Wupwoo Ltd needs to collect personal data from our staff, customers and suppliers, in order to carry out its business and provide its services. This information includes name, address, email address, date of birth, private and confidential information. No matter how it is collected, recorded and used (e.g. on a computer or other digital media, on hardcopy, paper or images, including CCTV) this personal information must be dealt with properly to ensure compliance with European General Data Protection Regulation (GDPR). The lawful and proper treatment of personal information by Wupwoo Ltd is extremely important to the success of our business and in order to maintain the confidence of our service users and employees. Wupwoo Ltd must ensure that it processes personal information lawfully and correctly.
Personal data shall be:
Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
The Act’s definition of “personal data” covers any data that can be used to identify a living individual. Anonymised or aggregated data is not regulated by the Act, providing the anonymisation or aggregation has not been done in a reversible way. Individuals can be identified by various means including their name and address, telephone number or email address. The Act defines special categories of personal data as sensitive personal information:
Wupwoo Ltd and all its staff who process or use personal information must ensure that they follow these principles at all times. In order to ensure that this happens, Wupwoo Ltd has developed this Data Protection Policy.
This policy has been approved by the Wupwoo Ltd Board of Directors and any breach will be taken seriously and may result in more formal action. Any member of staff, customer or supplier who considers that the policy has not been followed in respect of personal data about themselves should raise the matter with their line Manager or the Data Protection Officer in the first instance.
All staff, customers and suppliers and other users are entitled to:
As part of our responsibilities we must comply with this Policy and with all relevant Legislation. All employees will adhere to this policy and make data security an integral part of their activities insofar as to build the tenets of this policy into any activity that the company is engaged with.
The need to ensure that data is kept securely means that precautions must be taken against physical loss or damage, and that both access and disclosure must be restricted. Wupwoo Ltd and all of its Employees are responsible for ensuring that:
Should a data breach be identified then we have a statutory obligation to inform the Information Commissioner’s Office (Tel: 0303 123 1113, Website: https://ico.org.uk/).
People have the right to access any personal data that is being kept about them on computer and also have access to paper-based data held in certain manual filing systems. Any person who wishes to exercise this right should make the request in writing to the Wupwoo Data Protection Officer. Wupwoo Ltd will make a charge of £15 on each occasion that access is requested.
Wupwoo Ltd aims to comply with requests for access to personal information as quickly as possible, but will ensure that it is provided within 40 days of receipt of a written request unless there is good reason for delay. In such cases, the reason for delay will be explained in writing to the individual making the request.
Name: Peter Martin
Wupwoo Ltd is the data controller under the Act and is therefore ultimately responsible. Any questions or concerns about the interpretation or operation of this policy should be taken up in the first instance with the Company Data Controller.
Wupwoo Ltd is registered with the I.C.O Registration Number ZA141612
Company Registration ( England and Wales) 7865444
Registered office: 15 Queen Square, LS2 8AJ.
Version 2
Review. March 2020