Data Protection Policy

 

1. Introduction: Commitment to Data Protection
Jedi Sales Consultants Ltd is committed to ensuring the privacy and security of personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy outlines how we collect, process, store, and protect personal data, ensuring transparency and accountability in all our data handling practices.

2. Scope: Who the Policy Applies To
This policy applies to all employees, contractors, suppliers, and third-party service providers who handle personal data on behalf of Jedi Sales Consultants Ltd. It covers all personal data collected, whether electronically or in paper format, and applies to all business activities involving the use of personal information.

3. Data Protection Principles
Jedi Sales Consultants Ltd adheres to the following key data protection principles:

  • Lawfulness, Fairness, and Transparency: Personal data is processed lawfully, fairly, and transparently.
  • Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
  • Data Minimisation: Only necessary data is collected and processed.
  • Accuracy: Data is kept accurate and up to date.
  • Storage Limitation: Data is retained only for as long as necessary.
  • Integrity and Confidentiality: Data is processed securely to prevent unauthorised access, loss, or damage.

4. Responsibilities: Roles in Data Protection

  • Management: Ensures compliance with data protection laws and oversees implementation.
  • Employees: Must handle personal data responsibly and report any data breaches or concerns.
  • Data Protection Officer (DPO): Oversees compliance, advises on data protection matters, and handles subject access requests (SARs) and data breaches.

5. Data Subject Rights
Individuals whose data is processed by Jedi Sales Consultants Ltd have the following rights:

  • Right to Access: Request access to their personal data.
  • Right to Rectification: Request correction of inaccurate data.
  • Right to Erasure: Request deletion of their personal data under certain conditions.
  • Right to Restriction of Processing: Request limited processing of their data.
  • Right to Data Portability: Request transfer of their data to another organisation.
  • Right to Object: Object to the processing of their personal data.

6. Data Security Measures
To protect personal data, Jedi Sales Consultants Ltd implements:

  • Access Controls: Limiting access to authorised personnel only.
  • Encryption: Ensuring sensitive data is securely encrypted.
  • Regular Audits: Conducting routine assessments to ensure compliance.
  • Incident Response Plan: Handling data breaches swiftly and effectively.

7. Data Breach Reporting
Any suspected data breaches must be reported immediately to the Data Protection Officer. A thorough investigation will be conducted, and, if necessary, the Information Commissioner’s Office (ICO) and affected individuals will be notified within the required legal timeframe.

8. Policy Review and Compliance
This policy is reviewed regularly to ensure compliance with legal and regulatory requirements. Employees will receive training to remain informed about data protection obligations.

 

Policy Approval

  • Effective Date: 18/09/2024
  • Last Reviewed Date: 18/09/2024
  • Signed by: Nathan Ottaway
  • Role: Owner
  • Date: 18/09/2024