Data Protection Policy

      Guardian Moving & Storage Ltd Data protection policy

      Context and Overview

      Introduction

      The purpose of this policy is to ensure compliance with the General Data Protection Regulation and related national legislation (“Data Protection law”). Data Protection law applies to the processing of personal data.

      Guardian Moving & Storage Ltd(Guardian)  need to process personal data. ‘Processing’, in this context, means collecting, storing, using and erasing personal data, irrespective of its format.

      Why this policy exists

      Guardian Moving & Storage Ltd processes the personal data of its customers, employees and third-parties. This policy, and staff adherence to it, will ensure Guardian Moving & Storage Ltd complies with Data Protection law and, in so doing, adopt good practice.

      The policy also aims to protect the rights afforded to data subjects by Data Protection law and, together with the Data Privacy Statement, helps to demonstrate Guardian Moving & Storage Ltd’s  legal compliance.

      Adherence to this policy will protect Guardian Moving & Storage Ltd from the risks of non-compliance. This includes but is not limited to:

      • Breaches of confidentiality. For example, information being given out inappropriately.
      • Failing to offer choice. For example, not informing all customers of their rights over their data which we hold.
      • Reputational damage. For example, the company could suffer if hackers successfully gained access to company-held personal data.

      Data protection law

      Guardian Moving & Storage Ltd is committed to complying with Data Protection law as part of everyday working practices. Complying with Data Protection law can be summarised as but is not limited to:

      • Understanding, and applying as necessary, the data protection principles when processing personal data;
      • Understanding, and fulfilling as necessary, the rights given to data subjects under Data Protection law; and
      • Understanding, and fulfilling as necessary, Guardian Moving & Storage Ltd accountability obligations under Data Protection law.

      As noted, Data Protection law is underpinned by certain principles which govern the processing of personal data. These are:

      • Lawfulness, fairness and transparency.
      • Purpose limitation.
      • Data minimisation.
      • Accuracy.
      • Storage limitation.
      • Integrity and confidentiality.

      Guardian Moving & Storage Ltd needs to comply with these six principles and also be able to demonstrate compliance. This requirement to demonstrate compliance is called “accountability” and is a key element of Data Protection law.

      People, risks and responsibility

      Policy scope

      This policy applies to all employees of Guardian Moving & Storage (as ‘Data Controller’) and their processing of company-held personal data.
      If another organisation is engaged as a Data Processor, then at Guardian Moving & Storage Ltd’s (as ‘Data Controller’) request, a Data Processing Agreement will be put in place to ensure standards of data protection over company-held personal data are not undermined when shared with third-parties.

      Responsibilities

      Guardian Moving & Storage Ltd has a corporate responsibility as a Data Controller (or when acting as a Joint Data Controller or a Data Processor) for:

      • Complying with Data Protection law and holding records demonstrating this;
      • Cooperating with the Information Commissioner’s Office (ICO) as the UK regulator of Data Protection law; and
      • Responding to regulatory/court action and paying monetary penalties issued by the ICO.

      All staff at Guardian Moving & Storage Ltd share in the collective responsibility for ensuring personal data is collected, stored and used appropriately.

      General staff guidelines

      The following are guidelines all staff should adhere to. Staff are, individually, responsible for:

      • Maintaining confidential a unique and strong password, which under no circumstances should be shared;
      • Only accessing personal data they need to perform their work;
      • Recognising, reporting internally, and cooperating with any remedial work arising from personal data breaches;
      • Not informally sharing personal data;
      • Updating personal data if it is found to be out of date. If it is no longer required for the purpose it was initially used for, it should be deleted or disposed of appropriately;
      • Only erasing or anonymizing personal data at the instruction of the data subject or in line with the appropriate retention period; and
      • Recognising, reporting internally, and cooperating with the fulfillment of data subject access requests.

      Guardian Moving & Storage Ltd ©2018