Data Protection Policy

INTRODUCTION

Data Computer Services is committed to a policy of protecting the rights and privacy of individuals, including members, in accordance with the General Data Protection Regulation (GDPR) and domestic UK data protection legislation (“the Data Protection Legislation”).

In compliance with our stated policy, Data Computer Services will ensure that all this information about individuals is collected and used fairly, stored safely and securely, and not disclosed to any third party unlawfully.

All employees, contractors and any entity who deals with Data Computer Services must comply with the terms of this policy.

This policy will be updated as necessary to reflect best practice in data management, security and control and to ensure compliance with any changes or amendments to Data Protection or other legislation.

KEY CONCEPTS

Data Computer Services is a ’Data Controller’ in terms of the Data Protection Legislation. The definition of ’Data Controller’ together with other key Data Protection Legislation definitions can be found at Annex A.

Data Protection Principles

The Data Protection Legislation requires that anyone processing personal data must comply with Eight Principles of good practice. These Principles are legally enforceable.

The Principles require that personal information:

  1. Shall be processed fairly and lawfully and in particular, shall not be processed unless specific conditions are met;
  2. Shall be obtained only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes;
  3. Shall be adequate, relevant and not excessive in relation to the purpose or purposes for which it is processed;
  4. Shall be accurate and where necessary, kept up to date;
  5. Shall not be kept for longer than is necessary for that purpose or those purposes;
  6. Shall be processed in accordance with the rights of data subjects under the Act;
  7. Shall be kept secure i.e. protected by an appropriate degree of security;
  8. Shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of data protection or an accredited security arrangement is in place.

The data subject has rights under the act. These consist of:

Data Subjects also have the right to take any complaints about how DATA process their personal data to the Information Commissioner:

https://ico.org.uk/concerns/
0303 123 1113.
Information Comm
issioner's Office
Wycliffe House Water Lane
Wilmslow
Cheshire SK9 5AF

PURPOSES OF PROCESSING PERSONAL DATA

Data Computer Services will process personal data for the following purposes:

LEGAL BASIS FOR PROCESSING

Data Computer Services will process personal data for the above purposes pursuant to the following legal bases:

In the event that any processing of personal data is contemplated by Data Computer Services which requires the consent of the data subject, such consent will be obtained prior to any processing.

THIRD PARTIES

There are situations where personal data held by Data Computer Services is shared with or is accessible by third party organisations such as our professional advisers, website and other technical support providers, payment card processors and the like. In such cases Data Computer Services will have arrangements in place with such third parties setting out parties' roles and responsibilities for data protection and with legally binding obligations for the protection of personal data.

SECURITY

Data Computer Services are committed to protecting the privacy of personal data and will use appropriate standards of technology and operational security to protect personal data including a secure server and network firewall connection.  Operationally, access to personal data is restricted to authorised personnel who are under a duty to maintain the confidentiality and security of such information.

RETENTION OF PERSONAL DATA

Customer’s personal data will be held for the term of the relevant contract and for a period of one year thereafter, then for any period required in order to comply with HMRC rules or any other regulations or legislation.

If a data subject actively requests that their personal data be erased – this will be actioned on receipt of such request, however some information will need to continue on file for a period of time in accordance with tax and accounting practices.

DUTIES AND RESPONSIBILITIES

Data Computer Services is responsible for ensuring compliance with this policy. Regular reviews will be carried out and action taken to address any data protection related issues that arise or generate initiatives or communications as necessary to ensure compliance with this policy.

At an operational level, Data Computer Services will ensure that:-

PROCEDURE FOR REVIEW

This policy will be updated as necessary to reflect best practice or future amendments made to the Data Protection Legislation.

The ICO’s website (www.ico.gov.uk) provides further detailed guidance.

For help or advice on anything arising from this Data Protection Policy, please do not hesitate to contact:

Data Computer Services
27 Portobello High Street
Edinburgh
EH15 1DE

info@datacomputerservices.co.uk

Annex A

Key Definitions

  1. ‘Personal Data’ means data which relate to a living individual who can be identified from those data or from those data and other information which is in the possession of, or is likely to come into the possession of, the Data Controller and includes any expression of opinion about the individual and any indication of the intentions of the Data Controller or any other person in respect of the individual. Under the GDPR, the definition of personal data will explicitly extend to IP addresses.
  2. Sensitive Personal Data’ means information about an individual’s ethnicity, political opinions, their religious beliefs or other beliefs of a similar nature, membership of a trade union, disability, sexual orientation, the commission or alleged commission by them of any criminal offence, or any proceedings for any offence committed or alleged to have been committed by them, the disposal of such proceedings of the sentence of any court in such proceedings.
  3. Under the GDPR, the term ‘sensitive personal data’ will be replaced by the definition special category data which means any personal data information about an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual or oientation and their genetic or biometric data.
  4. ‘Processing’ means any operations or set of operations which is performed on personal data whether or not by automated means such as collection, use, disclosure or storage of personal data etc.
  5. ‘Data Controller’ means the organisation which, either alone or jointly with another organisation,determines the manner and purpose of the processing of personal data. The Data Controller is primarily responsible for compliance with the Data Protection Legislation.
  6. ‘Data Processor’ means an organisation (such as a contractor) which processes personal data on behalf of a Data Controller. Under the GDPR a Data Processor also has responsibilities for compliance with the Data Protection Legislation
  7. ‘Personal Data Breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed

Get in Touch

We'd love to hear from you, please get in touch for a no-obligation chat.

0131 629 3330 support@propertywindow.com