At Cole Waterhouse, we are committed to the lawful and fair handling of all personal data and we respect the legal rights, privacy and trust of all individuals with whom we deal. We ensure that our compliance with the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (UK GDPR) and the Data Protection Act 2018 (DPA 2018) is clear and demonstrable at all times.
In our everyday business operations, we make use of data about identifiable individuals, including data about:
We only use personal data where the law allows. This includes fulfilling our legal and contractual obligations, managing relationships with our business partners, marketing, recruitment and other legitimate business purposes. The majority of our processing will be carried out in order to fulfil our contractual obligations under employment contracts with our staff.
We only collect information from individuals outside our organisation when this is freely provided to us and the basis for processing this is our ‘legitimate interest’ as we will use it to communicate with individuals in the context of their corporate activity and identity and not in relation to their private life.
The legislation states that personal data should be processed lawfully, fairly and in a transparent manner and collected for specified, explicit and legitimate purposes. All reasonable steps are taken to ensure that our records are accurate, relevant, adequate but not excessive and are kept up to date. Records are not kept longer than is necessary and we make sure that no one has access to them without authorisation.
We recognise that individuals have rights under the GDPR. Of particular relevance to our business are: the right to be informed when we are collecting data; the right of access to the data we collect; the right to rectification if the data is wrong; the right to erasure at any point and the right to object to the data held.
These rights are supported by appropriate procedures within Cole Waterhouse that allow the required action to be taken within the timescales stated in the GDPR.
We ensure that the following measures are taken with respect to the collection, holding, and handling of personal data:
To ensure that personal data is collected, stored and handled appropriately, in line with this policy, the following guidelines should be followed:
All personal data breaches must be reported immediately to a member of the Board.
This Policy has been approved and authorised by the Board and will be reviewed every 12 months.