Welcome To Your Data Protection Journey. Paula Tighe Information Governance Executive
|
|
- Ashley Byrd
- 6 years ago
- Views:
Transcription
1 Welcome To Your Data Protection Journey Paula Tighe Information Governance Executive
2 Legal Statement All information in this presentation is protected under copy right and where indicated protected under trademark. No one is allowed to use, disseminate or copy the information from this information pack or power point without the explicit written consent of: Wright Hassall LLP Olympus Avenue Leamington Spa Warwickshire CV34 6BF Please contact for more information on: 1.This statement 2.Data Protection Trusted Advisor services 3.Data Protection Training 4.Data Protection working group studies for tenants and leaseholders Paula Tighe: or by ing
3 Data Protection in the Workplace Make it simple by knowing What is the regulators view How can it be applied
4 Regulator Source of information and help: Lynne Shackley Lead Policy Officer Regulator of DPA & FOIA : Information Commissioner Office Christopher Graham: Information Commissioner
5 Aim Data Protection Act Privacy Rights For Living Individuals (Data Subjects) Controls processing requirements of Individuals personal data 8 Guiding Principles Obligations on Organisations who collect and process Individuals personal data Defines obligations for Data Controllers
6 Back to Basics - Data Controller Organisation Person Who decides the purpose and manner in which a individuals personal data will be processed
7 Data controller s responsibilities Comply with all the provisions of the Act Ensure the right data is collected, used and shared in line with the Act Notify the ICO of all the purposes they intend to collect and process personal data for Ensure they comply with the individual s (Data Subject s) rights Comply with the 8 Data Protection Principles Understand and comply with Directors responsibilities (sec 61)
8 Back to Basics - Data Processor Can be a person or organisation A third party which the data controller has instructed by contract to carry out functions on their behalf. Where you have detailed their obligations to ensure compliance with the DPA and supplied them individuals personal data
9 Data processor responsibilities Processes personal data on behalf of a Data Controller (not employee of the data controller) They are not legally responsible for the personal data They make no decisions about how the data will be used, shared, stored, secure and destroyed The data controller carries all the risk
10 Back to basics - Personal Data (schedule two) Data which relates to a living individual who can be identified from that data. This includes an expression or opinion about any living individual: Name Bank account Details Telephone number Image Address address CCTV Footage Gender Barbie has rang again about her leaking tap, for the 10 th time can you arrange for a plumber to go out again!!! I know you have gone out before and found no problems she is old and may have a bit of dementia coming on!!.
11 When collecting and processing Personal Data the organisation has to Obtain informed consent (Show and Tell) It can be obtained in different ways: A proposed or agreed contract tenancy agreement, lease agreement or employment contract Statement on website, back of receipts or letter/ ASB wittiness statement or interview/report form But you can process without informed consent if: Need to comply with legal obligations Protect the vital interests of an individual Comply administration of justice or to exercise functions of a public nature which is in the public interest Legitimate interest ensuring the processing is justifiable to the individual s rights
12 Get the Basics Right - Sensitive Personal Data Ethnicity Religious or Other Beliefs Political Opinions Membership of a Trade Union Sexual Life Offences Committed or Alleged to have been Committed by that Individual Medical History
13 When collecting Sensitive Personal Data the organisation has to Obtain Explicit Consent It can be obtained in different ways, but you need to ensure that the consent you obtain is "unambiguous, freely given and fully understood A signature or a verbal agreement which is recorded and confirmed But you can process without explicit consent if: The individual has made the information public To protect the vital interests of an individual legal proceedings and/or legal advice Exercising contractual obligations (DBS checks for a job)
14 Fair and Lawful data sharing As long as you are C.O.T you can process and share without consent: For the prevention or detection of crime and fraud For the apprehension or prosecution of offenders For the assessment or collection of tax or duty owed to customs & excise In connection with legal proceedings In relation to the physical or mental health of an individual, where disclosure is required to protect them or vital interests
15 Fair and Lawful data sharing For research and statistical purposes (anonymous) To carry out contractual obligations Administration of justice, exercise functions of public nature in public interest Legitimate interests except where unwarranted prejudices individual rights To comply with the law
16 Fair and Lawful data sharing Consider when consent should be sought and is it reasonable to disclose personal data without consent? What duty of confidentiality do we owe the 3 rd party Have steps been taken to seek consent and note refusal and/or objection? Have steps been taken to record legal and/or regulatory grounds for disclosure? Only supply the data if you have relevant authority and paper work It is fine to positively challenge the request and ask for it in writing BUT
17 Fair and Lawful data sharing To protection a person(s) vital interests Never delay responding to a request which has been verified from the: Police Prevention/Detection of crime Social Services Protection of a child or vulnerable person Health Protection of a child or vulnerable person Child Protection Unit Protection of a child or young person If in doubt ASK
18 Fair and Lawful data sharing - Third parties If the personal data requested involves disclosing information about third parties, you should: 1. Consider whether it can be anonymised Where the organisation cannot comply with the request without disclosing third party data it is not obliged to comply unless: 2. Third party consents, or 3. It is reasonable in all the circumstances to comply without the consent of that individual
19 Fair and Lawful data sharing Processing is necessary for the purposes of legitimate interests of the data controller or by third parties to whom the data are disclosed. If the use of the data prejudice s the rights and freedoms or legitimate interests of the individual then you need to : Assess on a case by case basis Balance your interests and that of the individual Share only what is legitimate for the purpose it is intended for You have confirmed and recorded if you do or do not need informed and explicit consent for sharing Example LA Supplying Association names/addresses of elderly people for the provision of support services
20 Your First Principle Process personal data fairly and lawfully Clear Open and Transparent Collect Use Share and Secure data correctly Confirm when you need consent 1 Personal Data Informed Sensitive Personal Data Explicit
21 Your First Principle Made Easy Tell them who the data controller or data processor is and what and when their data will be collected and Used Shared Stored Retained Secured Destroyed This is a fair processing notice do you recall seeing one?
