Data Protection Policy Introduction
The Data Protection Act 2018 (the Act) regulates the way in which all personal data is held and processed. This is a statement of the data protection policy adopted by Pink Chilli Software Ltd. It applies to all Pink Chilli Software Ltd employees. In order to operate efficiently Pink Chilli Software Ltd needs to collect and use information about the people with whom we work. This includes current, past and prospective employees, reviewers, professional experts, stakeholders, delegates and others with whom we communicate. Pink Chilli Software Ltd regards the lawful and correct treatment of personal information as integral to our successful operation, and to maintaining the confidence of the people we work with. To this end we fully endorse and adhere to the principles of the Act. Pink Chilli Software Ltd is registered as a data controller on the register kept by the Information Commissioner (ICO).
The purpose of this policy is to ensure that everyone handling personal information at Pink Chilli Software Ltd is fully aware of the requirements of the Act and complies with data protection procedures and that data subjects are aware of their rights under the Act.
Scope: Information Covered by the Act
‘Personal data’ covered by the Act is essentially any recorded information which identifies a living individual. Personal data held by Pink Chilli Software Ltd will include contact information for a variety of stakeholders and other personal details.
Responsibility for Pink Chilli Software Ltd compliance with the Act
The directors of Pink Chilli Software Ltd have overall responsibility for compliance with the Act but individual members of staff are responsible for the proper use of the data they process.
The principles of the Act require that personal information must:
- Be processed fairly and lawfully.
- Not be used for a purpose for which it was not collected.
- Be adequate, relevant and not excessive for the purpose.
- Be accurate and up-to-date.
- Not be kept longer than necessary.
- Be processed in accordance with the data subject’s rights.
- Be kept secure and protected from unauthorised processing, loss or destruction.
- Be transferred only to those countries outside the European Economic Area that provide adequate protection for personal information.
In order to meet the requirements of the principles Pink Chilli Software Ltd will:
- Fully observe conditions regarding the fair collection and use of information.
- Meet its legal obligations to specify the purposes for which information is used.
- Collect and process appropriate information, and only to the extent that it is needed to fulfil operational needs or to comply with any legal requirements.
- Ensure the quality of the information used.
- Hold personal information on Pink Chilli Software Ltd systems for as long as is necessary for the relevant purpose, or as long as is set out in any relevant contract held with Pink Chilli Software Ltd’s Records Retention Schedule.
- Ensure that the rights of people about whom information is held can be fully exercised under the Act (these include: the right to be informed that processing is being undertaken; the data subject’s right of access to their personal information; the right to prevent processing in certain circumstances; the right to correct, rectify, block or erase information which is regarded as wrong information).
- Take appropriate technical and organisational security measures to safeguard personal information and;
- Ensure that personal information is not transferred outside of Pink Chilli Software Ltd without suitable safeguards.
Pink Chilli Software Ltd’s responsibilities for data protection and confidential information
Pink Chilli Software Ltd will ensure that there is someone with specific responsibility for data protection in the organisation. The nominated person is currently the Mr Darren Bignall and may be contacted at:
Mr Darren Bignall
Pink Chilli Software Ltd, Unit B2 Smallmead House, Smallmead, Horley, Surrey, RH6 9LW
Email: [email protected]
Pink Chilli Software Ltd will ensure that:
- Everyone managing and handling personal information understands that they are responsible for following good data protection practice.
- This policy is available to each member of staff.
- Everyone managing and handling personal information is appropriately trained and supervised.
- Queries about handling personal information are promptly and courteously dealt with and clear information is available to all staff.
Staff responsibilities for data protection and confidential information
- All staff should be aware of the requirements of the Act and how the rules apply to them.
- All staff must complete data protection induction and annual training.
- All staff have a responsibility to ensure that they respect confidential information in their possession and maintain information security. Disclosure of confidential information gained as part of your employment to a third party, or assisting others in disclosure, will be viewed by Pink Chilli Software Ltd with the utmost seriousness.
- All staff are responsible for ensuring personal information is kept no longer than is necessary.
For further advice, please contact Mr Darren Bignall.
Who do we share data with
In order to process your application we will supply some of your personal information to TransUnion International UK Limited, which is a credit reference agency providing services such as credit risk and affordability checking, fraud prevention, anti-money laundering, identity verification and tracing.
TransUnion will use your personal information to provide services to us and its other clients. We use their services in order to assess your creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity such as fraud and money laundering. More information about TransUnion and the ways in which it uses and shares personal information can be found in its privacy notice at https://www.transunion.co.uk/legal-information/bureau-privacy-notice.
Lexis Nexis Risk Solutions
In order to process your application we will supply some of your personal information to Lexis Nexis Risk Solutions UK Ltd, which is a company providing services such as credit risk and affordability checking, fraud prevention, anti-money laundering, identity verification and tracing.
Lexis Nexis will use your personal information to provide services to us and its other clients. We use their services in order to assess your creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity such as fraud and money laundering. More information about Lexis Nexis and the ways in which it uses and shares personal information can be found in its privacy notice at https://risk.lexisnexis.co.uk/privacy-policy.
Pink Chilli Software Ltd respects your privacy. The information that you provide us with, or that is gathered automatically, helps us to monitor our services and provide you with the most relevant information.