Email: firstname.lastname@example.org Call: +44 1902 732110
Bowers & Jones Ltd collects and uses certain types of information about its customers, directors, suppliers and others with whom it communicates. In addition Bowers & Jones may be required to
collect and use certain types of information in order to comply with any legal requirements.
The Data Protection Act 1998 (“the Act”) requires that Bowers & Jones Ltd complies with a number of principles to ensure that personal information is collected, recorded, used and stored properly. Further, Bowers & Jones is required to ensure that there are safeguards in place to protect such information against any unlawful or unauthorised use of disclosure and accidental loss, destruction or damage.
The Act gives individuals the right to know what information is held about them. It provides a framework to ensure that personal information is handled properly.
The Act works in two ways. Firstly, it states that anyone who processes personal information must comply with eight data protection principles, which are as follows:
Personal data shall be processed fairly and lawfully.
Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
Personal data shall be accurate and, where necessary, kept up to date.
Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
Personal data shall be processed in accordance with the rights of data subjects under this Act.
Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
The second area covered by the Act provides individuals (data subjects) with important rights, including the right to find out what personal information is held on computer and most paper
records. In the event of a subject access request all organisations are required to disclose a complete record relating to the data subject.
Reveiwed 2017 / R-2018