Data Policy
DATA POLICY
This is the data protection notice of GBR Court Services
Introduction
In order to deliver our services, we gather and use information about individuals and companies. No personal data is collected for purposes other than the delivery of these services.
These individuals include customers, suppliers, business contacts, employees, and other people where we have a relationship.
Purpose
• Collect and store this personal data in line with data protection legislation
• Protect the rights of these persons
• Show that we are open, aware and compliant
• Minimise the risk of a breach of legislation
The Principles
The Data Protection Act 1998 sets out rules for processing personal information relating to living individuals. It applies to some paper records as well as those held in electronic form. The Act gives individuals certain rights. It also imposes obligations on those who record and use personal information to be open about how that information is used and requires them to follow the eight data protection principles.
Personal data must be processed following these principles so that data is:
• processed fairly and lawfully and only if certain conditions are met;
• obtained for specified and lawful purposes;
• adequate, relevant and not excessive;
• accurate and where necessary kept up-to-date;
• not kept for longer than necessary;
• processed in accordance with an individual's rights;
• kept in a secure manner;
• not transferred outside of the EEA without adequate protection;
The Act provides individuals with rights in connection with personal data held about them. It provides individuals with the right to access data concerning themselves (subject to the rights of third parties). It also includes the right to seek compensation through the courts for damages and distress suffered by reason of inaccuracy or the unauthorised destruction or wrongful disclosure of data. Requests for information access should be made to enquiries@gbr24hr.co.uk This information is provided without charge.
We comply with all the principles of this Act.
GDPR
The EU parliament approved GDPR (General Data Protection Regulation) which comes in force in May 2018. Its purpose, as described by the governing body (www.eugdpr.org) states:
“The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organisations across the region approach data privacy.”
Considered issues
We have reviewed the following areas to identify where real needs to collect data exist and how we handle the resulting data.
What personal information is being collected?
For general enquiries from our website or from phone calls, we collect names, phone numbers and email addresses.
Who is collecting it?
It is collected by a single officer of the company.
How is it collected?
By an enquirer contacting the company. Secondary data is accumulated over time through other communication systems such as email, mobiles, and letters.
Why is it being collected?
The personal information has been minimised to a point where we have enough to complete the required tasks and no more.
How will it be used?
The data is stored and used as part of our responsibility to ensure the efficient running of the services we provide.
Who will it be shared with?
The information is not shared with any outside organisation, other than to fulfil its duties to its clients, but it is held on a number of GDPR-compliant applications outside the company and, in some cases outside the EEA.
Fairness
It is important that we have a fair and transparent privacy notice. It is based on:
• Using the information in a way that people would reasonably expect
• Thinking about the impact of your processing
• Being transparent and ensuring that people know how their information will be used. This means providing privacy notices or making them available, using the most appropriate mechanisms. In a digital context this can include all the online platforms used to deliver services.
Risks and Security
A single member of staff is designated as a ‘Data Handler’ and has the responsibility for ensuring data is collected, stored and handled appropriately. This is essentially controlled through system access.
We have made appropriate technical and organisational measures against unauthorised or unlawful processing of personal data and against accidental loss or destruction of or damage to personal data. Staff and other individuals should be aware that guidelines and regulations relating to the security of manual filing systems and the preservation of secure passwords for access to relevant data held on computers should be strictly observed.
Responsibilities
GBR Court Services is a small company so the ‘Data Controller’ and ‘Data Handler’ are the same person. He/she is responsible for:
• Keeping the business updated about data protection responsibilities, risks, and issues
• Handling data protection questions from customers and anyone else covered by this policy
• Dealing with requests from individuals to see the data we hold about them
• Ensuring all systems, services, and equipment used for storing data meet acceptable security standards
• Performing regular checks and scans to ensure the policy is effective
• Evaluating any third-party services, the company is considering using to store or process data
Staff Guidelines
The only people able to access data covered by this policy should be those who need it for their work.
• Consider all personal data to be confidential
• Data should not be shared informally
• Staff should keep all data secure (not leaving PCs unprotected, avoid printing and leaving records for others to see, etc.)
• In particular, strong passwords must be used and they should never be shared
• Data should be regularly reviewed, updated or deleted if it is found to be out of date. All Customers case work data will be erased when the case is closed,
by the instruction of the company or the customer.
only data kept beyound that time will the finance accounts of the customer,
• When data is stored electronically it must be protected from unauthorised access
If you have any questions regarding the data we hold on you, please contact us at enquiries@gbr24hr.co.uk