Introduction
Ascension2190 Ltd are fully committed to compliance with the requirements of the Data Protection Act 2018 (“the Act”). We will therefore follow procedures that aim to ensure that all staff, who have access to any personal data held by or on behalf of the Company, are fully aware of and abide by their duties and responsibilities under the Act.
Statement of policy
To operate efficiently, the company must collect and use information about people with whom it works and trains. These may include current, past, and prospective employees, learners, and clients. In addition, it may be required by law to collect and use information to comply with the requirements of central government. This personal information must be handled and dealt with properly however it is collected, recorded, and used, and whether it be on paper, in computer records or recorded by any other means, and there are safeguards within the Act to ensure this.
Ascension2190 Ltd regards the lawful and correct treatment of personal information as very important to its successful operations and to maintaining confidence between the company and those with whom it carries out business. We will ensure that we treat personal information lawfully and correctly.
To this end Ascension2190 Ltd fully endorses and adheres to the Principles of Data Protection as set out in the Data Protection Act 2018.
The Founder is responsible for the implementation and maintenance of this policy document.
The Principles of Data Protection
The Act stipulates that anyone processing personal data must comply with Eight Principles of good practice. These Principles are legally enforceable and set the requirements for our policy.
The Principles require that personal information:
1. Shall be processed fairly and lawfully and, shall not be processed unless specific conditions are met.
2. Shall be obtained only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes.
3. Shall be adequate, relevant, and not excessive in relation to the purpose or purposes for which it is processed.
4. Shall be accurate and where necessary, kept up to date.
5. Shall not be kept for longer than is necessary for that purpose or those purposes.
6. Shall be processed in accordance with the rights of data subjects under the Act.
7. Shall be kept secure i.e., protected by an appropriate degree of security.
8. Shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of data protection.
The Act provides conditions for the processing of any personal data. It also makes a distinction between personal data and “sensitive” personal data.
Personal data is defined as, data relating to a living individual who can be identified from that data.
• That data and other information, which is in the possession of, or is likely to come into the possession of the data controller and includes an expression of opinion about the individual and any indication of the intentions of the data controller, or any other person in respect of the individual.
Sensitive personal data is defined as personal data consisting of information as to:
• Racial or ethnic origin.
• Political opinion.
• Religious or other beliefs.
• Physical or mental health or condition.
• Sexual Orientation.
• Criminal proceedings or convictions.
Handling of personal/sensitive information
Ascension2190 Ltd will, through appropriate management and the use of strict criteria and controls:
• Observe fully, conditions regarding the fair collection and use of personal information.
• Meet its legal obligations to specify the purpose for which information is used.
• Collect and process appropriate information and only to the extent that it is needed to fulfil operational needs or to comply with any legal requirements.
• Ensure the quality of information used.
• Apply strict checks to determine the length of time information is held.
• Take appropriate technical and organisational security measures to safeguard personal information.
• Ensure that personal information is not transferred abroad without suitable safeguards.
• Ensure that the rights of people about whom the information is held can be fully exercised under the Act.
These include:
• The right to be informed that processing is being undertaken.
• The right of access to one’s personal information within the statutory 40 days.
• The right to prevent processing in certain circumstances.
• The right to correct, rectify, block or erase information regarded as incorrect.
In addition, Ascension2190 Ltd ensures that:
• There is someone with specific responsibility for data protection in the organisation.
• Everyone managing and handling personal information understands that they are contractually responsible for following good data protection practice.
• Everyone managing and handling personal information is appropriately trained to do so.
• Everyone managing and handling personal information is appropriately supervised.
• Queries about handling personal information are promptly and courteously dealt with.
• Methods of handling personal information are regularly assessed and evaluated.
• Performance with handling personal information is regularly assessed and evaluated.
• Data sharing is carried out under a written agreement, setting out the scope and limits of the sharing. Any disclosure of personal data will be in compliance with approved procedures.
All staff are made fully aware of this policy and of their duties and responsibilities under the Act.
The Founder and staff within the company’s directorates will take steps to ensure that personal data is kept secure always against unauthorised or unlawful loss or disclosure and will ensure that:
• Paper files and other records or documents containing personal/sensitive data are kept in a secure environment.
• Personal data held on computers and computer systems is protected using secure passwords, which where possible have forced changes periodically.
• Individual passwords should be such that they are not easily compromised.
• It maintains a list of staff that have physical and electronic access to personal data.
The Roles of Third Parties
All contractors, consultants, suppliers, etc. must:
• Ensure that they and all of their staff who have access to personal data held or processed for or on behalf of the company, are aware of this policy and are fully trained in and are aware of their duties and responsibilities under the Act. Any breach of any provision of the Act will be deemed as being a breach of any contract between Ascension2190 Ltd and that individual, company, partner, or firm.
• Fully indemnify and hold the Company harmless against all liabilities, costs, expenses, damages, and losses suffered or incurred by the company arising out of or in connection with a failure by the contractor, consultant or supplier to comply with its obligations under the Act. This indemnity shall apply whether the company has been negligent or at fault except that nothing in this clause shall have the effect of excluding or limiting any liability for death or personal injury caused by negligence or for fraud.
• All contractors, suppliers, consultants who are users of personal information supplied by the company will be required to confirm that they will abide by the requirements of the Act regarding information supplied by us.
Notification to the Information Commissioner
• The Information Commissioner maintains a public register of Data Controllers. The Company is registered as such.
• The Data Protection Act 2018 requires every data controller who is processing personal data, to notify and renew their notification, on an annual basis. Failure to do so is a criminal offence.
• To this end the Founder is responsible for notifying and updating the Information Officer of the processing of personal data, within their directorate.
Copyright © 2022 Ascension2190 Ltd - All Rights Reserved.
Ascension2190 Ltd - Company Reg No: 14058629
Powered by GoDaddy