Welcome To Our Future will follow these 10 key principles to ensure compliance.
Wherever possible obtain consent before acquiring, holding or using personal data. Any forms, whether paper or web-based, which are designed to gather personal data should contain a statement explaining what the information is to be used for and who it may be disclosed to.
2. Sensitive data
Be particularly careful with sensitive personal data (i.e. information relating to race, political opinion, physical or mental health, religious belief, trade union membership, sexuality, criminal offences etc). Such information should only be held and used where strictly necessary. Always obtain the consent of the individual concerned and notify them of the likely use(s) of such data.
3. Individual rights
Wherever possible be open with individuals concerning the information being held about them. When preparing reports or appending notes to official documents, bear in mind that individuals have the right to see all personal data and could therefore read any 'informal' comments made about them. Also be aware that this includes e-mails containing personal data and so the same caution should be used when sending e-mails.
4. Review files
Only create and retain personal data where absolutely necessary. Securely dispose of or delete any personal data which is out of date, irrelevant or no longer required. Hold regular reviews of files and discard unnecessary or obsolete data systematically.
5. Disposal of records
When discarding paper records that contain personal data treat them confidentially (i.e. shred such files rather than disposing of them as waste paper). Similarly any unnecessary or out-of-date electronic records should be deleted. Welcome To Our Future computers should not be given away or sold unless sure that all information stored on them has been removed or deleted.
Keep all personal data up to date and accurate. Note any changes of address and other amendments. If there is any doubt about the accuracy of personal data then it should not be used.
Keep all personal data as securely as possible (e.g. in lockable filing cabinets or in rooms that can be locked when unoccupied). Do not leave records containing personal data unattended in offices or areas accessible to the members of the public. Ensure that personal data is not displayed on computers screens visible to passers-by. Be aware that these security considerations also apply to records taken away from the office e.g. for work at home or for an external meeting. Also bear in mind that e-mail is not necessarily confidential or secure so should not be used for potentially sensitive communications. Welcome To Our Future takes Cyber Security issues seriously and undertakes periodic reviews and maintenance as set out in our Cyber Security Policy and Procedures document.
8. Disclosing data
Never reveal personal data to third parties without the consent of the individual concerned or other reasonable justification. This includes parents, guardians, relatives and friends of the data subject who have no right to access information without the data subject's consent.
If a request for personal information is received from an organisation such as the Police or the Inland Revenue, Welcome To Our Future will endeavour to co-operate but steps should first be taken to ensure that requests are genuine and legitimate.
9. Worldwide transfer
Always obtain consent from the individual’s concerned before placing information about them on the Internet and before sending any personal data outside the European Union, Iceland, Lichtenstein or Norway.
10. Third party processors
If using a third party data processor e.g. for bulk mailings or database management and are giving them access to personal data, then Impetus must have a written contract in place with them to ensure that they treat such information confidentially, securely and in compliance with the DPA.
If you have any questions regarding our policies please contact us.