22 Your First Principle Made Easy Now ask yourself do you have customers who are vulnerable? Do they understand why their data is being collected? Do they understand why you are collecting, using, sharing and securing their data? Do they have the mental capacity to clearly understand the above? Find their advocate and open the conversation and record Next of Kin Representative Social Worker
23 Your Second Principle Personal data must be used for the specified purposes you informed the individual about Do not be use their data for any incompatible purpose use the C.O.T approach Think about what the recipient of the data will use it for 2 Do you need to review your notification and inform individuals of the new form of processing
24 Your Second Principle in practice Personal data originally obtained for administrative purposes Name and date of birth of all occupants in a given address Shared with the Police to detect and prevent crime means the two purposes are compatible. But you need to share it in the right way. Proof of identification, relevant disclosure form detailing the purposes of the request, to whom it relates and do they restrict you informing the individuals of the data sharing Personal data obtained from the letting process Name/address Used by the communications team to send out marketing material regarding a new garden service people can pay for from an external third party contractor supply. This is a new purpose and incompatible.
25 Principles in practice Relevant and Adequate data sharing agreements does not mean a catch all approach. Look at what is the objective of the sharing and what is needed for that purpose. Why receive other RP or agency data only hold what is relevant and adequate for your purposes Accurate and up to date records you are sending troubled family data to a public body at their request thus enabling them to obtain funding. They will have limited responsibility. You need to ensure accuracy in you re and their systems on a regular basis Keep data for as long as it is needed ensure both parties retain the data for the pre-agreed time scale. Put in your sharing agreements provision for use, further sharing and retention. Attach a retention destruction schedule 3 4 5
26 Your Sixth Principle Your rights individuals Access personal data 40 days from valid request Object to the use of data that causes damage or 6 distress Seek correction, and destruction of personal data Object to the use of data for direct marketing Know about automated decision making Seek compensation
27 Your Seventh Principle - keep data secure Ensuring appropriate technical measures are in place Ensure you prevent unauthorised access and processing Ensure you prevent unlawful obtaining of personal data Train your staff 7
28 Your Eighth Principle - Limits on overseas transfers Personal data should not be transferred outside the outside EEA unless there is adequate protection for the rights of individuals Check if your third parties sub contract Check if your third parties secure your data at all times Check when you need to obtain the individuals consent to send data outside UK 8
29
30 Enforcement and Sanctions Regulator ICO Information Notice s and Assessment Requests Power to service Undertaking or Enforcement Notices Revoke right to process data Monetary Penalty (Up to Half Million Pounds) Evoke Sec 61 Directors Liability Evoke Sec 55 Personal Legal Accountability & Liability Power to enter LA/Government Audits Criminal & Civil Action Support people in court
31 Enforcement and Sanctions Courts Review the handling of subject access requests Order the payment of compensation Prosecute individuals for section 55 (theft of data) Data Controller Could suffer loss of confidence from customers, stakeholders and employees Could consider disciplinary action
32 Exemptions in practice There is always time when you can give or share individuals data without consent or knowledge. Its knowing the why, when and the how to make if fair and lawful Section 29 Crime and taxation Section 35 Required by the law
33 Exemptions Crime and Taxation Section 29 Personal data held for the purposes of preventing or detecting crime, apprehending or prosecuting offenders, or assessing and collecting any tax or duty are exempt if disclosure would prejudice one of these purposes. The exemption is restricted to bodies such as the Police, Inland Revenue and Rate Collection Agencies (utilities companies) council tax, benefit agency, CSA. Association can use Sec29 for prevention and detection of crime, fraud or for the use of misuse of public funds Check the investigator complies with the list of approved bodies appointed Debt collecting agencies cannot use of sec29 Private investigators cannot use of sec29
34 Exemptions Section 29 Taxation Taxation covers Water, Gas and Electric and Customs They have to put request on in writing (headed paper) They need to supply name of the debtor When the debt was incurred and by whom (start and end) What legal action they are seeking to recover the debt They have to quoting they want to evoke section 29 provisions Data controller can only supply the forwarding address of the debtor if it is known, it cannot be a corresponding and/or next of kin address. Tell your customers how you will share data without their consent for this purpose in your fair processing notice
35 Exemptions Section 35 - Comply with Law or Legal Proceedings Where the disclosure is required by or under any enactment, rule of law, or order of the court, or Where disclosure is necessary for the purpose of or in connection with, any legal proceedings (including prospective ones) The purpose of obtaining legal advice The purposes of establishing, exercising or defending legal rights
36 Exemptions Disclosures relating to the physical or mental health or condition of the individual If you are not a qualified health professional the information should not be provided unless the appropriate health professional has been consulted. If the organisation intends to rely upon an existing opinion obtained within the previous six months, they must consider whether it is reasonable in all the circumstances whether to re-consult the health professional However if a subject access request has been made and the organisation is satisfied the individual has previously seen and/or already have information you can decide to share or not as they already have it Note: circumstances change if unsure obtain health professional opinion
