Data Protection Policy
Scope
This policy applies to all employees, contractors, and third parties who handle personal data on behalf of the Company. It covers all personal data collected, processed, and stored by the Company in any format, including electronic, paper, or verbal.
Responsibilities
Data Protection Officer (DPO)
The Company has appointed a Data Protection Officer who is responsible for overseeing data protection matters, ensuring compliance with applicable laws, and acting as a point of contact for data subjects and regulatory authorities.
Employees
All employees are responsible for ensuring the proper handling of personal data in their day-to-day activities. They must adhere to this policy and report any data protection concerns to the DPO.
Data Collection And Processing
Lawful Processing
The Company will only collect and process personal data when it has a lawful basis to do so, including the consent of the data subject, contractual necessity, legal obligation, legitimate interests, or the protection of vital interests.
Data Minimisation
The Company will only collect and process personal data that is necessary for the purposes for which it was collected. Unnecessary or excessive data will not be collected or retained.
Transparency
Data subjects will be informed of the purposes for which their data is collected and processed, and their rights in relation to their data.
Consent
Where consent is required for processing personal data, the Company will obtain explicit and freely given consent from data subjects. Consent can be withdrawn at any time.
Data Security
Data Access And Storage
Personal data will be stored securely, and access will be restricted to authorized personnel only. Data will be encrypted, both in transit and at rest, where applicable.
Data Breach Response
In the event of a data breach, the Company will promptly assess and mitigate the impact of the breach, notify affected data subjects and relevant authorities where required by law.
Data Subject Rights
Data subjects have the following rights regarding their personal data:
- Right to Access
- Right to Rectification
- Right to Erasure
- Right to Data Portability
- Right to Object
- Right to Restriction of Processing
Data Retention
Personal data will be retained for no longer than necessary for the purposes for which it was collected, and in accordance with applicable laws and regulations.
Training And Awareness
The Company will provide regular data protection training and awareness programs to employees to ensure their understanding and compliance with this policy.
Monitoring And Review
This policy will be reviewed and updated as necessary to ensure ongoing compliance with data protection laws and best practices. The DPO will monitor and report on data protection activities.
Contact Information
Data subjects can contact the Data Protection Officer at: letstalk@thebankofknowledge.co.uk
Effective Date
This Data Protection Policy is effective from 01/02/2024.