Data Protection

Chase Zander is committed to protecting the rights and privacy of individuals in accordance with the Data Protection Act 1998. The Company processes information about its Employees, Candidates, Clients and other individuals it has dealings with for a range of administrative purposes and legal purposes. In order to comply with the law, information about individuals must be collected and used fairly, stored safely and securely and not disclosed to any third party unlawfully.

All “processing” of personal data (includes collection, holding, retention, destruction and use of personal data) are governed by the Data Protection Act 1998. The Act applies to all personal data – whether they are held on a computer or similar automatic system or whether they are held as part of a manual file. Personal data is defined as information relating to an identifiable living individual and can be held in any format, electronic (including websites and emails), paper-based, photographic etc. from which the individual’s information can be readily extracted.

Under the 1998 Act, all organisations that process personal information are required to notify the Information Commissioner’s Office. The Company’s Notification describes the various types of processing of personal information and defines the persons or bodies to which the information may be disclosed.

It is an offence to process personal data except in strict accordance with the eight principles of data protection and the rights of data subjects. Further information on the Data Protection Act can be found at http://www.dataprotection.gov.uk/.

Failure to comply with the Data Protection Act could result in the prosecution not only of the Company but also of the individual concerned.

Data subjects (that is persons about whom such data is held) may also sue for compensation for damage and any associated distress suffered as a result of:

  • loss or unauthorised destruction of data
  • unauthorised disclosure of, or access obtained to, data
  • inaccurate data – i.e. data which is incorrect or misleading

It follows, therefore, that all Employees who are concerned with, or have access to, such data have an obligation to ensure that they are processed according to the eight principles of data protection and the rights of data subjects. This means, among other things, that staff must treat all data carefully and must not disclose personal data to unauthorised persons (this will often include family members of the data subject).

You are specifically cautioned that Chase Zander does not authorise any employee to hold or process any personal data on its behalf except as stated in the Company’s Notification. Users of personal data on or off site (e.g. pc at home or laptop) should consider the legal position before attempting to process personal data.

In cases of doubt or difficulty staff should in the first instance ask the Business Support Manager / Director.

REMEMBER – TREAT PERSONAL DATA WITH CARE. DON’T PASS ON PERSONAL INFORMATION TO UNAUTHORISED PERSONS

EIGHT DATA PROTECTION PRICIPLES                                                      

  • Data should be processed fairly and lawfully.
  • Data should be obtained for one or more specified lawful purposes.
  • Data shall be adequate, relevant and not excessive.
  • Data shall be accurate and where necessary kept up to date.
  • Data is not kept longer than is necessary for its purpose.
  • Data shall be processed in accordance with subject rights under the Act.
  • Appropriate technical and organisational measures shall be taken against unauthorised/unlawful processing, loss, destruction, damage to personal data.
  • Data shall not be transferred outside EEA unless that country/territory ensures adequate level of protection for rights and freedoms of data subjects in relation to the processing of personal data.

 

DATA SUBJECT RIGHTS

  • To make subject access requests regarding the nature of information held and to whom it has been disclosed.
  • To prevent processing likely to cause damage or distress
  • To prevent processing for purposes of direct marketing
  • To be informed about mechanics of automated decision taking process that will significantly affect them
  • Not to have significant decisions that will affect them taken solely by automated process
  • To take action for compensation if they suffer damage by any contravention of the Act
  • To take action to rectify, block, erase or destroy inaccurate data
  • To request the Commissioner to assess whether any provision of the Act has been contravened