Privacy & Data Protection Policy

PRIVACY POLICY:

Please see our GDPR policy by GDPR Policy.

BACKGROUND:

NiFed understands that your privacy is important to you and that you care about how your information is used and shared online. We respect and value the privacy of everyone who visits Our Site and will only collect and use information in ways that are useful to you and in a manner consistent with your rights and Our obligations under the law.

This Policy applies to Our use of any and all data collected by us in relation to your use of Our Site. Please read this Privacy Policy carefully and ensure that you understand it. Your acceptance of Our Privacy Policy is deemed to occur upon your first use of Our Site AND/OR You will be required to read and accept this Privacy Policy when signing up for an Account. If you do not accept and agree with this Privacy Policy, you must stop using Our Site immediately.

  1. Definitions and Interpretation

In this Policy the following terms shall have the following meanings: 

 

“Account”

means an account required to access and/or use certain areas and features of Our Site;

“Cookie”

means a small text file placed on your computer or device by Our Site when you visit certain parts of Our Site and/or when you use certain features of Our Site. Details of the Cookies used by Our Site are set out in section 12, below;]

Our Site

means the website located at, www.nifed.co.uk, www.nifed.org and www.irishtrade.ie

“UK and EU Cookie Law”

means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended in 2004, 2011 and 2015;

“We/Us/Our”

Means Nifed, a Trading Partnership whose main trading address is 12 Enterprise House, Enterprise Crescent, Ballinderry Road, Lisburn BT28 2BP

 

  1. Information About Us

    • Our Site, www.nifed.co.uk, is operated by Nifed, a Trading Partnership and whose main trading address is 12 Enterprise House, Enterprise Crescent, Ballinderry Road, Lisburn BT28 2BP.
    • We are regulated by the Information Commissioner's Office.
    • We are a registrant on the Data Protection Public Register.
    • Our registration number is ZA172833

 

  1. Scope – What Does This Policy Cover?

This Privacy Policy applies only to your use of Our Site. It does not extend to any websites that are linked to from Our Site (whether We provide those links or whether they are shared by other users). We have no control over how your data is collected, stored or used by other websites and We advise you to check the privacy policies of any such websites before providing any data to them.

 

  1. What Data Do We Collect?

Some data will be collected automatically by Our Site, other data will only be collected if you voluntarily submit it, for example, when signing up for an Account. Depending upon your use of Our Site, We may collect some or all of the following data:

  • name;
  • business/company name
  • job title;
  • profession;
  • contact information such as email addresses and telephone numbers;
  • demographic information such as post code, preferences and interests;
  • IP address (automatically collected);
  • web browser type and version (automatically collected);
  • operating system (automatically collected);]
  • a list of URLs starting with a referring site, your activity on Our Site, and the site you exit to (automatically collected);
  • a list of your products, services and trade brand names you may offer.

 

  1. How Do We Use Your Data?

    • All personal data is stored securely in accordance with the principles of the Data Protection Act 1998. For more details on security see section 6, below.
    • We use your data to provide the best possible services to you. This includes:
      • Providing and managing your Account;
      • Providing and managing your access to Our Site;
      • Personalising and tailoring your experience on Our Site;
      • Promoting Your products and services for you;
      • Personalising and tailoring Your Company Profile, including the products and services you may offer;
      • Responding to communications from you;
      • Supplying you with email marketing such as newsletters, communications for other that may wish to contact you for the purpose of buying your goods or selling their goods to you. You may unsubscribe or opt-out at any time by sending an email stating “Opt Out” to optout@nifed.co.uk;
      • Market Research

 

  • With your permission and/or where permitted by law, We may also use your data for marketing purposes which may include contacting you by email AND/OR telephone AND/OR text message AND/OR post with information, news and offers on Our products AND/OR services and offers on Our Members products AND/OR We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that We fully protect your rights and comply with Our obligations under the Data Protection Act 1998 and the Privacy and Electronic Communications (EC Directive) Regulations 2003, as amended in 2004, 2011 and 2015.
  • Advertisers whose content appears on Our Site may engage in what is known as “behavioural advertising” – advertising which is tailored to your preferences, based on your activity. Your activity is monitored using Cookies, as detailed below in section 12. You can control and limit your data used in this way by adjusting your web browser’s privacy settings. Please note that We do not control the activities of such advertisers, nor the information they collect and use. Limiting the use of your data in this way will not remove the advertising, but it will make it less relevant to your interests and activities on Our Site.

