After four years of preparation and debate the GDPR was finally approved by the EU Parliament on 14 April 2016. Enforcement date: 25 May 2018 – at which time those organizations in non-compliance may face heavy fines.
The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.
More information can be found here: https://www.eugdpr.org/key-changes.html
Our Policy & ICO
ICO Registration number: ZA295039
Description of processing
The following is a broad description of the way this organisation/data controller processes personal information. To understand how your own personal information is processed you may need to refer to any personal communications you have received, check any privacy notices the organisation has provided or contact the organisation to ask about your personal circumstances.
Reasons/purposes for processing information
We process personal information to enable us to promote our services, to maintain our accounts and records and to support and manage our staff.
Type/classes of information processed
We process information relevant to the above reasons/purposes. This may include:
personal details, family, lifestyle and social circumstances, financial details, employment and education details, goods or services provided
We also process sensitive classes of information that may include:
physical or mental health details, racial or ethnic origin, religious or other beliefs of a similar nature, trade union membership
Who the information is processed about
We process personal information about our:
employees, customers and clients, suppliers and services providers, advisers, consultants and other professional experts, complainants and enquirers
Who the information may be shared with
We sometimes need to share the personal information we process with the individual themself and also with other organisations. Where this is necessary we are required to comply with all aspects of the Data Protection Act (DPA). What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.
Where necessary or required we share information with:
family, associates and representatives of the person whose personal data we are processingemployment and recruitment agencies, current, past and prospective employers, educators and examining bodies, central government, credit reference agencies, suppliers and service providers, debt collection and tracing agencies, financial organisations
It may sometimes be necessary to transfer personal information overseas. When this is needed information is only shared within the European Economic Area (EEA). Any transfers made will be in full compliance with all aspects of the data protection act.