Goldenclean Ltd is fully committed to full compliance with requirements of the General Data Protection Regulations. The Company will ensure that procedures are followed which aim to ensure that all employees, clients’, sub-contractors, consultants or other servants of the Company (known as data users) who have access to any personal data held by or on behalf of the Company are fully aware and abide by their duties under the General Data Protection Regulations.
Statement of Policy
The Company needs to collect and use information about the people whom we work and conduct business with in providing our services to our clients’, and those who provide the service. These may include prospective, current and past employees, suppliers of goods or services and our customers.
In addition, the Company may be required by law to collect and use information in order to comply with UK legislative requirements. This personal information must be handled and dealt with correctly by whatever means it is gathered and stored be that by paper, electronic (computer or other such devices) and when no longer required be disposed of securely and promptly.
Goldenclean Ltd will not sell or pass on any personal information to any organisation using the information for profit or gain unless required to do so by law. Under the current operating parameters of the Company, no data will be knowingly transferred outside the United Kingdom.
Handling of personal/special category data
Our data protection policy sets out our commitment to protecting personal data and how we implement that commitment with regards to the collection and use of personal data.
We are committed to:
- Ensuring that we comply with the data protection principles below.
- Meeting our legal obligations as laid down by the General Data Protection Regulations.
- Ensuring that data is collected and used fairly and lawfully.
- Processing personal data only in order to meet our operational needs or fulfil legal requirements.
- Taking steps to ensure that personal data is up to date and accurate.
- Establishing appropriate retention periods for personal data.
- Ensuring that data subjects’ rights can be appropriately exercised.
- Providing adequate security measures to protect personal data.
- Ensuring that a nominated officer is responsible for data protection compliance and provides a point of contact for all data protection issues.
- Ensuring that all staff are made aware of good practice in data protection.
- Providing adequate training for all staff responsible for personal data.
- Ensuring that everyone handling personal data knows where to find further guidance.
- Ensuring that queries about data protection, internal and external to the organisation, is dealt with effectively and promptly.
- Regularly reviewing data protection procedures and guidelines within the organisation.
- Ensuring that the rights of people about whom we hold information can fully exercise their rights under the General Data Protection Regulations. These rights include:
- The right to be informed
- The right to access information
- The right to request rectification
- The right to request erasure
- The right to restrict processing in certain circumstances
- The right to data portability
- The right to object to processing
- Data Protection Principles
Article 5 of the GDPR requires that personal data shall be:
a) Processed fairly and lawfully in a transparent manner;
b) Collected for specific, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purpose;
c) Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
d) Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
e) Kept in a form which permits identification of data subjects for no longer than is necessary for the purpose for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
f) Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
The data controller shall be responsible for, and able to demonstrate, compliance with the principles.
Special category data is defined as personal data consisting of information as to:
- Racial or ethnic origin
- Political opinion
- Religious/philosophical belief
- Trade union membership
- Physical or mental health conditions
- Sexual life or sexual orientation
- Biometric data.