 

  1. How and Where Do We Store Your Data?

    • We only keep your data for as long as We need to in order to use it as described above in section 5, and/or for as long as We have your permission to keep it.
    • Your data will only be stored within the European Economic Area (“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland and Liechtenstein).
    • Data security is of great importance to Us, and to protect your data We have put in place suitable physical, electronic and managerial procedures to safeguard and secure data collected through Our Site.

 

  • Notwithstanding the security measures that We take, it is important to remember that the transmission of data via the internet may not be completely secure and that you are advised to take suitable precautions when transmitting to Us data via the internet.

 

  1. Do We Share Your Data?

    • We may share your data with other companies in Our group.
    • We may share your data with other members within our site for the purpose of marketing your company & your company services and for marketing purposes by other site member’s for product AND/OR services you may be interested in.
    • We may sometimes contract with third parties to supply products and services to you on Our behalf. These may include payment processing, delivery of goods, search engine facilities, advertising and marketing. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, We will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, Our obligations, and the obligations of the third party under the law.
    • We may compile statistics about the use of Our Site including data on traffic, usage patterns, user numbers, sales and other information. All such data will be anonymised and will not include any personally identifying information. We may from time to time share such data with third parties such as prospective investors, affiliates, partners and advertisers. Data will only be shared and used within the bounds of the law.
    • In certain circumstances, We may be legally required to share certain data held by Us, which may include your personal information, for example, where We are involved in legal proceedings, where We are complying with the requirements of legislation, a court order, or a governmental authority. We do not require any further consent from you in order to share your data in such circumstances and will comply as required with any legally binding request that is made of Us.

 

  1. What Happens If Our Business Changes Hands?

    • We may, from time to time, expand or reduce Our business and this may involve the sale and/or the transfer of control of all or part of Our business. Data provided by users will, where it is relevant to any part of Our business so transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use the data for the purposes for which it was originally collected by Us.
    • In the event that any of your data is to be transferred in such a manner, you will not be contacted in advance and informed of the changes.

 

  1. How Can You Control Your Data?

    • When you submit information via Our Site, you may be given options to restrict Our use of your data. In particular, We aim to give you strong controls on Our use of your data for direct marketing purposes (including the ability to opt-out of receiving emails from Us which you may do by unsubscribing using the links provided in Our emails.
    • You may also wish to sign up to one or more of the preference services operating in the UK: The Telephone Preference Service (“the TPS”), the Corporate Telephone Preference Service (“the CTPS”), and the Mailing Preference Service (“the MPS”). These may help to prevent you receiving unsolicited marketing. Please note, however, that these services will not prevent you from receiving marketing communications that you have consented to receiving.10.
    • 10 Your Right to Withhold Information

      • You may access certain areas of Our Site without providing any data at all. However, to use all features and functions available on Our Site you may be required to submit or allow for the collection of certain data.
      • You may restrict your internet browser’s use of Cookies. For more information, see section 12.

 

  1. How Can You Access Your Data?

You have the legal right to ask for a copy of any of your personal data held by Us (where such data is held) on payment of a small fee which will not exceed £3 sum. Please contact Us for more details at mydata@nifed.co.uk or using the contact details below in section 13. Alternatively, please refer to Our Data Protection Policy.

 

  1. What Cookies Do Us Use and What For?

    • Our Site may place and access certain first party Cookies on your computer or device. First party Cookies are those placed directly by Us and are used only by Us. We use Cookies to facilitate and improve your experience of Our Site and to provide and improve Our products and services. For more details, please refer to section 5, above, and to section 12.6 below. We have carefully chosen these Cookies and have taken steps to ensure that your privacy is protected and respected at all times.

