Advanced Seating Solutions Ltd Data Protection Policy:
General Data Protection Regulations (GDPR) 2018
Under the GDPR, the data protection principles set out the main responsibilities for all organisations.
Article 5 of the GDPR requires that personal data shall be:
“a) processed lawfully, fairly and in a transparent manner in relation to individuals;
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”
Advanced Seating Solutions Ltd are committed to ensuring that we adhere to the latest regulations of Data Protection and we are registered with The Information Commissioner’s Office.
We believe in supplying our services in a fair and transparent manner. We aim to ensure that, where necessary, we have requested your consent to safely use your personal information for any purposes other than for a basic commercial transaction for products supplied, for example when providing services such as ongoing Occupational Therapy and Training.
At Advanced Seating Solutions Ltd we take protection of your personal data very seriously.
Your personal and/or sensitive data is being collected for the following reasons:
Why this policy exists:
Advanced Seating Solutions Ltd needs to gather and use certain information about individuals and organisations (data subjects). These can include customers, suppliers, business contacts, employees and other people the organisation has a relationship with or may need to contact. This policy describes how this personal data must be collected, handled and stored to meet the company’s data protection standards – and to comply with the law.
This data protection policy ensures Advanced Seating Solutions Ltd • Complies with data protection law and follows good practice
• Protects the rights of staff, customers and partners
• Is open about how it stores and processes individual’s data
• Protects itself from the risks of a data breach
This policy applies to:
• The Directors of Advanced Seating Solutions Ltd
• All employees of Advanced Seating Solutions Ltd
• All contractors, agents, suppliers and other people working on behalf of
Advanced Seating Solutions Ltd
It applies to all data that the company holds relating to identifiable individuals (data subjects), This can include:
Everyone who works for or with Advanced Seating Solutions Ltd has some responsibility for ensuring data is collected, stored and handled appropriately. Each team that handles personal data must ensure that it is handled and processed in line with this policy and data protection principles.
However, the Directors, Martin and Katherine Coles, are ultimately responsible for ensuring that Advanced Seating Solutions Ltd meets its legal obligations with regards to data protection compliance.
The Directors are responsible for:
• The only people able to access data covered by this policy should be those who need it for their work
Personal data is of no value to Advanced Seating Solutions Ltd unless the business can make use of it. However, it is when personal data is accessed and used that it can be at the greatest risk of loss, corruption of theft
Accountability and governance
Advanced Seating Solutions Ltd Code of Conduct: We aim to provide:
The GDPR provides the following rights for individuals:
1. The right to be informed
As we hold personal information about our clients, employees and suppliers, we are legally obliged to keep you informed on how we use and protect that information. Under the Data Protection Act, we must:
Where requests are manifestly unfounded or excessive, in particular because they are repetitive, we can:
3. The right to rectification
Individuals are entitled to have personal data rectified if it is inaccurate or incomplete.
If we have disclosed the personal data in question to third parties, we will inform you of the rectification where possible and provide details of the third parties to whom the data has been disclosed where appropriate.
We will usually respond within one month.
This can be extended by two months where the request for rectification is complex.
Where we are not taking action in response to a request for rectification, we will explain why to the individual, informing them of their right to complain to the supervisory authority and to a judicial remedy.
4. The right to erase
When does the right to erasure apply?
The right to erasure does not provide an absolute ‘right to be forgotten’. However, individuals have a right to have personal data erased and to prevent processing in specific circumstances:
5. The right to restrict processing
When does the right to restrict processing apply?
We are required to restrict the processing of personal data in the following circumstances:
The right to data portability only applies:
means that the information is structured so that software can extract specific elements of the data. This enables other organisations to use the data.
The information must be provided free of charge.
If the individual requests it, we may be required to transmit the data directly to another organisation if this is technically feasible. However, we are not required to adopt or maintain processing systems that are technically compatible with other organisations.
If the personal data concerns more than one individual, we must consider whether providing the information would prejudice the rights of any other individual.
We must respond without undue delay, and within one month.
This can be extended by two months where the request is complex or we receive a number of requests. We must inform the individual within one month of the receipt of the request and explain why the extension is necessary.
7. The right to object
How do we comply with the right to object if we process personal data for the performance of a legal task or our organisation’s legitimate interests?
Individuals must have an objection on “grounds relating to his or her particular situation”.
We must stop processing the personal data unless:
Where we are not taking action in response to a request, we will explain why
to the individual, informing them of their right to complain to the supervisory
authority and to a judicial remedy without undue delay and at the latest
within one month.
8. Rights in relation to automated decision making and profiling.
The GDPR provides safeguards for individuals against the risk that a potentially damaging decision is taken without human intervention.
We have assessed whether any of our processing operations constitute automated decision making and consider that this is not the case within Advanced Seating Solutions Ltd.
12th April 2018