|consent||means the consent of the data subject which must be a freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify their agreement to the processing of personal data relating to them;|
|data controller||means the natural or legal person or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data. For the purposes of this Policy, the Company is the data controller of all personal data relating to stake holders used in our business for our commercial purposes;|
|data processor||means a natural or legal person or organisation which processes personal data on behalf of a data controller;|
|data subject||means a living, identified, or identifiable natural person about whom the Company holds personal data;|
|EEA||means the European Economic Area, consisting of all EU Member States, Iceland, Liechtenstein, and Norway;|
|personal data||means any information relating to a data subject who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that data subject;|
|personal data breach||means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored, or otherwise processed;|
|processing||means any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;|
|pseudonymisation||means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person; and|
|special category personal data||means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sexual life, sexual orientation, biometric, or genetic data.|
The following personal data is collected, held, and processed by the Company (for details of data retention.
|Data Ref.||Type of Data||Purpose of Data|
|Name, email and contact number||Help the consumer to find options|
The Company shall ensure that the following measures are taken with respect to all communications and other transfers involving personal data:
The Company shall ensure that the following measures are taken with respect to the storage of personal data:
TWhen any personal data is to be erased or otherwise disposed of for any reason (including where copies have been made and are no longer needed), it should be securely deleted and disposed of. For further information on the deletion and disposal of personal data, please refer to the Company’s Data Retention Policy.
The Company shall ensure that the following measures are taken with respect to the use of personal data:
The Company shall ensure that the following measures are taken with respect to IT and information security:
The Company shall ensure that the following measures are taken with respect to the collection, holding, and processing of personal data:
This Policy shall be deemed effective as of 01/01/2018. No part of this Policy shall have retroactive effect and shall thus apply only to matters occurring on or after this date.