GDPR - Leisure Lites Ltd Privacy Policy 2018

Data Protection & Privacy Policy

Introduction

Leisure Lites Ltd needs to gather and use certain information about individuals. These can include customers, suppliers, business contacts, employees and other people the business has a relationship with or may need to contact.

This policy describes how this personal data must be collected, handled and stored to meet the Company’s data protection standards and to comply with the law.

Purpose of this Policy

This policy ensures that Leisure Lites Ltd:

• Complies with data protection law and follows good practice
• Protects the rights of staff, customers and partners
• Is open about how it stores and processes individuals’ data
• Protects itself from the risks of a data breach

Data Protection Law

The General Data Protection Regulations (GDPR) describes how organisations, including Leisure Lites Ltd, must collect, handle and store personal information. GDPR replaces the Data Protection Act 1998 and must be implemented by 25th May 2018.

These rules apply regardless of whether data is stored electronically, on paper or other materials. To comply with the law personal information must be collected and used fairly, stored safely and not disclosed unlawfully. The process of how we collect and use the data must be documented.

The Data Protection Act is underpinned by six important principles. These say that personal data must:

• Be processed lawfully, fairly and in a transparent manner in relation to individuals
• Be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
• Be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay
• Be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed; personal data may be stored for longer periods for archiving, research or statistical purposes, where appropriate safeguards are in place
• Be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage

Policy Scope

This policy applies to:

• All Leisure Lites Ltd employees
• All contractors, suppliers and other people working on behalf of Leisure Lites Ltd

It applies to all data that the company holds relating to identifiable individuals, including but not limited to:

• Names of individuals
• Postal addresses
• Email addresses
• Telephone numbers
• Any information held relating to individuals necessary to provide a service

Data Protection Risks

This policy helps protect Leisure Lites Ltd from risks including:

• Breaches of confidentiality – information being given out inappropriately
• Failing to offer choice – individuals should control how their data is used

Responsibilities

Everyone who works for or with Leisure Lites Ltd has responsibility for ensuring data is collected, stored and handled appropriately.

• The Directors are responsible for ensuring that Leisure Lites Ltd meets its legal obligations.
• The Data Protection Officer, Lisa Hollingworth (Director), is responsible for:
  • Keeping Directors informed of data protection responsibilities, risks and issues
  • Reviewing procedures and related policies on schedule
  • Arranging data protection training
  • Handling Subject Access Requests (SARs)

General Employee Guidelines

• Training will be provided to support data protection responsibilities
• Employees must keep all data secure
• Strong passwords must be used where appropriate and never shared
• Personal data must not be disclosed to unauthorised individuals
• Employees should seek guidance if unsure

Data Storage

Leisure Lites Ltd aims to operate a paperless environment, however when data is stored on paper it must be protected:

• Paper must be kept in locked storage when not in use
• Printouts must not be left where unauthorised people can view them
• Paper no longer required must be shredded

Electronic data must be stored securely:

• Protected by strong, regularly updated passwords
• Stored only on approved systems or encrypted storage
• Backed up regularly, using approved secure systems
• Protected by antivirus software and firewalls

Data Use

• Personal data must not be shared informally
• Employees must safeguard customer information on work sites
• Personal data must not be visible to visitors in the workplace

Data Accuracy

Leisure Lites Ltd must take reasonable steps to ensure data remains accurate and up to date.

• Only essential versions of data should exist
• Inaccurate information must be corrected or removed promptly

Subject Access Requests (SARs)

Individuals may request access to the data held about them. Requests must be submitted in writing and identity must be verified.

The company aims to respond within 14 days.

Disclosing Data

GDPR allows personal data to be disclosed without consent to law enforcement when legally required. Leisure Lites Ltd will verify requests before disclosure.

Providing Information

Leisure Lites Ltd aims to ensure individuals understand:

• How data is used
• How to exercise their rights

Contact Information

Leisure Lites Ltd
Unit 1, Sycamore House
Morgreen Industrial Park
Engine Lane
Newthorpe
Nottingham
NG16 3QU

Tel: 01773 712 121
Email: info@leisurelites.co.uk
Website: www.leisurelites.co.uk

Policy Review

This policy was last updated on 23rd May 2018.

Back To List