37 Privacy Impact Assessments Information sharing protocols Mandatory for all government departments to carry out PIA on new policies and processes involving individuals persona data. PIA would be required when entering into sharing exercises with other agencies (e.g. troubled families) They help understand and evaluate potential risks for the individual and organisation regarding the sharing Help make informed risked based and recorded decisions Help decide if the sharing should take place Have you ever asked to see your LA PIA s
38 Data Sharing Agreements (Protocol) They need to formally define the sharing purposes, agents, privacy rights of the individuals and obligations of the agencies. Clauses: Purpose and Members of the project What data is to be shared PD, SPD or anonymous What is the purpose of sharing (sec29) What legitimate and legal obligations have the agencies in place to share data with or without consent Proportionate Test Further use of the data (prevent recipient from processing activities) Roles, Responsibilities and Accountabilities Security requirements of all parties
39 Data Sharing Agreements (Protocol) Integrity of the shared data and each controllers obligations Freedom of information or Environmental Information Regulations Inspection and data protection audit reviews Loss or unauthorised release steps (breach management procedure) Actions for end of project
40
41 Case Study A housing officer is attending a child protection case conference at social services. They take the housing association case file home as the meeting is the next day. They stop off for a drink at the pub with some friends of the office. Whilst getting their drinks their bag is stolen with all the paper work in: Q What risks do you feel their maybe to the persons in the file? Q Name one risk to the organisation?
42 Case Study A applicant for housing is being interviewed by the housing provider before making an offer of accommodation. The provider telephones her contact at the Community Safety Unit and supplies them with their name, date of birth, national insurance number and last known address. They ask them to confirm this persons criminal history and any convictions as they have some suspicions. Q What do you think the response and outcome will be based on what you have in your toolkit?
43 Case Study Police contact a housing officer and request them to supply them with all of the tenants and their occupants names for a block of 30 flats. They want their names, any telephone or contact details you hold and copies of CCTV footage of the entrance for the last month. The request is over the phone and they inform you they need this as they are investigating an attempted murder case. Q What would you consider and use in your toolkit today in helping you answer this request?
44 Fair and lawful use Accurate and, where necessary, kept up to date In accordance with individual rights Relevant, adequate, not excessive Not kept longer than necessary Expected purposes only Security measures Safe transfers overseas
45
46 FEEDBACK THANK YOU FOR YOUR PARTICIPATION
DATA PROTECTION AND PERSONAL INFORMATION FAIR PROCESSING POLICY
Directorate of Clinical and Quality Assurance & Trust Secretary DATA PROTECTION AND PERSONAL INFORMATION FAIR PROCESSING POLICY Reference: CQP013 Version: 1.1 This version issued: 07/03/13 Result of last
More informationData Protection Policy. Newbury Academy Trust
Newbury Academy Trust 1. Introduction 1.1. Academy, Academy Trust all refer to Newbury Academy Trust, Love Lane, Newbury, Berkshire, RG14 2DU. School refers to one of the three schools within the Newbury
More informationData Protection Policy
Data Protection Policy 1.0 Policy 1.1 This policy applies to all members of the University of Wolverhampton ( the University ). For the purposes of this policy, the term Staff means all members of University
More informationPOSITIVE SOLUTIONS FAIR PROCESSING NOTICE
FAIR PROCESSING NOTICE P 1 POSITIVE SOLUTIONS FAIR PROCESSING NOTICE INTRODUCTION following: Positive Solutions (Financial Services) Ltd. Registered Individuals of Positive Solutions (Financial Services)
More informationWhat is a Fair Processing Notice (FPN)? To ensure that we process your personal data fairly and lawfully we are required to inform you:
Fair Processing Notice Intrinsic Financial Services ("Intrinsic") it's Appointed Representatives ("AR") and the AR's Advisers are committed to complying with the Data Protection Act 1998. As a financial
More informationFitzwilliam College Data Protection Policy
Fitzwilliam College Data Protection Policy INTRODUCTION The information within this policy and supporting guidelines are important and apply to all members and staff of the College who shall in this policy
More informationThe Controller and Processor Data Protection Binding Corporate Rules of BMC Software
The Controller and Processor Data Protection Binding Corporate Rules of BMC Software 4 August 2015 Table of Contents Introduction 2 PART I: BACKGROUND AND ACTIONS 3 PART II: BMC AS A CONTROLLER 5 PART
More informationFair Processing Notice
Fair Processing Notice Mortgage Select SW Ltd ( Mortgage Select ) and our advisers and staff are committed to complying with the Data Protection Act 1998. As a financial services intermediary Mortgage
More informationAppropriate Policy Document
Appropriate Policy Document Schedule 1, Part 4, Data Protection Act 2018 July 2018 Privacy Notice - Appropriate Policy Document v2.docx Page 1 of 8 Contents 1 Introduction... 3 2 Relevant Schedule 1 conditions
More informationSouthern Golden Retriever Rescue Data Protection Policy
Southern Golden Retriever Rescue Data Protection Policy Date: 16.05.18 V3 Next Policy Review Date by Trustees: May 2019 Contents 1. Introduction... 2 2. Policy... 2 3. Responsibilities... 2 4. Definitions...
