Our principles - When handling your personal data, we will always comply with the obligations set out in the Data Protection Act 1998 (the DPA) and the General Data Protection Regulation (the GDPR) from 25th May 2018. We also promise to do the following:
- We'll only collect and use your information where we have your permission to do so.
- We'll be transparent in our dealings with you and tell you how we’ll collect and use your information. If we collect your information for a purpose, we'll only use it for that purpose, unless you’ve been otherwise informed and given your permission where relevant.
- We won’t ask for more information than we need for the purposes for which we’re collecting it.
- We'll update our records when you tell us that your details have changed.
- We'll periodically review your personal information to ensure we don’t keep it for longer than is necessary.
- We'll ensure that your information is securely disposed of at the end of the appropriate retention period.
- We'll observe your rights under applicable privacy and data protection laws and will ensure that queries relating to privacy issues are dealt with promptly and transparently.
- We'll train our staff on their privacy obligations.
- We'll ensure we have appropriate physical and technological security measures to protect your information regardless of where it’s held.
