Data Protection Policy
ELH DATA PROTECTION POLICY- document last updated 13th May 2021
The Management of E L H Limited, located in Milton Keynes is committed to compliance with all national UK laws in respect of personal and sensitive data, and to protecting the rights and privacy of individuals. This includes programme participants, learners, staff and others in accordance with the Data Protection Act.
ELH Ltd is registered as a Data Controller with the Information Commissioner’s Office to process information about its staff, participants, learners and other individuals with whom it has dealings for administrative purposes (e.g. to recruit and pay employees/staff, to administer programmes of provision, to collect fees, and to comply with legal obligations to funding bodies and government). To comply with the law, information about individuals must be collected and used fairly, stored safely and securely and not disclosed unlawfully to any third party.
In particular ELH will:
● process personal data in accordance with the GDPR principles which are the core regulations.
These are as follows:
1. Lawfulness, fairness and transparency
2. Purpose Limitations
3. Data Minimisation
4. Accuracy
5. Storage Limitations
6. Integrity and Confidentiality, and
7. Accountability
The policy applies to all employees/staff, clients, contractors, participants and learners at ELH.
Any breach of the Data Protection Act 1998 or this Policy will be dealt with under ELH’s disciplinary policy and may also be a criminal offence, in which case the matter will be reported as soon as possible to the appropriate authorities. Partners, other agencies and any third parties working with or for ELH , and who have or may have access to personal information, will be expected to have read, understood and comply with this policy. No third party may access personal data held by ELH without having first entered into a data confidentiality agreement which imposes on the third party obligations no less onerous than those to which ELH is committed and which gives ELH the right to audit compliance with the agreement.
This policy statement is communicated to all persons working for or on behalf of ELH who are expected to comply with this policy.
The Data Protection Act specifies that any person who has personal or sensitive data held by ELH has the right to access their data. On satisfactory submission of a subject access request form and a processing fee, ELH will respond appropriately within 40 days. To request a Subject Access Request Form please email [email protected]
This policy is approved by the Director ELH on behalf of the management of ELH.
The Management of E L H Limited, located in Milton Keynes is committed to compliance with all national UK laws in respect of personal and sensitive data, and to protecting the rights and privacy of individuals. This includes programme participants, learners, staff and others in accordance with the Data Protection Act.
ELH Ltd is registered as a Data Controller with the Information Commissioner’s Office to process information about its staff, participants, learners and other individuals with whom it has dealings for administrative purposes (e.g. to recruit and pay employees/staff, to administer programmes of provision, to collect fees, and to comply with legal obligations to funding bodies and government). To comply with the law, information about individuals must be collected and used fairly, stored safely and securely and not disclosed unlawfully to any third party.
In particular ELH will:
● process personal data in accordance with the GDPR principles which are the core regulations.
These are as follows:
1. Lawfulness, fairness and transparency
- We will collect Personal Data, that we need lawfully, and we will use this fairly and transparently. We will tell data subjects ( ie people who provide us with their personal information) why we need their data, how long we intend to keep this, the names of any 3rd parties who will see it, and what rights data subjects have regarding the personal data we collect, save and/or process.
2. Purpose Limitations
3. Data Minimisation
4. Accuracy
5. Storage Limitations
6. Integrity and Confidentiality, and
7. Accountability
- only process personal data that is collected lawfully
- collect only the minimum personal information required for these purposes and not processing excessive personal information;
- provide clear information to individuals about how their personal information will be used and by whom;
- only process relevant and adequate personal information; process personal information fairly and lawfully;
- maintain an inventory of the categories of personal information processed by the organisation;
- keep personal information accurate and, where necessary, up-to-date;
- retain personal information only for as long as is necessary for legal or regulatory reasons or for legitimate organisational purposes;
- respect individuals’ rights in relation to their personal information, including their right of subject access;
- keep all personal information secure;
- only transfer personal information outside the EEA in accordance with data protection legislation and where it can be adequately protected;
- only apply the various exemptions allowable by data protection legislation where applicable;
- use a Personal Information Management System (PIMS) to enable this policy to be implemented;
- where appropriate, identify internal and external stakeholders and the degree to which these stakeholders are involved in the governance of the organisation’s PIMS; and identify those workers with specific responsibility and accountability for the PIMS
The policy applies to all employees/staff, clients, contractors, participants and learners at ELH.
Any breach of the Data Protection Act 1998 or this Policy will be dealt with under ELH’s disciplinary policy and may also be a criminal offence, in which case the matter will be reported as soon as possible to the appropriate authorities. Partners, other agencies and any third parties working with or for ELH , and who have or may have access to personal information, will be expected to have read, understood and comply with this policy. No third party may access personal data held by ELH without having first entered into a data confidentiality agreement which imposes on the third party obligations no less onerous than those to which ELH is committed and which gives ELH the right to audit compliance with the agreement.
This policy statement is communicated to all persons working for or on behalf of ELH who are expected to comply with this policy.
The Data Protection Act specifies that any person who has personal or sensitive data held by ELH has the right to access their data. On satisfactory submission of a subject access request form and a processing fee, ELH will respond appropriately within 40 days. To request a Subject Access Request Form please email [email protected]
This policy is approved by the Director ELH on behalf of the management of ELH.