Introduction
If you are submitting your details to receive information, your details are used to send you the information that you have requested. If you are submitting your details for the purposes of receiving a quote for services, the information will be used for the purposes of sending a quote and then as appropriate to provide you with the services contracted for.
We may also use your information to send you other information about us and the services we offer. Unless required by law or for administrative purposes, we do not pass on the information you provide to third parties.
Data protection officer
Mr Dan Bakewell is the Fine Print data protection officer and is responsible for the implementation of this policy.
Data protection principles
The Data Protection Act 1998 requires that eight data protection principles be followed in the handling of personal data. These principles require that personal data must:
“Personal data”
The Data Protection Act 1998 applies only to information that constitutes “personal data”. Information is “personal data” if it:
Consequently, automated and computerised personal information about employees of Fine Print, our Customers, Suppliers or Prospects is covered by the Act. Personal information stored physically (for example, on paper) and held in any “relevant filing system” is also covered. In addition, information recorded with the intention that it will be stored in a relevant filing system or held on computer is covered.
“The use of personal information”
The Data Protection Act 1998 applies to personal information that is “processed”. This includes obtaining personal information, retaining and using it, allowing it to be accessed, disclosing it and, finally, disposing of it.
“Sensitive personal data”
“Sensitive personal data” is information about an individual’s:
The organisation will not retain sensitive personal data without the express consent of the subject in question.
Data subject access requests
Any individual has the right to access information kept about him/her by Fine Print.
The organisation will not charge for allowing subjects access to information about them. The organisation will respond to any data subject access request within 30 calendar days, unless an extension is requested.
The organisation may reserve its right to withhold the subjects right to access data where any statutory exemptions apply.
Requirement to notify breaches
If Fine Print discover that there has been a breach of personal data that poses a risk to the rights and freedoms of individuals, it will report it to the Information Commissioner within 72 hours of discovery. The company will record all data breaches regardless of their effect.
If the breach is likely to result in a high risk to the rights and freedoms of individuals, it will tell affected individuals that there has been a breach and provide them with information about its likely consequences and the mitigation measures it has taken.
Review of procedures and training
The organisation will provide training to all employees on data protection matters on induction and on a regular basis thereafter.
The organisation will review and ensure compliance with this policy at regular intervals.