Data Protection Statement – Security & Vetting Solutions Ltd
This Data Protection Statement will outline how Security & Vetting Solutions Ltd (herein known as “We”) will meet its obligations under the General Data Protection Regulations and the Data Protection Act (herein known as the “Regulations”). The statement is subject to regular review to reflect, for example, changes to legislation or to the structure or the policies of Security & Vetting Solutions Ltd. We will regard the lawful and correct use of personal information as paramount in the achievement of our objectives, to the success of our operations and for maintaining absolute confidence between those with whom we deal with and ourselves. We will ensure that our company will treat personal information lawfully and correctly. We will need to collect and use certain types of information about people with whom we liaise in order to operate. This will include any information necessary for the purposes of delivering the services, along with information about suppliers and others with whom we conduct business. Specifically, the information that you supply to us for the purpose of our security screening service and criminal record disclosure service is strictly confidential and processed within provisions of the Regulations. It will only be used for the purpose of which you have prior agreed and given explicit consent. For any personal data processing query, subject access request, data correction request, withdrawal of consent request, please email firstname.lastname@example.org
To this end, we fully endorse and adhere to the principles of the Regulations and require that personal information:
- Must be processed fairly and lawfully and in particular, must not be processed unless specific conditions are met and explicit consent is obtained.
- Must be obtained only for one or more specified lawful purposes and must not be further processed in any manner incompatible with that purpose or those purposes.
- Must be adequate, relevant and not excessive in relation to the purpose or purposes for which it is processed.
- Must be accurate and where necessary, kept up-to-date.
- Must not be kept for longer than is necessary for the specified purpose(s).
- Must be processed in accordance with the rights of the data subject, which are:
- The right to be informed.
- The right of access.
- The right of rectification.
- The right of restricted processing.
- The right of data portability.
- The right to object.
- The right not to be subject to automated decision making including profiling.
- Should be subject to appropriate technical and organisational measures to:
- Prevent the unauthorised or unlawful processing of personal data, or the accidental loss, destruction or damage to personal data.
- To maintain appropriate and proportional records to permit data to be corrected or managed in accordance with the rights of the data subject.
- Must not be transferred to a country or territory outside the European Economic Area (EEA) unless that country or territory or third party ensures an adequate level of protection for the rights and freedoms of a data subject in relation to the processing of personal data.
In light of these obligations, Security & Vetting Solutions Ltd, through appropriate management and controls, will:
- Observe the conditions regarding the fair collection and use of personal information.
- Meet our legal obligations to specify the purpose(s) for which the personal information is to be used.
- Collect and process personal information only to the extent that it is needed to fulfil our operational needs or to comply with any legal requirement.
- Ensure the quality of the personal information used.
- Ensure that the rights of people about whom the information is held can be exercised under the Regulations.
- Take appropriate technical and organisational measures to safeguard personal information.
- Ensure that personal information is not transferred outside the EEA without appropriate safeguards being in place.
In order to achieve compliance with the Regulations, we have:
- Created and implemented both technical and procedural internal policies that comply with our collective responsibility to securely manage all personal data in accordance with our individual and organisational data protection responsibilities.
- The statement is made available to all staff who are instructed to work in accordance with the Regulations and of whom receive regular data protection compliance training.
- Security screened all staff to a British Standard called BS7858 which is a recognised British Standard for personnel working in a security related environment.
Our Data Protection Statement is subject to change without notice. Last reviewed: January 2019 Authorised: S Cox, Director.