Data protection policy

We recognise that the lawful and correct treatment of personal data is very important to successful operations and to maintaining confidence between ourselves and our users.

Any personal data which we collect, record or use in any way whether it is held on paper, on computer or other media will have appropriate safeguards applied to it to ensure that we comply with UK law. We fully endorse and adhere to the eight principles of Data Protection as set out in the Data Protection Act 1998. These principles state that personal data must be:

  • fairly and lawfully processed
  • processed for limited purposes and not in any other way which would be incompatible with those purposes
  • adequate, relevant and not excessive
  • accurate and kept up to date
  • not kept for longer than is necessary
  • processed in line with the data subject's rights
  • kept secure
  • not transferred to a country which does not have adequate data protection laws

Our purpose for holding personal data and a general description of the categories of people and organisations to whom we may disclose it are listed in the Data Protection register. You may inspect this or obtain a copy from the Information Commissioner's Office.

In order to meet the requirements of the principles, we will:

  • observe the conditions regarding the fair collection and use of personal data
  • meet our obligations to specify the purposes for which personal data is used
  • collect and process appropriate personal data only to the extent that it is needed to fulfil operational needs or to comply with any legal requirements
  • ensure the quality of personal data used
  • apply strict checks to determine the length of time personal data is held
  • ensure that the rights of individuals about whom the personal data is held, can be fully exercised under the Act
  • take appropriate security measures to safeguard personal data
  • ensure that personal data is not transferred abroad without suitable safeguards