Secure Line Solutions Ltd
Home
Welcome
Meet the People
Works Videos
Secure Line Solutions Ltd
Home
Welcome
Meet the People
Works Videos
More
  • Home
  • Welcome
  • Meet the People
  • Works Videos
  • Home
  • Welcome
  • Meet the People
  • Works Videos

Privacy Policy

   

Secure Line Solutions Ltd respects the privacy of all individuals and takes very seriously its responsibilities under the Data Protection Act 1998 (“DPA”). This policy is designed to ensure that all information held on individuals is properly oversaw in all cases. The DPA requires that the “personal data” of living individuals that is kept by Secure Line Solutions Ltd on computer or well-structured paper files must be “processed” in accordance with eight principles (which are described in below). Personal data is defined very widely and is any data from which a living individual can be identified either from the information alone, or with other information which is in (or likely to come into) the possession of the UK operating company.

Examples of personal data include names, addresses, photographs, CCTV images of individuals, salary/job titles or opinions which allow individuals to be identified. Personal data also includes “sensitive personal data” – this is information about an individual’s racial or ethnic origin, political opinions, religious beliefs or other beliefs of a similar nature, trade union membership, physical or mental health or condition, sexual life or criminal

offences/proceedings. “Individuals” could be any living person – for example, employees, agency staff, customers, contractors, suppliers and job applicants. “Processing” includes obtaining, recording, holding, using, disclosing or erasing the personal data. In effect almost any activity involving personal data will fall within the scope of the DPA. Secure Line Solutions Ltd.’s policy is to comply with the DPA, and it does not condone anyone processing personal data inappropriately on its behalf.

Any breach by Secure Line Solutions Ltd of the DPA may lead to fines and/or enforcement action being taken against Secure Line Solutions Ltd by the Information Commissioner (the body that enforces compliance with the DPA). Of equal concern is that any breach may attract media scrutiny and may lead to a potentially adverse impact on our reputation. This policy applies to all UK operating companies and all staff working within them (including employees, agency workers, contractors and temporary staff) who may process personal data about employees or other individuals. Compliance with this policy is mandatory. The Managing Director (or his/her delegate) for each UK operating company has the responsibility for establishing and implementing effective practices and procedures across it to give effect to this policy.

This policy requires the following:

1. Each UK operating company must be registered with the Information Commissioner as a data controller for the personal data that it processes and must keep that registration up to date.

   

2. Each UK operating company must appoint a Data Protection Officer (“DPO”) whose role is to ensure compliance by their operating company with the DPA, this policy and any relevant operating company procedures and practices. Specific responsibilities include assessing the current knowledge of data protection within the operating company, ensuring that appropriate training on data protection is provided to operating company staff as required and managing any data security breaches (such as the loss of a laptop or memory stick with personal data stored on it).

3. A process must be established so that any data security breach (such as a loss of personal data) is immediately reported to the DPO, and all staff must co-operate with the DPO in the investigation and management of that breach.

4. Each UK operating company must satisfy itself that any third party that it appoints to process personal data on its behalf (such as a payroll processor or a flexible benefits administrator) understands its responsibilities under the DPA. The operating company should enter into a written contract with that third party that requires the third party to act only on instructions from the operating company and to comply with obligations equivalent to those imposed on the operating company relating to security of the personal data.

5. Personal data must be processed in accordance with the eight principles set out in the DPA (see Table A), and the practices and procedures of the UK operating company. Our reputation and our ongoing relationships with our employees and customers are some of our most valuable assets. By adhering in our daily business work to this policy we will all contribute to maintaining Secure Line Solutions Ltd.’s good name and its good relationships with its customers and other stakeholders. If you have any questions about this policy or need further assistance on data protection matters, please ask your operating company’s Data Protection Office or contact Secure Line Solutions Ltd. We will review this policy on a regular basis

   

Data Protection Act 1998 - The Eight Data Protection Principles

These principles are contained in the 1998 Act and apply to the processing of all personal data.

1. Personal data shall be processed fairly & lawfully and, in particular, shall not be processed unless:

a) at least one of the conditions in Schedule 2 is met.

b)  in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.

2. Personal data shall be obtained only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or purposes.

3. Personal data shall be adequate, relevant and not excessive in relation to the purposes or purposes for which they are processed.

4. Personal data shall be accurate and where necessary kept up to date.

5. Personal data processed for any purpose or purposes shall not be kept longer than is necessary for that purpose or purposes.

6. Personal data shall be processed in accordance with the rights of data subjects under this Act.

7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

What do schedules 2 and 3 say?

When processing any personal data, you must ensure that at least one of the following criteria applies (Schedule 2):

· The individual has given consent.

· The processing needs to be done for the individual to enter into a contract, or to have a contract set up, or is necessary to comply with any legal obligation other than that imposed by contract.

· The processing is necessary in order to protect the vital interests of the data subject.

· Processing is necessary for the administration of justice, exercise of functions conferred under an Act of Parliament, exercise of functions of the Crown, or the exercise of other functions of a public nature in the public interest.

  

· Processing is necessary for the legitimate interests of the data controller, except where this may prejudice the rights and freedoms and legitimate interests of the data subject - this purpose may be regulated by specific orders of the Secretary of State.

In addition, certain types of data are considered to be "sensitive", and to process them one or more of these criteria must also be met (Schedule 3):

· the data subject has given explicitconsent

· processing is necessary to comply with the law in connection with employment

· processing is necessary to protect the vital interests of the data subject or another person where consent cannot be given by the data subject

· processing is carried out for legitimate activities by any body which is not conducted for profit or exists for political, religious or trade union purposes, and carries out appropriate safeguards, relates only to members or regular contacts, and does not involve disclosure without the consent of the data subject

· the information has been made public as a result of steps deliberately taken by the data subject

· processing is necessary in connection with legal proceedings, obtaining legal advice or defending legal rights

· processing is necessary for the administration of justice, exercise of functions conferred by an enactment, exercise of any functions of the Crown

· processing is necessary for medical purposes and is undertaken by a health professional, or one with an equivalent duty of confidentiality

· processing information as to racial or ethnic origin is necessary for equal opportunity purposes, subject to appropriate safeguards for the rights and freedoms of the data subject

· any other purpose specified in an order made by the Secretary of State .

Sensitive Personal Data is defined as one or more of the following pieces of data about the data subject:

· Racial or ethnic origin.

· Political opinions.

· Religious beliefs or beliefs of a similar nature.

· Membership of a Trade Union

· Physical or mental health or condition.

· Sexual life.

· Commission or alleged commission of any offence. Proceedings, disposal or court sentence.

  • Privacy Policy

Secure Line Solutions Ltd

Unit 3, Office 162 Northlight House, Pendle Road, Brierfield, Nelson, Lancashire, England, BB9 5FF

Copyright © 2024 Secure Line Solutions Ltd - All Rights Reserved.

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept