Data Protection Policy
1. Horsewyse CIC needs to collect and retain certain personal data to fulfil its business purposes and to meet its legal obligations.
2. Horsewyse CIC is committed to protecting the rights of individuals with regard to the processing of personal data and undertakes to manage personal data fairly and lawfully in accordance with the Data Protection Act.
3. This policy deals with the requirements of the Data Protection Act and its principles and provides the policy framework through which effective management of personal data can be achieved.
Responsibility for this policy
4. Ultimate responsibility for the development of clear and effective processes and procedures associated with data protection and the management of personal data lies with the Directors of Horsewyse CIC.
5. Responsibility for the implementation of this policy is shared across all staff and functions, both individually and collectively, of Horsewyse CIC.
The principles of data protection
6. There are eight Data Protection principles set out under the Act. In summary they are that personal data should be:
6.1 Obtained and processed fairly and lawfully;
6.2 Held and used only for specified purposes;
6.3 Adequate, relevant and not excessive;
6.4 Accurate and kept up to date;
6.5 Kept only for as long as is necessary;
6.6 Processed according to the Act;
6.7 Held securely;
6.8 Held within the European Economic Area.
Procedural Approach to Data Protection
7. Horsewyse CIC only collects personal data for specified legitimate purposes, and shall only process the information in accordance with those purposes.
General use of personal data
8. In accordance with the normal and proper conduct of business operations, Horsewyse CIC holds personal data on clients, current and former staff; other business and academic contacts; and other individuals interested or connected with
9. Personal data is held in a variety of formats, both electronic and hard copy.
10. For clients this will include (but not be restricted to) registration, administration, and the provision of general business services.
11. For staff this will include (but not be restricted to) the conduct of normal business management and employment matters.
12. Horsewyse CIC will only process and use personal data for legitimate and lawful purposes, and where practicable, with the relevant individual’s consent
13. For staff, it is a condition of employment that they consent to Horsewyse CIC processing their personal data. By applying for a position they signify their agreement.
14. Horsewyse CIC will use its best endeavours to ensure that personal data is accurate, kept up to date and securely, and is only retained for as long as is necessary.
15. Access to personal data is restricted to those personnel to whom it is necessary for the performance of their role. All staff who are authorised to access personal data are under an obligation to comply with this policy, the Data Protection Act and any other relevant guidelines or legislation.
16. Staff with access to personal data are required to ensure that it is held in a secure location where other unauthorised staff will not be able to access it without permission.
Accessing your personal data
17. Subject to the requirements of the Data Protection Act, anyone has the right to know and inspect what personal data Horsewyse CIC holds about them and for this to be correct. If an individual has a query regarding the accuracy of their personal data then their request will be dealt with fairly and impartially.
18. All staff and clients are responsible for checking that any personal data that they provide to Horsewyse CIC is accurate and up to date and informing Horsewyse CIC of any changes to that information, e.g. change of address.
19. Minor requests about personal data may be dealt with informally in the course of normal administration, at the sole discretion of Horsewyse CIC. In the first instance, clients should contact Horsewyse CIC directly and ask to speak to a Director.
20. A formal request for access to personal data can be made in writing to Horsewyse CIC. There is fee of £10 which must be paid in advance.
21. Horsewyse CIC will only disclose or transfer personal data to third parties where required by law, or as otherwise authorised under the Data Protection Act.
22. Personal data will only be transferred to third parties where this is for proper purposes related to business matters. This can include where Horsewyse CIC uses a subcontractor to carry out activities on its behalf. In such cases, Horsewyse CIC will ensure that the subcontractor is engaged under a suitable contract and that appropriate controls are in place to ensure that personal data is protected.
23. Any exceptional disclosure of personal data will always be balanced against the rights of the person as provided for under the Data Protection Act. Horsewyse CIC will not sell or supply personal data to third parties for their own marketing purposes.
Sensitive personal data
24. Sensitive personal data is defined under the Data Protection Act to include such matters as personal beliefs, ethnicity, and health. Where Horsewyse CIC holds Sensitive Personal Data about an individual, this will only be disclosed with their explicit consent, if required by law, or as otherwise authorised under the Data Protection Act.
Published 21st May 2018
Director of Horsewyse CIC - Miss D Wise. Horsewyse CIC. Registration number 06858836