1. Introduction
[1.1] This Data Protection policy sets out how Peter Ward Homes Limited (“we”, “our”, “us”, “the Company”) handle the Personal Data of our customers, suppliers, employees, workers and other third parties.
[1.2] If you have any questions about this Policy or require any further information, please contact a Director.
[1.3] The following definitions are used in this policy:
[1.3.1] Data Subject: a living, identified or identifiable individual about whom we hold Personal Data.
[1.3.2] Personal Data: any information identifying a Data Subject or information relating to a Data Subject that we can identify (directly or indirectly) from that data.
[1.3.3] Personal Data Breach: any act or omission that compromises the security, confidentiality, integrity or availability of Personal Data or the safeguards put in place to protect it. The loss; or unauthorised access, disclosure or acquisition; of Personal Data is a Personal Data Breach.
[1.3.4] Processing or Process: any activity that involves the use of Personal Data. It includes obtaining, recording or holding the data, or carrying out any operation on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transmitting or transferring Personal Data to third parties.
[1.3.5] Sensitive Personal Data: information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data, and Personal Data relating to criminal offences and convictions.
[1.4] This Policy applies to all Personal Data we Process regardless of where that data is stored or whether it relates to past or present employees, workers, customers, clients or supplier contacts, shareholders, website users or any other Data Subject.
[1.5] This Policy applies to all employees, workers, contractors, agency workers, consultants, directors, members and others (“you”, “your”). You must read, understand and comply with this Policy when Processing Personal Data on our behalf. It sets out what we expect from you in order for the Company to comply with the law. Any breach of this Policy may result in disciplinary action.
2. Personal Data Protection Principles
[2.1] We adhere to the principles relating to Processing of Personal Data set out in the General Data Protection Regulation (GDPR).
[2.2] Briefly, the main principles of GDPR are set out below. Also set out below are a number of requirements which relate to you:
[2.2.1] Personal Data must be kept secure against unauthorised or unlawful Processing, and against accidental loss, destruction or damage. You are responsible for protecting the Personal Data you have access to. You should at all times ensure that Personal Data is kept secure and not lost. You should not take Personal Data out of the office without the approval of your manager. You must exercise particular care in protecting Sensitive Personal Data from loss and unauthorised access, use or disclosure. You must follow all procedures and technologies we put in place to maintain the security of all Personal Data from the point of collection to the point of destruction.
[2.2.2] Personal data must be Processed lawfully, fairly and in a transparent manner in relation to the Data Subject.
[2.2.3] Personal Data should only be used for the purposes notified to the Data Subject (or purposes which they would reasonably expect it to be used for).
[2.2.4] Personal Data must be relevant and limited to what is necessary in relation to the purposes for which it is Processed. You may only Process Personal Data when performing your job duties requires it. You cannot Process Personal Data for any reason unrelated to your job duties. You may only collect Personal Data that you require for your job duties.
[2.2.5] Personal Data we use and hold should be accurate, complete, kept up to date and relevant to the purpose for which we collected it.
[2.2.6] Personal Data should not be kept for longer than needed for the purposes for which we originally collected it (including for the purpose of satisfying any legal, accounting or reporting requirements).
[2.3] You should bear in mind the principles set out above when Processing Personal Data. If you feel that the Processing of any Personal Data by you as part of your job may infringe upon any of these principles, you should inform a Director immediately.
[2.4] Reporting a Personal Data Breach If you know or suspect that a Personal Data Breach has occurred, do not attempt to investigate the matter yourself. Immediately contact your manager. You should preserve all evidence relating to the potential Personal Data Breach.
3. Data Subject’s Rights and Requests
[3.1] Data Subjects have rights when it comes to how we handle their Personal Data. These include rights to:
[3.1.1] withdraw consent to Processing at any time;
[3.1.2] request access to their Personal Data that we hold;
[3.1.3] prevent our use of their Personal Data for direct marketing purposes; and
[3.1.4] ask us to erase Personal Data if it is no longer necessary in relation to the purposes for which it was collected or Processed or to rectify inaccurate data or to complete incomplete data.
[3.2] You must immediately forward any Data Subject request (i.e. any request from any person for any action to be taken in respect of their Personal Data) you receive to your manager before responding to the relevant Data Subject.
4. Training and Audit
You must undergo all mandatory data privacy related training as directed by the Company.
5. Our Privacy Policies
[5.1] We have Privacy Policies for:
[5.1.1] employees; and
[5.1.2] job applicants, buyers, suppliers and trading partners, and website users.
[5.2] The Privacy Policy for employees is available from a Director.
[5.3] The Privacy Policy for job applicants, buyers, suppliers and trading partners, and website users is available to view on the Company’s website and is available from a Director.