BikeExchange takes their legal responsibilities under data protection legislation very seriously and acknowledges an individual’s right to privacy. Data protection is the safeguarding the privacy rights of individuals in relation to the processing of their personal data in both paper and electronic format. This policy outlines our policy to ensure that we comply with data protection legislation at all times.
Everyone has rights with regard to the way their personal data is handled. During the course of our activities we collect, store and process personal data about our employees, customers, suppliers and other third parties and we recognise that the correct and lawful treatment of this data will remain confidential in the organisation and will provide for successful business operations. All data users are obliged to comply with this policy when processing personal data on our behalf. Any breach of this policy may result in disciplinary action up to and including dismissal.
Any employee of the company who is involved in the collection, storage or processing of personal data has responsibilities under the legislation. They should at all times make sure:
• To obtain and process personal data fairly.
• To keep such data only for explicit and lawful purposes.
• To disclose such data only in ways compatible with these purposes.
• Keep such data safe and secure.
• Keep such data accurate, complete and up to date.
• To ensure that such data is adequate, relevant and not excessive.
• To retain such data for no longer than is necessary for the explicit purpose.
• To give, on request a copy of the data to the individual to whom they relate, such request is known as a subject access request. Any subject access request received should be forwarded immediately to email@example.com.
The individuals for whom the company stores and processes personal data have the following rights:
• To have their personal data obtained and processes fairly.
• To have personal data kept securely and not illegitimately disclose to others.
• To be informed of the indemnity of the data controller and of the purpose for which the information is held.
• To get a copy of their personal data.
• To have their personal data corrected or deleted if inaccurate.
• To prevent their personal data from being used for certain purposes, for example one might want to have data blocked for research purposes whereas it is held for other purposes.
• Under employment legislation no one can force another person to make and access request or reveal the results of an access request.
The company will administer its responsibilities under the legislation in accordance with the eight stated data protection principles outlined in the data protection legislation.
Obtain and Process Information Fairly
The company will obtain and process personal data fairly and in accordance with the fulfilment of its functions. Personal data shall be processed in accordance with one of the legal grounds as set out in the data protection legislation.
Keep data only for one or more specified explicit and lawful purpose
The company will keep data for purposes that are specific, lawful and clearly stated and the data will only be processed in a manner compatible with these purposes.
Use and disclose data only in ways compatible with these purposes
The company will only disclose personal data that is necessary for the purpose or purposes compatible with the purpose or purposes for which it collects and keeps data. We will notify those purposes to the data subject when we first collect the data or as soon as possible thereafter.
Keep Data Safe and Secure
The company will take appropriate steps and will put in place procedures and technology to maintain the security of all personal data. The company will take appropriate security measure against unlawful or unauthorised processing of personal data and against the accidental loss of or damage to personal data.
Keep Data Accurate Complete and Up to date
The company will ensure that personal data held by them is accurate and kept up to date. The company will check the accuracy of personal data at the point of collection and will put in place procedures to ensure data is kept accurate and up to date.
Ensure the Data is Adequate, Relevant and not excessive
The company will only collect personal data to the extent that it is required for the specific purpose notified to the data subject.
Retain data for no longer than is necessary for the purpose or purposes for which they are kept
The company will put in place procedures to ensure that data that is no longer required to fulfill a purpose for which it was originally collected can be deleted. The company will not keep personal data longer than is necessary for the purpose or purposes. The company will where applicable apply statutory provisions to the retention of certain categories of data.
Give a copy of his or her personal data to that individual on request
The company will have procedures in place to ensure that data subjects can exercise their rights under the data protection legislation top submit a subject access request. This policy may be reviewed regularly and updated or amended by the company.
If you have any questions about our GDPR Policy you can contact us via firstname.lastname@example.org.