GDPR POLICY STATEMENT
Ashlea Components Ltd is fully committed to full compliance with the requirements of the General Data Protection Regulations. We will therefore follow procedures which aim to ensure that all employees, customers, contractors, consultants, or visitors who have access to any personal data held by or on behalf of the company are fully aware of and abide by their duties.
We need to collect and use information about people with whom we work in order to operate our business. These may include customers, suppliers and current, past and prospective employees. This personal information must be handled and dealt with properly however it is collected, recorded and used and whether it is on paper, in computer records or recorded by other means. Ashlea Components Ltd regards the lawful and appropriate treatment of personal information as very important to its successful operations and essential to maintaining confidence between the company and those with whom it carries out business. We therefore fully endorse and adhere to the Principles of the General Data Protection Regulation.
Our Managing Director has been appointed as Data Protection Officer and will oversee good practice through use of risk assessment, appropriate controls, and our commitment to compliance requirements including:
- Processing personal information only where this is strictly necessary for legal and regulatory purposes, or for legitimate company purposes
- Fairly and lawfully Collecting and processing only the minimum data or information which is needed for these purposes
- Ensuring information is relevant, accurate, adequate not excessive and up to date
- Not keeping information for longer than is necessary
- Securely destroying data which is no longer needed
- Taking appropriate technical and organisational security measures to safeguard information (including unauthorised or unlawful processing and accidental loss or damage of data)
- Ensuring that information is not transferred abroad without suitable safeguards
- Ensuring that there is general information made available to the public of their rights to access information
- Providing clear information to individuals about how their personal information can be used and by whom.
This policy covers the whole of our company and our management system provides and auditable record of actions. It is communicated, together with rights to access, to all members of staff, especially new starters upon induction and to interested parties upon application.
Appendix 6. REV.A. April 2018