Highlander Training Ltd Data Protection Policy

1. Introduction

Highlander Training Ltd (“the Company”) is committed to protecting personal data in compliance with the UK GDPR and Data Protection Act 2018.

2. Scope

This policy applies to all employees and affiliates handling personal data.

3. Data Protection Principles

The Company adheres to the following principles:

  • Lawfulness, Fairness, and Transparency: Process data lawfully, fairly, and transparently.
  • Purpose Limitation: Collect data for specific purposes only.
  • Data Minimisation: Only collect necessary data.
  • Accuracy: Keep data accurate and up to date.
  • Storage Limitation: Retain data only as long as necessary.
  • Integrity and Confidentiality: Ensure data security.

4. Data Subject Rights

Data subjects have the rights to:

  • Be informed
  • Access their data
  • Rectify inaccuracies
  • Request data erasure
  • Restrict processing
  • Object to processing
  • Object to automated decision-making

5. Data Security

Implement appropriate security measures, including:

  • Encryption
  • Access control
  • Regular backups

6. Data Breach Notification

Notify the ICO within 72 hours of a breach that risks individual rights and freedoms. Inform affected individuals promptly if necessary.

7. Responsibilities

  • Data Protection Officer (DPO): Oversees compliance and policy implementation.
  • Employees: Ensure personal data is processed in line with this policy.

8. Training

Provide regular data protection training to all employees.

9. Review

Review this policy annually or as needed.

10. Contact

For questions, contact the DPO at Highlander Training Ltd.