As your employers, we hold certain personal information on you and all its employees. We only hold and retain personal data for as long as needed. This retention period is based on the business needs, the current and future value of the information, the costs, risks and liabilities associated with retaining the information, and the ease or difficulty of ensuring it remains accurate and up to date.

We have appointed Courtney Dodds as the Data Protection Officer (DPO) responsible for data protection compliance within the company. They can be contacted at [email protected]

Questions about this policy or requests for further information should be directed to them.

Data is only collected for specific purposes and only used for these purposes. All forms of gathering information state their specific reason for collection. Personal information is kept in the personnel record, held securely within the business/on HRIS.

We will comply with all statutory requirements of the General Data Protection Regulation (GDPR) by registering all your personal data held on its computer and/or related electronic equipment and by taking all reasonable steps to ensure the accuracy and confidentiality of such information.

You have the following rights as defined by GDPR:

• to be informed
• to access
• to rectification
• of erasure
• to restrict processing
• to data portability
• to object

The GDPR protects your rights concerning information about you held on your computer. Anyone processing personal data must comply with the seven principles of good practice. Data must be:

• processed lawfully, fairly and with transparency
• processed for specified, explicit and limited purposes
• adequate, relevant, and limited to what is necessary for relation to the purposes for which it is processed
• accurate and kept up to date
• not kept longer than necessary
• processed in accordance with the data subject’s rights