General Data Protection Policy
Introduction
This policy has been prepared by AboutPeople to comply with the current law regarding data protection, has been operational on 1st May 2020 and will be reviewed on 1st May 2021. AboutPeople has always treated personal data with the highest confidentiality and care and this policy is just reinforcing AboutPeople’s working ethos.
AboutPeople needs to gather and use certain information about individuals. These can include customers, suppliers, business contacts, employees, and other people the organisation has a relationship with or may need to contact.
This policy describes how this personal data must be collected, handled, and stored to meet the company’s data protection standards and to comply with the law. In this instance AboutPeople is the Controller and the Processor of such data.
The Data Protection Act follows eight important principles:
• Personal data must be processed fairly and lawfully
• Personal data must be obtained only for specific and lawful purposes
• Personal data must be adequate, relevant, and not excessive
• Personal data must be accurate and kept up to date
• Personal data must not be held for any longer than necessary
• Personal data must be processed in accordance with the rights of individuals
• Personal data must be protected in appropriate ways
• Personal data must not be transferred outside the European economic Area (EEA), unless that country or territory also ensures an adequate level of protection
This policy has been compiled in good faith, with objectivity and integrity, to the best of AboutPeople’s knowledge about being in compliance with the General Data Protection Policy.
Policy Scope
This policy applies to all staff and volunteers of AboutPeople as well as all contractors, suppliers, and other people working on behalf of AboutPeople.
Training is provided when needed and the protection policy revised when necessary.
It applies to all data relating to identifiable individuals and can include:
o Names of individuals
o Postal addresses
o Email addresses
o Telephone numbers
o Banking details
o Passwords
o Imagery (photos, logos etc.)
o … plus, any other information relating to individuals
Data Protection Risks & Responsibilities
This policy helps to protect AboutPeople from some data security risks such as:
o Breaches of confidentiality (information being given out inappropriately)
o Failing to offer choice (individuals not in control of their own information)
o Reputational damage (third parties accessing sensitive data unlawfully)
Everyone who works for or with AboutPeople has some responsibility for ensuring that data is collected, stored, and handled appropriately.
How & Why Do We Use Your Personal Data?
Your data is used for clear and efficient business communication between AboutPeople and individuals such as dealing with a request, invoicing, being able to create and develop a website or an application, providing training on how to edit a website etc.
On occasion your data might be used for marketing purposes and individuals have the option to opt out from marketing communication.
We do apply a cookie policy please refer to the relevant document for its content.
Personal data will not be disclosed to a third party without the consent of the individual unless such party is a legitimate law enforcement agency allowed to collect personal data.
How Do We Store Your Data?
All personal data is digitally stored only: AboutPeople uses approved cloud computing services for storage as well as digital safes to ensure the best security possible. The software(s) we use represent(s) a fair and adequate IT protection of personal data in compliance with our current ethos and budget.
All servers and computers containing data are protected by an approved security software and firewalls.
Strong passwords are always in use to protect individuals and never disclosed to unauthorised people either within the company or externally. Data is regularly backed up through some specific digital software.
Data Accuracy
The law requires AboutPeople to take reasonable steps to ensure data is kept accurate and up to date however AboutPeople cannot be held responsible for people not providing accurate and current personal information, or not responding to AboutPeople’s requirement for updated information.
The personal data is kept as long as an individual is in a commercial relationship with AboutPeople. When that relationship expires all data related to the individual(s) will be deleted within 48hrs unless, due to unforeseen circumstances, AboutPeople is unable to access some digital device: in such a case AboutPeople will delete the appropriate information as soon as possible.
Access Request
All individuals who are the subject of personal data held by AboutPeople are entitled to access the following:
o What information we hold about them and why
o Be informed how to keep it up to date and how to access it
o Be informed on AboutPeople’s policy revision
All requests should be addressed via email to:
[email protected]
The data controller will aim to provide the relevant information within 14 days after verifying the identity of the person requesting it.