information Commissioner and may use the information for any of those reasons. GAD has notified the Information Commissioner that we will process personal data to enable us to provide our actuarial services to our clients, to maintain our own accounts and records and to support and manage our staff. The Information Commissioner describes the processing in a register which is available to the public for inspection at http://www.ico.org.uk/. GAD s entry on this register can be viewed here. The key reason we process personal data is in relation to the provision of actuarial services to our clients. In particular, this relates to the provision of those services to clients who are responsible for pension schemes, who provide us with personal data about their schemes membership. In most cases relating to the provision of actuarial services we anticipate that such responsibilities would be held jointly between us (GAD) and our clients. Personal data This policy applies to the handling of personal data. This is data relating to a living individual who can be identified from the data, or from that data and other information which we hold or which is likely to come into our possession. It includes names and email addresses of subscribers to our publications or personal details held in relation to our work for our clients. It also includes any expression of opinion about an individual or any indication of our intention in respect of them. Processing information fairly and lawfully GAD processes information only where: a) the law allows us to, or b) you have given your consent, or c) we have received a court order Ensuring your personal information is safe and accurate GAD ensures that information held on our computer systems and in our paper filing systems is secure to guard against unauthorised or unlawful processing or accidental loss, destruction of, or damage to personal data. In order to carry out its functions GAD may receive information about you from others or give information to others, but we can only do this in accordance with the law. Any third parties from whom we receive personal data or to whom we pass personal data are also required to comply with the Data Protection Act. GAD only collects and records personal information that is necessary to carry out its functions, nothing more. The information that we record is based on fact and, where opinion is recorded, it is relevant and backed up by evidence. To the extent it is reasonable and appropriate to do so, GAD checks that the personal information 2

being recorded is accurate. Data sharing GAD will only share personal data with those organisations that it is legally able to, and where sharing personal data is necessary we will comply with the Data Protection Act. Retaining information We will only retain the information if a business need exists. It is not kept longer than is necessary for that purpose. To this end, GAD has in place and applies a formal retention policy for recorded information. Marketing GAD will only contact individuals who have subscribed to GAD s publications by email for marketing purposes and only in relation to GAD s products and/or services. If you no longer wish to receive information from GAD regarding our products and/or services please unsubscribe from specific publications using the link contained within them. Links to other websites GAD is not responsible for the content or reliability of linked websites. Linking should not be taken as an endorsement of any kind. We cannot guarantee that links will work all of the time and we have no control over the availability of the linked pages. Your rights to access your personal information Under the Act you have the right to ask to see the information which GAD holds about you and why. If you want to see the information we hold about you then you must ask for the information in writing and give your full name and address. You should send your request to: The Data Protection Officer Government Actuary s Department Finlaison House 15-17 Furnival Street London EC4A 1AB email: enquiries@gad.gov.uk As noted above, in most cases relating to the provision of actuarial services GAD anticipates that data protection responsibilities would be held jointly between us (GAD) and our clients. Where our possession of your personal data originated from such a client, we are likely to pass on any requests for access to personal data to that client, rather than respond to you directly. We will give assistance to our clients as appropriate where they need GAD s help to deal with your request. Where it is appropriate for GAD to respond directly to requests for access to personal data, we aim to comply as quickly as possible. We will ensure that we deal with requests within 40 days of receipt unless there is a reason for delay that is justifiable under the Data Protection Act. 3

Complaints about how we process your personal information In the first instance, an individual should contact GAD. Complaints should be addressed to: HR Director Government Actuary s Department Finlaison House 15-17 Furnival Street London EC4A 1AB email: enquiries@gad.gov.uk 4

GLOSSARY Data controller The person who decides the purposes for which, and the manner in which, personal information is to be processed. This may be an individual or organisation. GAD is a data controller primarily in order to provide actuarial services, although in many cases the responsibilities relating to data protection will be held jointly between us (GAD) and our clients. Data subject The person whose personal information is held by a data controller. Subject access The right of data subjects to receive a copy of the information held about them, a description of why their information is being processed, and details of anyone who may see a copy of their data, to whom it may be transferred, and the logic involved in any automated decisions taken on the basis of that data. Personal data/information Information relating to a living individual, from which that individual can be identified, or which can be used to identify a living individual in conjunction with other information held (or likely to be held) by a data controller. Personal data/information includes expressions of opinions about that person, or indications of intent towards them. Sensitive data/information Information relating to an individual consisting of: the racial or ethnic origin of the data subject his/her political opinions his/her religious beliefs or other beliefs of a similar nature whether he/she is a member of a trade union his/her physical or mental health condition his/her sexual life the commission or alleged commission by him/her of any offence or any proceedings for any offence committed or alleged to have been committed by him/her, the disposal of such proceedings or the sentence of any court in such proceedings. Processing The processing of personal data includes obtaining, recording, holding or carrying out any operation on the data. 5

Principles The Data Protection Act 1998 requires that data controllers process personal data in accordance with eight principles. These require that personal data are: 1. Fairly and lawfully processed 2. Processed for limited purposes 3. Adequate, relevant and not excessive 4. Accurate 5. Not kept longer than necessary 6. Processed in accordance with individuals rights 7. Kept secure 8. Not transferred to countries outside the European Economic Area without adequate protection Notification Process by which data controllers register their details on the statutory register maintained by the Information Commissioner. They must register the types of information they hold, and the purposes for which they hold it. Information Commissioner An independent office-holder appointed by the Crown to administer and enforce the Data Protection Act, the Freedom of Information Act 2000 and other legislation governing the use of, and access to, information. The Information Commissioner is independent of government and reports directly to Parliament. The Commissioner also promotes good practice in compliance with the Data Protection and Freedom of Information Acts. Information notice A legal document which the Information Commissioner can issue to a data controller, requiring him or her to supply information to the Information Commissioner so that he can assess whether or not the data controller is complying with the Data Protection Act or Freedom of Information Act. Enforcement notice A legal document which the Information Commissioner can issue to a data controller, requiring him or her to take certain steps to comply with the Data Protection or Freedom of Information Act. Information tribunal A data controller on whom an information or enforcement notice has been served may appeal against the notice to the Information Tribunal. 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information