Data Protecion and Privacy Policy
Data Protection Policy
1. Introduction
St. James Way Ltd is committed to protecting the privacy and security of personal data. This Data Protection Policy outlines our approach to ensuring that personal data is handled appropriately and in compliance with relevant data protection laws and regulations.
2. Purpose
The purpose of this policy is to:
Ensure the protection of personal data handled by St. James Way Ltd.
Comply with data protection laws and regulations, including the General Data Protection Regulation (GDPR).
Provide guidelines for the collection, use, storage, and disposal of personal data.
Safeguard the rights of individuals whose personal data we process.
3. Scope
This policy applies to all employees, contractors, and third parties who have access to or handle personal data on behalf of St. James Way Ltd.
4. Definitions
Personal Data: Any information relating to an identified or identifiable natural person (data subject).
Processing: Any operation performed on personal data, including collection, storage, use, transfer, and disposal.
Data Subject: An individual whose personal data is being processed.
Data Controller: The entity that determines the purposes and means of processing personal data.
Data Processor: The entity that processes personal data on behalf of the data controller.
5. Principles
5.1 Lawfulness, Fairness, and Transparency
Process personal data lawfully, fairly, and in a transparent manner.
Inform data subjects about how their data is being used and for what purposes.
5.2 Purpose Limitation
Collect personal data only for specified, explicit, and legitimate purposes.
Do not process personal data in a manner incompatible with those purposes.
5.3 Data Minimisation
Ensure that personal data collected is adequate, relevant, and limited to what is necessary for the intended purpose.
5.4 Accuracy
Keep personal data accurate and up to date.
Take reasonable steps to correct or delete inaccurate personal data.
5.5 Storage Limitation
Retain personal data only for as long as necessary to fulfil the intended purposes.
Dispose of personal data securely when no longer needed.
5.6 Integrity and Confidentiality
Protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage.
Implement appropriate technical and organisational measures to ensure data security.
5.7 Accountability
Be responsible for and able to demonstrate compliance with data protection principles.
6. Responsibilities
6.1 Company Responsibilities
Ensure compliance with data protection laws and this policy.
Provide training and resources to employees to support data protection efforts.
Conduct regular audits and assessments to monitor compliance.
6.2 Management Responsibilities
Oversee data protection practices within their departments.
Ensure employees are aware of and follow data protection procedures.
Report any data breaches or incidents to the Data Protection Officer (DPO).
6.3 Employee Responsibilities
Follow all data protection policies and procedures.
Report any data protection concerns or breaches to their supervisor or the DPO.
Attend data protection training as required.
6.4 Data Protection Officer (DPO) Responsibilities
Monitor compliance with data protection laws and this policy.
Provide guidance and support on data protection matters.
Conduct Data Protection Impact Assessments (DPIAs) where necessary.
Liaise with regulatory authorities on data protection issues.
7. Data Subject Rights
Data subjects have the following rights regarding their personal data:
Right to be informed
Right of access
Right to rectification
Right to erasure (“right to be forgotten”)
Right to restrict processing
Right to data portability
Right to object
Rights related to automated decision-making and profiling
8. Data Security
Implement appropriate technical and organisational measures to protect personal data.
Use encryption, access controls, and secure storage to safeguard data.
Regularly review and update security measures to address new risks and vulnerabilities.
9. Data Breach Response
Reporting: Report any suspected data breaches immediately to the DPO.
Investigation: Conduct a thorough investigation to determine the scope and impact.
Notification: Notify affected data subjects and regulatory authorities as required by law.
Mitigation: Implement measures to contain and mitigate the effects of the breach.
10. Training and Awareness
Provide regular data protection training to all employees.
Raise awareness of data protection responsibilities and best practices.
11. Monitoring and Review
Conduct regular audits and assessments to ensure compliance with this policy and applicable data protection laws.
Review and update this policy annually or as required.
12. Conclusion
St. James Way Ltd is dedicated to protecting personal data and ensuring compliance with data protection laws. By adhering to this policy, we aim to safeguard the privacy and rights of individuals and maintain the trust of our stakeholders.