The Company is registered with Information Commissioner’s Office and takes its responsibilities under the Data Protection legislation and the General Data Protection Regulations very seriously. Pauline Cordiner is the Company’s Data Protection Officer and is responsible for data protection compliance.
The Company is required to process relevant personal data regarding employees, suppliers and customers as part of its operation and takes all reasonable steps to do so in accordance with Data Protection legislation.

The Company shall so far as is reasonably practicable comply with the Data Protection principles to ensure all data is:-

• Fairly and lawfully processed
• Processed for a lawful purpose
• Adequate, relevant and not excessive
• Accurate and up to date
• Not kept for longer than necessary
• Processed in accordance with the data subject’s rights
• Secure
• Not transferred to other countries without adequate protection

Data subjects have the right to access information held by the Company, subject to the provisions of the relevant legislation. Any data subject wishing to access their personal data should put their request in writing to the Data Protection Officer. The Company will endeavour to respond to any such written requests as soon as is reasonably practicable and, in any event, within 30 days.

If an individual believes that the Company has not complied with Data Protection legislation, the individual should contact the Data Protection Officer and may also contact the Information Commissioner’s Office.

The Company will take appropriate technical and organisational steps to ensure the security of personal data. All employees are required to respect the personal data and privacy of others and must ensure that appropriate protection and security measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to personal data. An appropriate level of data security must be deployed for the type of data and the data processing being performed.

The Company may retain data for differing periods of time for different purposes as required by statute or best practices. When deleting or destroying data this must be carried out in a secure and appropriate manner.