Data Protection Policy Statement
Are They Safe Limited work within the Data Protection principles as follows:
SCHEDULE 1 to the Data Protection Act lists the data protection principles in the following terms:
- Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless –
(a) at least one of the conditions in Schedule 2 is met, and
(b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.
- Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
- Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
- Personal data shall be accurate and, where necessary, kept up to date.
- Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
- Personal data shall be processed in accordance with the rights of data subjects under this Act.
- Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
- Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Conditions relevant for purposes of the first principle: processing of any personal data
1 The data subject has given his consent to the processing.
2 The processing is necessary—
(a)for the performance of a contract to which the data subject is a party, or
(b)for the taking of steps at the request of the data subject with a view to entering into a contract.
3 The processing is necessary for compliance with any legal obligation to which the data controller is subject, other than an obligation imposed by contract.
4 The processing is necessary in order to protect the vital interests of the data subject.
5 The processing is necessary—
(a)for the administration of justice,
(aa)for the exercise of any functions of either House of Parliament,]
(b)for the exercise of any functions conferred on any person by or under any enactment,
(c)for the exercise of any functions of the Crown, a Minister of the Crown or a government department, or
(d)for the exercise of any other functions of a public nature exercised in the public interest by any person.
Conditions relevant for purposes of the first principle: processing of sensitive personal data
1The data subject has given his explicit consent to the processing of the personal data.
2(1)The processing is necessary for the purposes of exercising or performing any right or obligation which is conferred or imposed by law on the data controller in connection with employment.
(2)The Secretary of State] may by order—
(a)exclude the application of sub-paragraph (1) in such cases as may be specified, or
(b)provide that, in such cases, as may be specified, the condition in sub-paragraph (1) is not to be regarded as satisfied unless such further conditions as may be specified in the order are also satisfied.
If you have any questions in regards to our data protection policies please contact our data protection officer on 0207 1836973.