More informationData Protection: Fair processing of student personal information Contents
Data Protection: Fair processing of student personal information Contents Introduction... 2 What is personal data... 2 Sensitive personal data... 2 The Data Protection Act 1998... 2 The conditions under
More informationGLOBAL DATA PROTECTION POLICY URUP
Page 1 of 8 1. SCOPE AND INTRODUCTION GLOBAL DATA PROTECTION POLICY URUP 1.1. This document is intended to provide a policy under which URUP International Limited, its subsidiaries and affiliates and/or
More informationPrivacy Policy. HDI Global SE - UK
Privacy Policy HDI Global SE - UK Privacy Policy Your privacy is very important to us. We promise to respect and protect your personal information and try to make sure that your details are accurate and
More informationGUIDANCE NOTE ON THE DATA PROTECTION ACT Information for clubs & county associations
GUIDANCE NOTE ON THE DATA PROTECTION ACT Information for clubs & county associations This guidance note gives an overview of how the (the Act ) applies to clubs and county associations. It suggests a series
More informationDATA PROTECTION POLICY. Little Baddow Parochial Church Council
DATA PROTECTION POLICY Little Baddow Parochial Church Council INTRODUCTION: The Data Protection Act 1998 ( the Act ) seeks to protect individuals against the unfair use of personal information. There are
More information1. What Data do we collect and where do we get it from?
HOW WE PROTECT YOUR PERSONAL INFORMATION PLEASE READ THIS CAREFULLY 1. What Data do we collect and where do we get it from? For the purposes set out in this notice, the Information Commissioner (ICO) requires
More informationASTRAZENECA GLOBAL POLICY DATA PRIVACY
ASTRAZENECA GLOBAL POLICY DATA PRIVACY This Global Policy sets out the requirements for ensuring that we collect, use, retain and disclose personal data in a fair, transparent and secure way. Personal
More informationDATA PROCESSING TERMS DEFINITIONS
DATA PROCESSING TERMS DEFINITIONS Agency: means KTS Events Limited (company registration number 05289039) and any business entity from time to time controlling, controlled by, or under common control or
More informationArk Syndicate Management Limited. Privacy and Transparency Notice. Version 1
Ark Syndicate Management Limited Privacy and Transparency Notice Insurance Market Information Notice Insurance is the pooling and sharing of risk in order to provide protection against a possible eventuality.
More informationData Protection Privacy Notice for people not directly involved in the accident
Data Protection Privacy Notice for people not directly involved in the accident Purpose of this Privacy Notice MIB (or we ) respects your privacy and is committed to protecting your personal data. This
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Author: Mrs A Taylor Approval needed Board of Directors by: Adopted (date): 6 December 2016 Date of next review: December 2017 Data Protection Policy Introduction The de Ferrers
More informationWHO IS RESPONSIBLE FOR LOOKING AFTER YOUR PERSONAL DATA?
OVERVIEW of this Policy and Commitments to Privacy within Dual At Dual ("we", "us", "our"), we regularly collect and use information which may identify individuals ("personal data"), including insured
More informationCONTRACTUAL PURPOSES. Last Updated: 8 Oct 18
On signing this Tenancy Agreement you will become an RBH Tenant. To deliver our full range of services to you, the personal information you have provided will be processed in a number of ways as set out
More informationPRIVACY NOTICE Use of Information Data Controller and Data Processor
PRIVACY NOTICE Please take time to read this document carefully as it contains details of the basis on which we will process (collect, use, share, transfer) and store your information. You should show
More informationThe New EU General Data Protection Regulation (GDPR)
The New EU General Data Protection Regulation (GDPR) The clock has started on the biggest change to the European data protection regime in 20 years. After four years of negotiation, the new EU General
More informationMobius Life Limited Data Privacy Notice
Mobius Life Limited Data Privacy Notice Introduction This data privacy notice confirms how Mobius Life Limited (referred to hereafter as our, us, we or MLL ) obtains, manages, uses, retains and destroys
More informationBDML Connect Ltd Privacy Policy_v1.0_March updated Markerstudy Group 2018 Page 1 of 11
BDML Connect Limited PRIVACY POLICY: HOW WE USE YOUR INFORMATION BDML ( We, Us, Our ) a trading name of BDML Connect Limited are committed to protecting your privacy. We take great care to ensure your
More informationThe following guidelines have been developed to assist all staff with the adherence to the Privacy & Data Protection Act (Vic) 2014 (the PDP Act ).
