The General Data Protection Regulations (GDPR) regulates the way in which all personal data is held and processed. This is a statement of the data protection policy adopted by Black Star Certifications Ltd.
In order to operate efficiently Black Star Certifications Ltd is required to collect and use information about the people with whom we work. This includes current employees, agents, contractor’s suppliers and others with whom we communicate.
We regard the lawful and correct treatment of personal information as integral to our successful operation, and to maintaining the confidence of the people we work with. To this end we fully endorse and adhere to the principles of the Data Protection Act 1998.
The purpose of the policy is to ensure that all staff handing personal information at Black Star Certifications Ltd are fully aware of the requirements of the regulation and comply with data protection procedures and that data subjects are aware of their rights under the regulation.
‘Personal data’ covered by the regulation is essentially any recorded information which identifies a living individual. Personal data held will include contact information for a variety of customers/suppliers/employees and other personal details.
The principles of the Act require that personal information must:
- Be processed fairly and lawfully and only where this is strictly necessary for legal and regulatory purposes, or for legitimate organisational purposes.
- Be adequate, relevant and not excessive for the purpose
- Be accurate and up-to-date
- Not be kept longer than necessary
- Be processed in accordance with the data subject’s rights
- Keep secure, maintaining integrity, confidentiality and protected from unauthorised processing, loss or destruction.
- Be transferred only to those countries outside the European Economic Area that provide adequate protection for personal information.
To meet the requirements of the principles Black Star Certifications Ltd will agree to:
- Fully observe conditions regarding the fair collection and use of information
- Meet its legal obligations to specify the purposes for which information is used
- Collect and process appropriate information, and only to the extent that it is needed to fulfil operational needs or to comply with any legal requirements.
- Ensure the quality of the information used
- Hold personal information on Black Star Certifications Ltd systems for as long as is necessary for the relevant purpose, or as long as is set out in any relevant contract held with Black Star Certifications Ltd or the retention attached to the record’s content type.
- Ensure that the rights of people about whom information is held can be fully exercised under the Act (these include: the data subject’s right of access to their personal information, the right to prevent processing in certain circumstances, the right to correct, rectify, block or erase information which is regarded as wrong information)
- Take appropriate technical and organisational security measures to safeguard personal information and ensure that personal information is not transferred outside the EEA without suitable safeguards.
- Log any security incidence, reviewed in the management review
- Providing clear information to natural persons about how their personal information can be used and by whom.
- Maintaining records of processing of personal information