Bellegrove Ceramics Plc


At Bellegrove Ceramics Plc we are committed to protecting your privacy

As part of our everyday business we encounter and retain a certain amount of information relating to individuals

This can include employees, contractors, suppliers, customers and othe business contacts

This policy sets out to ensure that this company complies with data protection laws, is not in breach of these laws and protects the rights of employees, contractors, suppliers, customers and other business contacts

Data Protection Act

The Data Protecton Act 1998 sets out the procedures for organisations to collect, handle and store personal information kept in electronic, paper or other formats

Basic principles

Personal information should be collected in an appropriate manner, securely stored and not disclosed unlawfully

Should be obtained only for specific, relevant and lawful reasons

Should be adequate for the purpose without being excessive

Should be collected in accordance with the individuals rights, regularly updated and held only for as long as necessary

Adequtely protected

Retained within the EU or territories ensuring an adequate level of protection

This policy relates to

All data held by Bellegrove Ceramics Plc, its employees, contractors, agents and others relating to individuals held at it's

branches and offices including individuals names, addresses, telephone numbers, email addresses and any other information

Our Responsibilites

Neill Lebbell has been appointed as the Data Protection Manager, his responsibilities include

Reviewing and updating all data protection procedures

Keeping the Board of Directors informed regarding its data protection responsibilities

Arranging training and informing staff members regarding the company's data protection responsibilities

including implementing general guidance as follows:

instructing staff members as to their personal responsibilities

advising on precautions for keeping data secure

setting up secure passwords and adhering to the principle that these should not be shared

ensuring computers are locked when unattended

ensuring personal data is not shared via email or any other unsecured communication

ensuring employees only save personal data to the company's secure network and not to their personal devices

not sharing data with unauthorised individuals

encrypting data sent externally to trusted recipients

ensuring data is not transferred outside of the EU unless a trusted territory known to have an adequate level of protection

reviewing data on a regular basis and updating or deleting based on its ongoing requirement

checking and ensuring the accuracy of personal data held

confirming data accuracy when in direct contact with the individual

correcting errors in the accuracy of data held at the point these errors are discovered

based on the specific requirement keeping data held to a minimum and not duplicated

preventing the access of personal data unless specificlly required for their work

not sharing data with unauthorised individuals

Assessing and overseeing third party contracts handling or storing personal data on behalf of the company

Ensuring Hardware and Software applications used for storing data areadequately protected and functioning

Ensuring advertising and marketing activities are in line with the basic principles as set out in the Data Protection Act

Assessing and approving statements attached to correspondence and email

Handling requests from individuals to inspect their personal held by the company

Reviewing and updating data storage procedures

For hard copy data held in paper format this should be stored in a secure place inaccesible to unauthorised persons

Data printouts and paper format documents in use should not be left unattended where unauthorised persons can view them

Data printouts and paper format documents not in use should be stored in a locked cabinet

Data printouts and paper format documents no longer required should be shredded

All electronically stored data should be held on the company's approved network and servers

The company's network and servers should be protected by a firewall and anti-virus software

Data should not be saved on laptops or personal devices

A secure and reliable backup regime should be established on a regular and frequent basis

Backup data stored on removable or external drives should be securely stored to avoid unauthorised access

On-line or cloud back ups should only be held by authorised reputable providers

Backups should be tessted on a regular basis

Inspection of personal data

This is known as a Subject Access Request as set out in Section 7 of the Data Protection Act. It enables individuals to find out

What personal data this company holds about them

Why we hold this data

Who we disclose it to

A Subject Access Request should be in writing to the Data Protection Manager at the company

Verification of the identity of such requests will be made by the company prior to disclosing any personal data

The Data Protection Act permits the legitimate disclosure of personal data without the permission of the individual to law

enforcement agencies. In such circiumstances the company will employ best endeavours to ensure the request is lawful.

Review of this Policy

This policy was adopted in May 2018 and will be reviewed and updated on a regular basis.