Privacy Policy Code and version control: COR013/02-07-2015 Policy owner : Director Corporate Date approved by CEO: 2 July 2015 Scheduled review date: 2 July 2018 Related policies and documents: Privacy
More informationAll Sorts UK Limited Data Protection Policy 17 th May 2018
All Sorts UK Limited Data Protection Policy 17 th May 2018 1. Introduction This Policy sets out the obligations of All Sorts UK Limited, a company registered in England under number 03534972, whose registered
More informationPrivacy. Policy. Purpose. Coverage. Policy. Code and version control:
Privacy Policy Code and version control: COR013/24-01-2017 Policy owner : Director Corporate and Student Services Date approved by CEO: 24 January 2017 Scheduled review date: 24 January 2020 Related policies
More informationBINDING CORPORATE RULES
BINDING CORPORATE RULES CONTROLLER PRINCIPLES INTRODUCTION At Marsh & McLennan Companies (MMC), we respect and are committed to protecting the privacy, security and integrity of Personal Information 1
More informationKCSP Data Protection Policy
KCSP Data Protection Policy Approving Body Board of Directors Approval Date March 2017 Review Date March 2019 By knowledge the upright are safeguarded [Proverbs 11/9] 1. Statement of purpose The purpose
More informationPRIVACY POLICY OF BPO INSOLVENCY LIMITED (COMPANY REGISTRATION NO ) REGISTERED OFFICE 37 WALTER ROAD SWANSEA SA1 5NW
PRIVACY POLICY OF BPO INSOLVENCY LIMITED (COMPANY REGISTRATION NO. 09830297) REGISTERED OFFICE 37 WALTER ROAD SWANSEA SA1 5NW 1. This Policy We take privacy seriously and we are committed to protecting
More informationFINANCIAL SERVICES OPPORTUNITIES INVESTMENT FUND LIMITED Company Registration Number: PRIVACY NOTICE
FINANCIAL SERVICES OPPORTUNITIES INVESTMENT FUND LIMITED Company Registration Number: 62421 PRIVACY NOTICE This Privacy Notice sets out how your personal data is collected, processed and disclosed in connection
More informationPrivacy & Data Protection Procedure-Box Hill Institute Group
Privacy & Data Protection Procedure-Box Hill Institute Group Related Policy Procedure: Privacy & Data Protection Policy BHI Group Responsibility 1. In all Box Hill Institute Group (BHI Group) practices
More informationData held by BASC clubs and syndicates - a brief guide
Data held by BASC clubs and syndicates - a brief guide Introduction All clubs and friendly societies should not collect more information than necessary or legally entitled to under the Data Protection
More informationClaims Handling We process Your Personal Data in order to record and handle your insurance claim. This may include sharing your Personal Data with:
Privacy Statement This Privacy Statement details our policies and procedures in relation to the personal data we process. Haven Claims are committed to processing data in accordance with the General Data
More informationMulti Agency Assessment Panels Data Protection Protocol
Multi Agency Assessment Panels Data Protection Protocol 1. Introduction 1a. What is Data Protection? Data Protection is important when dealing with information about living individuals. The 1998 Data Protection
More informationLinemac Toyota s APP Privacy Policy
Linemac Toyota s APP Privacy Policy Introduction 1. This APP Privacy Policy of Linemac Motors Pty Ltd ACN 079 361 274 trading as Linemac Toyota ( Linemac Toyota ) is Linemac Toyota s official privacy policy
More informationERGO Versicherung AG UK Branch Data Privacy Notice
ERGO Versicherung AG UK Branch Data Privacy Notice This privacy notice is designed to help you, as a customer of ERGO Versicherung AG UK Branch (ERGO), to understand how we process your personal. You are
More informationPension Trustees. Final Countdown to the GDPR
Pension Trustees Final Countdown to the GDPR Introduction The General Data Protection Regulation (GDPR) will come into force in all EU Member States in May 2018. It is not a radical departure from the
More informationprivacy notice who is responsible for processing your personal data and who you can contact in this regard reasons for processing your data
privacy notice privacy notice This privacy notice provides an overview of how Pancyprian Insurance Ltd (the Company ) processes your personal data. Personal data refers to any information relating to you
More informationOur lawful basis for processing. Processing is necessary. Processing is necessary for compliance with. legal obligation.
Merton College RoPA Non Academic Staff ID. Category of personal data Source of the data Why we process it How long we keep this data 1 Dietary information To ensure that you are provided with foods meeting
More informationHOW WE PROTECT YOUR PERSONAL INFORMATION PLEASE READ THIS CAREFULLY
HOW WE PROTECT YOUR PERSONAL INFORMATION PLEASE READ THIS CAREFULLY 1. What Data do we collect and where do we get it from? For the purposes set out in this notice, the Information Commissioner (ICO) requires
More informationThis information, or "personal data" as it is often referred to, must be processed according to the principles contained within the Regulation.