 

  • By using Our Site you may also receive certain third party Cookies on your computer or device. Third party Cookies are those placed by websites, services, and/or parties other than Us. We use third party Cookies on Our Site for advertising and marketing services. For more details, please refer to section 5, above. These Cookies are not integral to the functioning of Our Site

 

 

  • All Cookies used by and on Our Site are used in accordance with current UK and EU Cookie Law.
  • Before Cookies are placed on your computer or device, subject to section 12.5, you will be shown a pop up requesting your consent to set those Cookies. By giving your consent to the placing of Cookies you are enabling Us to provide the best possible experience and service to you. You may, if you wish, deny consent to the placing of Cookies; however certain features of Our Site may not function fully or as intended. You will be given the opportunity to allow only first party Cookies and block third party Cookies.
  • Certain features of Our Site depend on Cookies to function. UK and EU Cookie Law deems these Cookies to be “strictly necessary”. Your consent will not be sought to place these Cookies. You may still block these cookies by changing your internet browser’s settings as detailed below in section 12.6, but please be aware that Our Site may not work as intended if you do so. We have taken great care to ensure that your privacy is not at risk by allowing them

 

  • You can choose to enable or disable Cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all cookies or only third party Cookies. By default, most internet browsers accept Cookies but this can be changed. For further details, please consult the help menu in your internet browser or the documentation that came with your devi
  • You can choose to delete Cookies at any time however you may lose any information that enables you to access Our Site more quickly and efficiently including, but not limited to, login and personalisation settings.

 

  • It is recommended that you keep your internet browser and operating system up-to-date and that you consult the help and guidance provided by the developer of your internet browser and manufacturer of your computer or device if you are unsure about adjusting your privacy settings.

 

 

  1. Contacting Us

If you have any questions about Our Site or this Privacy Policy, please contact Us by email at admin@nifed.co.uk, by telephone on 028 9252 8288, or by post at 12 Enterprise house, Enterprise Crescent, Ballinderry Road, Lisburn, BT28 2BP. Please ensure that your query is clear, particularly if it is a request for information about the data We hold about you (as under section 11, above).

 

  1. Changes to Our Privacy Policy

We may change this Privacy Policy as we may deem necessary from time to time, or as may be required by law. Any changes will be immediately posted on Our Site and you will be deemed to have accepted the terms of the Privacy Policy on your first use of Our Site following the alterations. We recommend that you check this page regularly to keep up-to-date.

 

 

DATA PROTECTION POLICY:

 

1.            Introduction

This Policy sets out the obligations of NiFed (“the Company”) with regard to data protection and the rights of website users, customers & website visitors (“data subjects”) in respect of their personal data under the Data Protection Act 1998 (“the Act”).  Under the Act, “personal data” is defined as data which relates to a living individual who can be identified from that data or from that data and other information which is in the possession of, or is likely to come into the possession of, the data controller (the Company in this context), and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.

This Policy sets out the procedures that are to be followed when dealing with personal data.  The procedures set out herein must be followed at all times by the Company, its employees, agents, contractors, or other parties working on behalf of the Company.

The Company is committed not only to the letter of the law but also to the spirit of the law and places a high premium on the correct, lawful and fair handling of all personal data, respecting the legal rights, privacy and trust of all individuals with whom it deals.

The Company is registered with the Information Commissioner as a data controller under the register held by the Information Commissioner pursuant to Section 19 of the Act.

 

2.            The Data Protection Principles

This Policy aims to ensure compliance with the Act.  The Act sets out eight principles with which any party handling personal data must comply.  All personal data:

