GDPR Policy

PURPOSE

PROFEDONE LTD is registered with the Information Commissioner and complete details of the PROFEDONE LTD current entry on the Data Protection Register can be found on the notification section of the Information Commissioner website. Our registration number is 13953422.

The register entry provides:

- A fuller explanation of the purposes for which personal information may be used. - Details of the types of data subjects about whom personal information may be held. - Details of the types of personal information that may be processed. - Details of the individuals and organisations that may be recipients of personal information collected by PROFEDONE LTD. - Information about transfers of personal information.

PROFEDONE LTD needs to keep certain information about its employees, clients, voluntary members, and other users for administrative purposes. It also needs to process information to comply with legal obligations to funding bodies and the government. When processing such information, PROFEDONE LTD always complies with the Data Protection Principles set out in the General Data Protection Regulations (GDPR).

Anyone processing personal data must comply with the eight enforceable principles of good practice. In summary, these state that personal data shall be:

- Fairly and lawfully processed. - Processed for limited purposes. - Adequate, relevant, and not excessive. - Accurate. - Not kept longer than necessary. - Processed in accordance with the data subject’s rights. - Secure. - Not transferred to countries without adequate protection as set out in Chapter V of the GDPR.

Personal data covers both facts and opinions about the individual. With processing, the definition surrounding the intentions of the data controller towards the individual is far wider than before. It incorporates the concepts of ‘obtaining,’ ‘holding,’ and ‘disclosing.’ PROFEDONE LTD staff or others who process or use personal information must ensure that they follow these principles at all times.

RESPONSIBILITY

The Director is responsible for ensuring that this policy is applied within the association. The Management Rep is responsible for maintenance, regular review, and updating of this policy.

STATUS OF THE POLICY

This document sets out the PROFEDONE LTD’s policy and procedures to meet the requirements of the GDPR. It will be made available to employees, voluntary members, and external agencies (having a legitimate interest) upon request.

THE DATA CONTROLLER

The Management Rep is ultimately responsible for Data Protection, but the PROFEDONE LTD Director is regarded as the main Data Controller. In practice, local Regional staff are designated as local data protection officers to handle day-to-day matters and ensure compliance with GDPR.

SUBJECT CONSENT

In many cases, PROFEDONE LTD can only process personal data with the consent of the individual, and if the data is sensitive, express consent must be obtained.

All prospective staff, clients, and voluntary members will be asked to consent to their data being processed when an offer of employment or inclusion in PROFEDONE LTD activities is made. A refusal to give such consent may result in the offer being withdrawn.

STAFF RESPONSIBILITIES

This policy is a condition of employment, and employees are expected to abide by the rules and policies made by PROFEDONE LTD. Failure to follow this policy may result in disciplinary proceedings.

SPECIFIC STAFF RESPONSIBILITIES

All staff, including temporary staff and security personnel, have a responsibility to:

- Ensure that any information provided to PROFEDONE LTD in connection with employment is accurate and up to date. - Inform PROFEDONE LTD of any changes to personal information such as address or bank details. - Report any errors or changes in staff information.

SECURITY MEASURES

This policy is designed to prevent unauthorized disclosure of or access to personal data.

- Access to personal data is restricted to authorized staff with a legitimate need to access such data. - All personal data must be stored securely, including in locked filing cabinets, password-protected computers, or encrypted storage. - Any unauthorized disclosure of personal data may be investigated as a disciplinary matter.

EMPLOYEE OBLIGATIONS

Clients must ensure that all data provided to PROFEDONE LTD is accurate and up to date. Any changes should be reported to the appropriate regional office staff.

ACCURACY OF DATA

Updating is required only where necessary. Data is presumed accurate at the time it was collected, provided PROFEDONE LTD has taken reasonable steps to ensure accuracy.

THIRD PARTIES

Any data received and processed in relation to third parties will be obtained lawfully and fairly and dealt with in accordance with GDPR principles.

Employees should obtain explicit consent from third-party data subjects before processing their data.

RETENTION OF DATA

We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including legal, accounting, or reporting requirements.

TRANSFER OF DATA OUTSIDE THE UK

PROFEDONE LTD does not transfer personal data outside the UK without the express consent of the data subject.

YOUR RIGHTS

Under GDPR, you have the right to:

- Request access to your personal information. - Request correction of any inaccurate personal information. - Request erasure of your personal information. - Object to the processing of your personal information for direct marketing purposes. - Object to automated decision-making. - Request the transfer of your personal data to another party.

For further information on your rights, see the UK Information Commissioner’s Office (ICO) guidance at ICO GDPR Guide .

Download GDPR Policy