MBIT Data Protection Policy (May 2018) Introduction The Margaret Beaufort Institute of Theology (MBIT) is committed to protecting the rights and privacy of individuals in accordance with the EU General
More informationDATA PROTECTION NOTICE
DATA PROTECTION NOTICE Who are we? We are the Trustees of the Pension Scheme for the Nursing and Midwifery Council and Associated Employers (the Scheme). We collect, hold and use personal information to
More informationMan and Machine - Data Protection Policy
Man and Machine - Data Protection Policy 1. Introduction This Policy sets out the obligations of Man and Machine Ltd, whose registered office is at Unit 8 Thame 40, Jane Morbey Road, Thame, Oxfordshire,
More informationEU Data Processing Addendum
EU Data Processing Addendum This EU Data Processing Addendum ( Addendum ) is made and entered into by and between AlienVault, Inc., a Delaware corporation ( AlienVault ) and the customer specified in the
More informationHydro Building Systems UK Limited ( the Company )
Hydro Building Systems UK Limited ( the Company ) Privacy Policy relating to the enhanced transfer value (ETV) option in connection with the Sapa Holdings Limited Pension and Life Assurance Scheme (the
More informationThe Pension and Life Assurance Plan of NG Bailey (Scheme) Privacy notice
The Pension and Life Assurance Plan of NG Bailey (Scheme) Privacy notice WHAT IS THE PURPOSE OF THIS DOCUMENT? The trustees are committed to protecting the privacy and security of your personal information.
More informationAmgen Binding Corporate Rules (BCRs) Public Document
Amgen Binding Corporate Rules (BCRs) Public Document Introduction: Amgen is a biotechnology leader committed to serving patients with grievous illness. Binding Corporate Rules (BCRs) express Amgen s commitment
More informationERGO Versicherung AG UK Branch Data Privacy Notice
ERGO Versicherung AG UK Branch Data Privacy Notice This data privacy notice is designed to help you understand how ERGO Versicherung AG UK Branch (ERGO) processes your personal data. This notice specifically
More informationDATA PROTECTION INSURANCE MARKET CORE USES INFORMATION NOTICE
DATA PROTECTION INSURANCE MARKET CORE USES INFORMATION NOTICE 31 May 2018 LANDING PAGE INSURANCE MARKET INFORMATION NOTICE Insurance is the pooling and sharing of risk in order to provide protection against
More informationPrivacy Policy. For the purposes of Data Protection Legislation the data controller is the Company.
Privacy Policy Ashoka India Equity Investment Trust plc (the "Company"), or any third party service provider, functionary, or agent appointed by the Company acting on its behalf (together, the "Fund",
More informationPRIVACY STATEMENT. There are terms in bold with specific meanings. Those meanings can be found in the attached Glossary.
PRIVACY STATEMENT Insurance is the pooling and sharing of risk in order to provide protection against a possible eventuality. In order to do this, information, including your personal data, needs to be
More informationPRIVACY NOTICE LAST UPDATED: SEPT. 2018
PRIVACY NOTICE LAST UPDATED: SEPT. 2018 HOW THE BANK USES YOUR PERSONAL DATA This privacy notice provides an overview of how Hellenic Bank Public Company Ltd (the Bank ) processes your personal data. Personal
More informationArcare Aged Care APP Privacy Policy
Arcare Aged Care APP Privacy Policy Introduction The purpose of this privacy policy is to outline the practices adopted by Arcare Aged Care (Arcare) for the management of personal and health information.
More informationTEREX CORPORATION DATA PROTECTION POLICY
TEREX CORPORATION DATA PROTECTION POLICY Terex Data Protection Policy Page 1 Index 1.0 Policy Statement, Purpose and Scope... 3 2.0 Requirements... 3 2.1 Data Protection Principles... 3 2.2 Communication
More informationPrivacy Policy. Amendment History. Trustee Name
Trustee Name Policy Name Number of Pages (ABN: 74 065 680 195, RSE: L0003155), trustee of the Manildra Flour Mills Retirement Fund (ABN: 32 448 411 930, RSE R1067415) 6 (plus this covering page and a contents
More informationPrivacy Notice Student Loans Company Ltd
Privacy Notice Student Loans Company Ltd Student Finance England is the student finance service provided in England by the Student Loans Company Ltd. Student Finance Wales is the student finance service
More informationProfessional Indemnity for the Motor Trade
Allianz Insurance plc www.allianz.co.uk Supplementary Proposal Form Professional Indemnity for the Motor Trade This is a supplementary proposal form and should be completed and read in conjunction with
More informationBanks Sheridan Limited Data Protection Privacy Policy 19 May 2018
Banks Sheridan Limited Data Protection Privacy Policy 19 May 2018 1. Introduction This Policy sets out the obligations of Banks Sheridan Limited ( the Company ) regarding data protection and the rights
More informationGROUP PRIVACY POLICY. Adopted June 20th, 2017 by each of the Boards of Carnegie Holding AB and Carnegie Investment Bank AB (publ).
