Data Protection Policy

At Cole Waterhouse, we are committed to the lawful and fair handling of all personal data and we respect the legal rights, privacy and trust of all individuals with whom we deal. We ensure that our compliance with the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (UK GDPR) and the Data Protection Act 2018 (DPA 2018) is clear and demonstrable at all times. 

In our everyday business operations, we make use of data about identifiable individuals, including data about: 

  • Current, past and prospective employees 
  • Individuals who access our Website (see separate Privacy Policy on our website) 
  • Individuals who contact us through our Website, by telephone, email or through any other means 

We only use personal data where the law allows. This includes fulfilling our legal and contractual obligations, managing relationships with our business partners, marketing, recruitment and other legitimate business purposes. The majority of our processing will be carried out in order to fulfil our contractual obligations under employment contracts with our staff. 

We only collect information from individuals outside our organisation when this is freely provided to us and the basis for processing this is our ‘legitimate interest’ as we will use it to communicate with individuals in the context of their corporate activity and identity and not in relation to their private life. 

The legislation states that personal data should be processed lawfully, fairly and in a transparent manner and collected for specified, explicit and legitimate purposes. All reasonable steps are taken to ensure that our records are accurate, relevant, adequate but not excessive and are kept up to date. Records are not kept longer than is necessary and we make sure that no one has access to them without authorisation. 

We recognise that individuals have rights under the GDPR. Of particular relevance to our business are: the right to be informed when we are collecting data; the right of access to the data we collect; the right to rectification if the data is wrong; the right to erasure at any point and the right to object to the data held. 

These rights are supported by appropriate procedures within Cole Waterhouse that allow the required action to be taken within the timescales stated in the GDPR. 

Organisational Measures 

We ensure that the following measures are taken with respect to the collection, holding, and handling of personal data: 

  • Only employees that need access to personal data in order to carry out their assigned duties correctly have access to personal data. 
  • All employees handling personal data are required to exercise care, caution and discretion when discussing work-related matters that relate to personal data, whether in the workplace or otherwise. 
  • All personal data held is regularly reviewed and not held for longer than is necessary. 

Employees Responsibilities 

To ensure that personal data is collected, stored and handled appropriately, in line with this policy, the following guidelines should be followed: 

  • Only access data covered by this policy if you need it for the work you do for us and are authorised to do so. 
  • Keep personal data secure and do not share it with unauthorised people. 
  • Do not make unnecessary copies of personal data. 
  • Personal data should be shredded and disposed of securely when you have finished with it. 
  • Use strong passwords. 
  • Lock your computer when not at your desk. 
  • Do not save personal data to your own personal computers or other devices. 

All personal data breaches must be reported immediately to a member of the Board. 

This Policy has been approved and authorised by the Board and will be reviewed every 12 months. 

Share Article