  • Must be processed fairly and lawfully, meaning that at least one of the following conditions must be met:
    • The data subject has given his or her consent to the processing;
    • The processing is necessary for the performance of a contract to which the data subject is a party, or for the taking of steps at the request of the data subject with a view to entering into a contract;
    • The processing is necessary for compliance with any legal obligation to which the data controller is subject, other than an obligation imposed by contract;
    • The processing is necessary in order to protect the vital interests of the data subject;
    • The processing is necessary for the administration of justice, for the exercise of any functions of either House of Parliament, for the exercise of any functions conferred on any person by or under any enactment, for the exercise of any functions of the Crown, a Minister of the Crown or a government department, or for the exercise of any other functions of a public nature exercised in the public interest by any person;
    • The processing is necessary for the purposes of legitimate interests pursued by the data controller or by the third party or parties to whom the data is disclosed, except where the processing is unwarranted in any particular case by reason of prejudice to the rights and freedoms or legitimate interests of the data subject.
  • Where the personal data is sensitive personal data (defined below in Part 4 of this Policy), at least one of the following conditions must be met:
    • The data subject has given his or her explicit consent to the processing of the personal data;
    • The processing is necessary for the purposes of exercising or performing any right or obligation which is conferred or imposed by law on the data controller in connection with employment;
    • The processing is necessary in order to protect the vital interests of the data subject or another person in a case where consent cannot be given by or on behalf of the data subject, or the data controller cannot reasonably be expected to obtain the consent of the data subject, or in order to protect the vital interests of another person, in a case where consent by or on behalf of the data subject has been unreasonably withheld;
    • The processing is carried out in the course of the legitimate activities of any body or association which is not established or conducted for profit, and exists for political, philosophical, religious or trade-union purposes, is carried out with appropriate safeguards for the rights and freedoms of data subjects, relates only to individuals who either are members of the body or association or have regular contact with it in connection with its purposes, and does not involve disclosure of the personal data to a third party without the consent of the data subject;
    • The information contained in the personal data has been made public as a result of steps deliberately taken by the data subject;
    • The processing is necessary for the purpose of, or in connection with, any legal proceedings (including prospective legal proceedings), the processing is necessary for the purpose of obtaining legal advice, or is otherwise necessary for the purposes of establishing, exercising or defending legal rights;
    • The processing is necessary for the administration of justice, for the exercise of any functions of either House of Parliament, for the exercise of any functions conferred on any person by or under an enactment, or for the exercise of any functions of the Crown, a minister of the Crown or a government department;
    • The processing is either the disclosure of sensitive personal data by a person as a member of an anti-fraud organisation or otherwise in accordance with any arrangements made by such an organisation, or any other processing by that person or another person of sensitive personal data so disclosed, and is necessary for the purposes of preventing fraud or a particular kind of fraud;
    • The processing is necessary for medical purposes and is undertaken by a health professional, or a person who in the circumstances owes a duty of confidentiality which is equivalent to that which would arise if that person were a health professional;
    • The processing is of sensitive personal data consisting of information as to racial or ethnic origin, the processing is necessary for the purpose of identifying or keeping under review the existence or absence of equality of opportunity or treatment between persons of different racial or ethnic origins, with a view to enabling such equality to be promoted or maintained, and is carried out with appropriate safeguards for the rights and freedoms of data subjects.
    • Must be obtained only for specified and lawful purposes and shall not be processed in any manner which is incompatible with those purposes;
    • Must be adequate, relevant and not excessive with respect to the purposes for which it is processed;
    • Must be accurate and, where appropriate, kept up to date;
    • Must be kept for no longer than is necessary in light of the purpose(s) for which it is processed;
    • Must be processed in accordance with the rights of data subjects under the Act (for which, see Part 3 of this Policy);
    • Must be protected against unauthorised or unlawful processing, accidental loss, destruction or damage through appropriate technical and organisational measures; and
    • Must not be transferred to a country or territory outside of the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

 

3.            Rights of Data Subjects

Under the Act, data subjects have the following rights:

  • The right to access a copy of their personal data held by the Company by means of a Subject Access Request (for which, see Part 8 of this Policy);
  • The right to object to any processing of his or her personal data that is likely to cause (or that is causing) damage or distress. Data subjects should make any such objection in writing to Mr Raman Sharma, Data Controller, Nifed, 12 Enterprise House, Enterprise Crescent, Ballinderry Road, Lisburn BT28 2BP and the Company shall respond within 21 days either notifying the data subject of its compliance, or explaining why the Company feels that any aspect of the data subject’s request is unjustified;
  • The right to prevent processing for direct marketing purposes;
  • The right to object to decisions being taken by automated means (where such decisions will have a significant effect on the data subject) and to be informed when any such decision is taken (in which case the data subject has the right to require the data controller (by written notice) to reconsider the decision;
  • The right to have inaccurate personal data rectified, blocked, erased or destroyed in certain circumstances;
  • The right to claim compensation for damage caused by the Company’s breach of the Act.

 

4.            Personal Data

Personal data is defined by the Act as data which relates to a living individual who can be identified from that data or from that data and other information which is in the possession of, or is likely to come into the possession of, the data controller, and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.

The Act also defines “sensitive personal data” as personal data relating to the racial or ethnic origin of the data subject; their political opinions; their religious (or similar) beliefs; trade union membership; their physical or mental health condition; their sexual life; the commission or alleged commission by them of any offence; or any proceedings for any offence committed or alleged to have been committed by them, the disposal of such proceedings or the sentence of any court in such proceedings.