GROUP PRIVACY POLICY Adopted June 20th, 2017 by each of the Boards of Carnegie Holding AB and Carnegie Investment Bank AB (publ). 1 PURPOSE AND SCOPE 1.1 The aim of this policy is to establish uniform,
More informationWe are bound by the Privacy Act 1988 (Cth) (Act) and the Australian Privacy Principles set out in the Act.
About this GROSS WADDELL PTY. LTD. (ACN: 606 080 193) trading as Gross Waddell is committed to respecting your right to privacy and protecting your personal information. We are bound by the Privacy Act
More informationLondon Borough of Redbridge
Data Protection Policy Classification: Not Protectively Marked Date: March 2013 Version: 1.0 Owner(s): Information Governance Board 1.1 Change Control This document is subject to change control and amendments
More informationSILCHESTER INTERNATIONAL INVESTORS DATA PROTECTION POLICY
SILCHESTER INTERNATIONAL INVESTORS DATA PROTECTION POLICY INTRODUCTION Silchester International Investors LLP, Silchester International Investors, Inc., Silchester Partners Limited and Silchester Capital
More informationHighland Distillers Pension Scheme (the "Scheme") Privacy Notice
Highland Distillers Pension Scheme (the "Scheme") Privacy Notice This notice explains how The Trustees of the Highland Distillers Pension Scheme (the "Trustees") use and protect the personal information
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY OVERVIEW KEY DETAILS Policy prepared by: Roger Dunn Approved by Board/committee on: 23/05/2018 Next review date: 20/05/2020 INTRODUCTION In order to operate, Lancaster and District
More informationEuropean Union General Data Protection Regulation
European Union General Data Protection Regulation Policy 25 May 2018 Bendigo and Adelaide Bank Limited ABN 11 068 049 178 General Data Protection Regulation (GDPR) Application This GDPR section of our
More information1.1. This policy lays out how Glebe Primary School will comply with its responsibilities under the Data Protection Act 1998.
We can and we will GLEBE PRIMARY SCHOOL Data Protection Policy Mission Statement: At Glebe School we believe in an ethos that values the whole child. We strive to enable all children to achieve their full
More informationDepending on the circumstances and the stage of your membership, we may hold some or all of the following information about you:
National Grid UK Pension Scheme (NGUKPS) Privacy Notice National Grid UK Pension Scheme Trustee Limited is the trustee ( the Trustee ) of the National Grid UK Pension Scheme ( the Scheme ) and is responsible
More informationWhen is it OK to share information about other people?
When is it OK to share information about other people? Max Todd, Council Secretariat Geoff Hemmings, Legal Services Wednesday 1 October 2014 What is personal data? Data that relates to a living person,
More informationData Protection Act Policy
Data Protection Policy Version 1.0 Last amended: 18 January 2013 Policy Owner: Governance Team Data Protection Act Policy Data Protection The University of Nottingham takes its responsibilities with regard
More informationThe GDPR how to prepare MiFID II where are we now? Wednesday 21 February 2018
The GDPR how to prepare MiFID II where are we now? Wednesday 21 February 2018 GDPR so far The EU General Data Protection Regulation (Regulation (EU) 2016/679) comes into effect on 25 May 2018 Aims to protect:
More informationThe BVRLA Guide to. The General Data Protection Regulation British Vehicle Rental and Leasing Association
The BVRLA Guide to The General Data Protection Regulation British Vehicle Rental and Leasing Association BVRLA Guide to the General Data Protection Regulation March 2018 Table of Contents Introduction...
More informationProperty Owners Submission Form
Property Owners Submission Form Broker Details Broker: Telephone No: Contact Name: Email Address: Client Details Insured Name: Premises Address for (Material Damage) : Property Owners Liability Address
More informationDATA PRIVACY & FAIR PROCESSING NOTICE
Scope All data subjects whose data is processed by TC Debt Solutions, which is part of Thomson Cooper Accountants. Responsibilities Thomson Cooper Partner Mark Mitchell (mmitchell@thomsoncooper.com) is
More informationWe take privacy and security of your information seriously and will only use such personal information as set out in this Privacy Notice.
Data Protection Privacy Notice for Shareholders This Privacy Notice sets out how personal data is collected, processed and disclosed in connection with The Renewables Infrastructure Group Limited (the
More informationInstitutional Investment Advisors Limited
Institutional Investment Advisors Limited Privacy Notice This Privacy Notice explains how we use the personal information that Institutional Investment Advisors collects or generates in relation to our
More informationWhat types of personal information is collected and why? Our privacy commitment to you. Personal information. What is personal information?
