Data Protection & Data Retention Policy

Data Protection & Data Retention Policy

Last Modified: 03 October, 2024

Introduction 

Valustaff Limited (“we”“our”, or “us”:) is committed to ensuring the privacy and protection of all personal data we process. This Policy (“Data Protection Policy” or “Policy”) outlines how we collect, use, store, and protect personal data in compliance with UK's Data Protection Legislation, the UK General Data Protection Regulation (UK-GDPR) and the Data Protection Act 2018.

Scope

This Policy applies to all employees, contractors, suppliers, and any third parties who process personal data on behalf of Valustaff Limited.

Key Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person (data subject).
  • Processing: Any operation performed on personal data, such as collection, recording, organisation, storage, use, or disclosure.
  • Data Controller: The entity that determines the purposes and means of processing personal data.
  • Data Processor: The entity that processes personal data on behalf of the controller.

Principles of Data Protection

We are committed to ensuring that personal data is:

  • Processed lawfully, fairly, and transparently.
  • Collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
  • Adequate, relevant, and limited to what is necessary.
  • Accurate and, where necessary, kept up to date.
  • Kept in a form that permits identification of data subjects for no longer than necessary.
  • Processed in a manner that ensures appropriate security.

Legal Basis for Processing

Valustaff Limited ensures that we only process personal data when we have a lawful basis to do so, including:

  • The performance of a contract with the data subject.
  • Compliance with a legal obligation.
  • Legitimate interests pursued by the company or a third party, provided such interests are not overridden by the rights of the data subject.
  • Consent from the data subject.

Data Subjects' Rights

Data subjects have the following rights concerning their personal data: 

  • The right to access their personal data;
  • The right to rectification of inaccurate or incomplete data;
  • The right to erasure (“right to be forgotten”);
  • The right to restrict processing;
  • The right to data portability;
  • The right to object to processing based on legitimate interests;
  • The right to withdraw consent at any time (where consent is the lawful basis for processing).

Data Retention

We will retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. After this period, data will be securely deleted or anonymised.

Data Security

We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.

These include:

  • Encryption of data;
  • Access controls and authentication;
  • Regular security assessments and audits.

Breach Notification

In the event of a data breach, Valustaff Limited will:

  • Notify the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the breach if it is likely to result in a risk to the rights and freedoms of individuals.
  • Notify affected individuals where there is a high risk to their rights and freedoms.

Training and Awareness

All employees and contractors who handle personal data are trained on their responsibilities under data protection laws and this Data Protection Policy. Regular refresher training will be provided.

Roles and Responsibilities

While we do not have a designated Data Protection Officer, our Head Of Compliance will oversee compliance with this Policy and data protection laws. All employees are responsible for ensuring that they follow this Policy when handling personal data.

Changes to This Policy

We may update this Policy from time to time to reflect changes in the law or our practices. Any updates will be communicated to all staff.

Contact Information

For any questions regarding this Policy or our data protection practices, please contact us at legal@valustaff.co.uk.

Experience the future of business