The Company only holds personal data that is directly relevant to its dealings with a given data subject.  That data will be collected, held, and processed in accordance with the data protection principles and with this Policy.  The following data may be collected, held and processed by the Company:

  • Trading name, contact name and contact details, For the purpose of marketing the data subject’s business offerings to other 3rd;
  • Trading Profile, Product’s and/or Services offered by the data subject, For the purpose of marketing the data subject’s business offerings to other 3rd;
  • Email and/or website address, For the purpose of marketing the data subject’s business offerings to other 3rd;

 

5.            Processing Personal Data

Any and all personal data collected by the Company (as detailed in Part 4 of this Policy) is collected in order to ensure that the Company can provide the best possible service to its customers, and can work effectively with its partners, associates and affiliates and efficiently manage its employees, contractors, agents and consultants.  The Company may also use personal data in meeting certain obligations imposed by law.

Certain data collected by the Company, such as IP addresses, certain information gathered by cookies, pseudonyms and other non-identifying information will nonetheless be collected, held and processed to the same standards as personal data.

Personal data may be disclosed within the Company, provided such disclosure complies with this Policy.  Personal data may be passed from one department to another in accordance with the data protection principles and this Policy.  Under no circumstances will personal data be passed to any department or any individual within the Company that does not reasonably require access to that personal data with respect to the purpose(s) for which it was collected and is being processed.

In particular, the Company shall ensure that:

  • All personal data collected and processed for and on behalf of the Company by any party is collected and processed fairly and lawfully;
  • Data subjects are always made fully aware of the reasons for the collection of personal data and are given details of the purpose(s) for which the data will be used;
  • Personal data is only collected to the extent that is necessary to fulfil the purpose(s) for which it is required;
  • All personal data is accurate at the time of collection and kept accurate and up to date while it is being held and/or processed;
  • No personal data is held for any longer than necessary in light of the purpose(s) for which it is required;
  • A suitable online privacy policy is implemented, maintained and followed;
  • Whenever cookies or similar technologies are used online by the Company, they shall be used strictly in accordance with the requirements of the Privacy and Electronic Communications Regulations, providing full details of cookie use and guidance on privacy;
  • Individuals are provided with a simple, accessible method of amending any data submitted by them online;
  • Individuals are informed if any data submitted by them online cannot be fully deleted at their request under normal circumstances (for example, because a file uploaded by a user has been backed up) and how to request that the Company deletes any other copies of that data, where it is within the individual’s right to do so;
  • All personal data is held in a safe and secure manner, as detailed in Part 6 of this Policy, taking all appropriate technical and organisational measures to protect the data;
  • All personal data is transferred securely, whether it is transmitted electronically or in hard copy.
  • No personal data is transferred outside of the European Economic Area (as appropriate) without first ensuring that the destination country offers adequate levels of protection for personal data and the rights of data subjects; and
  • All data subjects can fully exercise their rights with ease and without hindrance.

 

6.            Data Protection Procedures

The Company shall ensure that all of its employees, agents, contractors, or other parties working on behalf of the Company comply with the following when working with personal data:

  • All emails containing personal data must be encrypted.
  • Personal data may be transmitted over secure networks only – transmission over unsecured networks is not permitted in any circumstances;
  • Personal data may not be transmitted over a wireless network if there is a wired alternative that is reasonably practicable;
  • Personal data contained in the body of an email, whether sent or received, should be copied from the body of that email and stored securely. The email itself should be deleted.  All temporary files associated therewith should also be deleted;
  • Where Personal data is to be sent by facsimile transmission the recipient should be informed in advance of the transmission and should be waiting by the fax machine to receive the data;
  • Where Personal data is to be transferred in hardcopy form it should be passed directly to the recipient.
  • No personal data may be shared informally and if an employee, agent, sub-contractor, or other party working on behalf of the Company requires access to any personal data that they do not already have access to, such access should be formally requested from Raman Sharma, Data Controlle c/o Nifed, 12 Enterprise House, Enterprise Crescent, Ballinderry Road, Lisburn, BT28 2BP.
  • All hardcopies of personal data, along with any electronic copies stored on physical, removable media should be stored securely in a locked box, drawer, cabinet or similar;
  • No personal data may be transferred to any employees, agents, contractors, or other parties, whether such parties are working on behalf of the Company or not, without the authorisation of Raman Sharma, Data Controlle c/o Nifed, 12 Enterprise House, Enterprise Crescent, Ballinderry Road, Lisburn, BT28 2BP.
  • Personal data must be handled with care at all times and should not be left unattended or on view to unauthorised employees, agents, sub-contractors or other parties at any time;
  • If personal data is being viewed on a computer screen and the computer in question is to be left unattended for any period of time, the user must lock the computer and screen before leaving it;
  • Any unwanted copies of personal data (i.e. printouts or electronic duplicates) that are no longer needed should be disposed of securely. Hardcopies should be shredded and electronic copies should be deleted securely.
  • No personal data should be stored on any mobile device (including, but not limited to, laptops, tablets and smartphones), whether such device belongs to the Company or otherwise without the formal written approval of Raman Sharma, Data Controlle c/o Nifed, 12 Enterprise House, Enterprise Crescent, Ballinderry Road, Lisburn, BT28 2BP.
  • and, in the event of such approval, strictly in accordance with all instructions and limitations described at the time the approval is given, and for no longer than is absolutely necessary].
  • No personal data should be transferred to any device personally belonging to an employee and personal data may only be transferred to devices belonging to agents, contractors, or other parties working on behalf of the Company where the party in question has agreed to comply fully with the letter and spirit of this Policy and of the Act (which may include demonstrating to the Company that all suitable technical and organisational measures have been taken);
  • All personal data stored electronically should be backed up monthly with backups stored onsite AND/OR All backups should be encrypted.
  • All electronic copies of personal data should be stored securely using passwords and data encryption;
  • All passwords used to protect personal data should be changed regularly and should not use words or phrases that can be easily guessed or otherwise compromised. All passwords must contain a combination of uppercase and lowercase letters, numbers, and symbols.
  • Under no circumstances should any passwords be written down or shared between any employees, agents, contractors, or other parties working on behalf of the Company, irrespective of seniority or department. If a password is forgotten, it must be reset using the applicable method.  IT staff do not have access to passwords;
  • All personal data held by the Company shall be regularly reviewed for accuracy and completeness. Where the Company has regular contact with data subjects, any personal data held about those data subjects should be confirmed at least Annually.  If any personal data is found to be out of date or otherwise inaccurate, it should be updated and/or corrected immediately where possible.  If any personal data is no longer required by the Company, it should be securely deleted and disposed of;

 

 

7.            Organisational Measures

The Company shall ensure that the following measures are taken with respect to the collection, holding and processing of personal data:

  • The Company has appointed Raman Sharma c/o Nifed, 12 Enterprise House, Enterprise Crescent, Ballinderry Road, Lisburn, BY28 2BP as its Data Protection Officer with the specific responsibility of overseeing data protection and ensuring compliance with this Policy and with the Act. The Data Protection Officer shall in particular be responsible for:
    • Overseeing the implementation of, and compliance with this Policy, working in conjunction with the relevant employees, managers and/or department heads, agents, contractors and other parties working on behalf of the Company;
    • Organising suitable and regular data protection training and awareness programmes within the Company;
    • Reviewing this Policy and all related procedures not less than 3 years;

 

  • All employees, agents, contractors, or other parties working on behalf of the Company are made fully aware of both their individual responsibilities and the Company’s responsibilities under the Act and under this Policy, and shall be provided with a copy of this Policy;
  • Only employees, agents, sub-contractors, or other parties working on behalf of the Company that need access to and use of personal data in order to carry out their assigned duties correctly shall have access to personal data held by the Company;
  • All employees, agents, contractors, or other parties working on behalf of the Company handling personal data will be appropriately trained to do so;
  • All employees, agents, contractors, or other parties working on behalf of the Company handling personal data will be appropriately supervised;
  • Methods of collecting, holding and processing personal data shall be regularly evaluated and reviewed;
  • The Performance of those employees, agents, contractors, or other parties working on behalf of the Company handling personal data shall be regularly evaluated and reviewed;
  • All employees, agents, contractors, or other parties working on behalf of the Company handling personal data will be bound to do so in accordance with the principles of the Act and this Policy by contract;
  • All agents, contractors, or other parties working on behalf of the Company handling personal data must ensure that any and all of their employees who are involved in the processing of personal data are held to the same conditions as those relevant employees of the Company arising out of this Policy and the Act;
  • Where any agent, contractor or other party working on behalf of the Company handling personal data fails in their obligations under this Policy that party shall indemnify and hold harmless the Company against any costs, liability, damages, loss, claims or proceedings which may arise out of that failure.