Our privacy commitment to you CSF Pty Limited (ABN 30 006 169 286, AFSL 246664) (the Trustee), the trustee of the MyLifeMyMoney Superannuation Fund (ABN 50 237 896 957) (the Fund) is committed to respecting
More informationPrivacy Statement. Key Definitions. Data Controller. Processing
Privacy Statement This Privacy Statement details our policies and procedures in relation to the personal data we process. Haven Claims ( Haven ) are committed to processing data in accordance with the
More informationLOCAL GOVERNMENT ASSOCIATION TEMPLATE MEMORANDUM OF UNDERSTANDING FOR LGPS FUNDS
LOCAL GOVERNMENT ASSOCIATION TEMPLATE MEMORANDUM OF UNDERSTANDING FOR LGPS FUNDS 1. This template memorandum of understanding has been prepared for the Local Government Association. We understand that
More informationMember Circular March Implementation of the EU General Data Protection Regulation 2016/679 General Guidance to Members
Member Circular March 2018 Implementation of the EU General Data Protection Regulation 2016/679 General Guidance to Members Introduction Regulation (EU) 2016/679 containing the General Data Protection
More informationEnerSys UK Pension Scheme (the Scheme) Privacy Notice
EnerSys UK Pension Scheme (the Scheme) Privacy Notice This notice explains how the trustees of the Scheme use and protect the personal information that they hold about members and other beneficiaries of
More informationBest Practice: Responding to a Privacy Breach
Best Practice: Responding to a Privacy Breach Introduction The Access to Information and Protection of Privacy Act (ATIPP Act or Act) has a dual purpose: to make public bodies more accountable to the public
More informationhenriksen limited This document sets out how Henriksen processes data and your rights as the data subject.
henriksen limited Henriksen Limited Fair Processing and Privacy Notice Henriksen is committed to protecting the rights and privacy of data subjects and ensuring all data is processed in line with the requirements
More informationMid Market Rent Application Form
About You Title First Name(s) Last Name Current Address Applicant Date Of Birth Daytime Number Mobile Number Email Address Preferred Contact Method How did you hear about MMR? Relationship to You Who else
More informationPROPFIN LTD. Data Protection Policy
PROPFIN LTD Data Protection Policy Copyright 2017 PropFin. PropFin is a registered trademark of Propfin Ltd and is protected by law 1 1. Introduction The Company is committed to compliance with the requirements
More informationCCTV Policy. In this section, we give you further information about us as a data controller.
CCTV Policy 1. Data Controller In this section, we give you further information about us as a data controller. Page 1 1.1 Dublin & Dún Laoghaire ETB is the data controller. Our address and contact details
More informationNational Privacy Principles - Soccer NSW [POLICY]
National Privacy Principles - Soccer NSW [POLICY] Soccer NSW is the senior State sporting organisation responsible for the development, organisation and promotion of Football (Soccer) within the State
More informationPension Trustees Final Countdown To GDPR
Pension Trustees Final Countdown To GDPR " ROBERT HANIVER SENIOR ASSOCIATE/TECHNOLOGY MASON HAYES & CURRAN " STEPHEN GILLICK PARTNER/PENSIONS MASON HAYES & CURRAN The General Data Protection Regulation
More informationPrivacy Statement for Intermediaries
Privacy Statement for Intermediaries This Privacy Statement applies to intermediaries who submit business under the following terms: (1) Terms of Business Non-FCA Regulated Firms, and (2) Terms of Business
More information2. FROM WHICH SOURCES THE BANK COLLECTS YOUR PERSONAL DATA?
P R I V A C Y N O T I C E Last updated May 2018 Eurobank Cyprus Ltd ( the Bank ) wishes to inform you why and how the Bank collects and processes your personal data as well as of your rights under local
More informationPrivacy Notice under the General Data Protection Regulation (GDPR)
Privacy Notice under the General Data Protection Regulation (GDPR) Who we are Royal Mail Pensions Trustees Limited is the trustee ( the Trustee ) of the Royal Mail Pension Plan ( the RMPP ). As the Trustee,
More informationPrivacy Policy. NESS Super is committed to respecting your right to privacy and protecting your personal information.
February 2018 Privacy Policy Our privacy commitment to you NESS Super is committed to respecting your right to privacy and protecting your personal information. We are bound by the provisions of the Privacy
More informationIf you are a business partner, we will collect your business contact details. Gender. Marital Status. Criminal History
PRIVACY POLICY At AXIS, we routinely collect and use personal information about individuals, including insured persons, claimants or business partners. We take our responsibilities to handle your personal
More informationTenancy fraud and data sharing
Tenancy fraud and data sharing A guide for housing associations A publication by the Making Best Use of Stock Team Chartered Institute of Housing Learn with us. Improve with us. Influence with us www.cih.org
More informationWHISTLEBLOWING POLICY
WHISTLEBLOWING POLICY INTRODUCTION East Kent Housing Ltd (EKH) is committed to the highest possible standards of propriety and accountability in the conduct of its activities for the community. Employees
More informationYOUR PERSONAL INFORMATION AND WHAT WE DO WITH IT
YOUR PERSONAL INFORMATION AND WHAT WE DO WITH IT WHO WE ARE AND HOW TO CONTACT US Bath Investment and Building Society of 15 Queen Square, Bath BA1 2HN is a data controller of your personal information.
More informationQuotation/Inception. Renewal. Policy administration. Claims processing PRIVACY POLICY
PRIVACY POLICY Aro Underwriting Group Ltd is committed to ensuring your privacy is protected. This Privacy Policy sets out details of the information that we may collect from you and how we may use that
More information