?Hailwood & Co
We need to collect and use certain types of personal information about the people we deal with, such as clients, employees and others with whom we communicate.
This is a statement of the data protection policy adopted by Hailwood & Co.
Under the Data Protection Legislation, all organisations which handle personal information must comply with a number of important principles regarding the privacy and disclosure of this information. We recognise that, to maintain our reputation and integrity, we must be fully compliant with this legislation.
Data protection legislation
In the United Kingdom and the European Economic Area (EEA), "Data Protection Legislation" means all applicable data protection and privacy legislation or regulations including The Privacy and Electronic Communications (EC Directive) Regulations 2003 (also known as PECR) and any guidance or codes of practice issued by the European Data Protection Board or the Information Commissioner, together with Regulation (EU) 2016/679 (the "General Data Protection Regulation" or "GDPR"), as amended by the UK Data Protection Bill.
Therefore we fully endorse and adhere to the principles of data protection set out in the Data Protection legislation and will:
- fully observe the conditions regarding the fair collection and use of personal information;
- meet our legal obligations to specify the purposes for which we use personal information only collect and process the personal information needed to carry out our business or to comply with any legal requirements;
- ensure that the personal information we use is as accurate as possible;
- ensure that we don't hold personal information any longer than is necessary;
- ensure that people know about their rights to see the personal information we hold about them;
- take appropriate technical and organisational security measures to safeguard personal information; and
- ensure that personal information is not transferred abroad without suitable safeguards.
In addition, we will ensure that:
- there is someone with specific responsibility for data protection in the organisation, Danny French is the Data Protection Officer;
- we regularly review and audit how we handle personal information;
- the ways we handle personal information are clearly described;this
- everyone handling personal information understands that they are responsible for following good practice;
- everyone handling personal information is appropriately trained and properly supervise;
- anybody wanting to make enquiries about handling personal information knows what to do; and
- queries about handling personal information are dealt with promptly and courteously
You have the right to request a copy of the personal information that we hold about you. To do so please write to us at the above address. We charge a £10 fee for this service.
Your privacy is important to us. We'll handle any personal data we collect in line with current Data Protection Legislation.
We retain only the details we need to provide you with the services we are contracted to provide, and once those services have been provided, for the statutory period of records retention.
We never share information with 3rd parties other than those where sharing information is an integral part of the service we provide (e.g. HM Revenue and Customs, Companies House, The Financial Conduct Authority, The Charity Commission).
We will not contact you unless it is in relation to a service we are providing.
All physical data is stored on our premises. Electronic data is stored in the fileserver on our premises, which is necessarily connected to the internet and protected by a firewall. It is also backed up off-site via a secure connection to a reputable data backup service.