 

8.            Access by Data Subjects

A data subject may make a subject access request (“SAR”) at any time to find out more about the information which the Company holds about them.

  • SARs should be made in writing, addressed to Raman Sharma, Data Protection Officer c/o Nifed, 12 Enterprise House, Enterprise Crescent, Ballinderry Road, Lisburn, BY28 2BP,.
  • A SAR may be made using the Company’s Subject Access Request Form, but does not have to be, and if it is not, it should be clearly identifiable as a SAR.
  • SARs must make it clear whether it is the data subject themselves that is making the request or whether it is a person acting on his or her behalf. In either case, proof of identity must be provided.  If the SAR is made on another’s behalf, the individual making the request must provide clear evidence of their authorised capacity to act on behalf of the data subject.
  • The Company currently requires a fee of £10 for each SAR, payable by paypal.

Upon receipt of a SAR the Company shall have a maximum period of 40 calendar days within which to respond fully[, but shall always aim to acknowledge receipt of SARs within 10 working days].  The following information will be provided to the data subject:

  • Whether or not the Company holds any personal data on the data subject;
  • A description of any personal data held on the data subject;
  • Details of what that personal data is used for;
  • Details of how to access that personal data and how to keep it up to date;
  • Details of any third-party organisations that personal data is passed to; and
  • Details of any technical terminology or codes.

 

9.            Notification to the Information Commissioner’s Office

As a data controller, the Company is required to notify the Information Commissioner’s Office that it is processing personal data.  The Company is registered in the register of data controllers, registration number: ZA172833.

Data controllers must renew their notification with the Information Commissioner’s Office on an annual basis.  Failure to notify constitutes a criminal offence.

Any changes to the register must be notified to the Information Commissioner’s Office within 28 days of taking place.

The Data Protection Officer shall be responsible for notifying and updating the Information Commissioner’s Office.

 

10.         Implementation of Policy

This Policy shall be deemed effective as of 1st October 2015.  No part of this Policy shall have retroactive effect and shall thus apply only to matters occurring on or after this date.

 

This Policy has been approved & authorised by:

Name:

Raman Sharma

Position:

Data Protection Officer

Date:

30th September 2015

Due for Review by:

30th September 2018

 

 

 

 

INFORMATION PROVIDER DISCLAIMER:

 

  • We make no warranty or representation that Our Site will be compatible with all systems, or that it will be secure.
  • Whilst every reasonable endeavour has been made to ensure that all information provided on Our Site will be accurate and up to date, We make no warranty or representation that this is the case. We make no guarantee of any specific results from the use of Our service.
  • No part of Our Site is intended to constitute advice and the content of Our Site should not be relied upon when making any decisions or taking any action of any kind.
  • Commercial use of the information on Our Site is permitted, however We make no representation or warranty that this content is suitable for use in commercial situations or that it constitutes accurate data and / or advice on which business decisions can be based.
  • If you are a consumer, you may have certain legal rights with respect to Our provision of digital content. If We fail to comply with Our legal obligations, consumers may be entitled to certain legal remedies including repair or replacement or price reductions.  For full details of consumers’ legal rights, including those relating to digital content, please contact your local Citizens Advice Bureau or Trading Standards Office.
  • Whilst We exercise all reasonable skill and care to ensure that Our Site is secure and free of errors, viruses and other malware, you are strongly advised to take responsibility for your own internet security, that of your personal details and your computers.
  • If, as a result of Our failure to exercise reasonable care and skill, any digital content from Our Site damages your device or other digital content belonging to you, if you are a consumer you may be entitled to certain legal remedies. For more details concerning your rights and remedies as a consumer, please contact your local Citizens Advice Bureau or Trading Standards Office.
  • Find Out More
 
stena2
Test Small Static 01
P&OLArge

Subscribed