Data Protection Policy
It is the policy of Odyssey Knebworth Limited (‘the Company’) to take all necessary steps to ensure that personal data held by the Company about its employees, customers, suppliers and all other individuals is processed fairly and lawfully. The Company will ensure that all relevant statutory requirements are complied with and that the Company's internal procedures are monitored periodically to ensure compliance.
The Company will implement and comply with the eight Data Protection Principles contained in the Data Protection Act 1998 (‘the Act’) which promote good conduct in relation to processing personal information: These Principles are:
i. Personal data shall be processed fairly and lawfully.
ii. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
iii. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which it is processed.
iv. Personal data shall be accurate and, where necessary, kept up to date.
v. Personal data processed shall not be kept for longer than is necessary for that purpose or those purposes.
vi. Personal data shall be processed in accordance with the rights of data subjects under the Act.
vii. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction or, damage to, personal data.
viii. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights of data subjects in relation to the processing of personal data.
The attention of all employees is drawn to the data protection rules and procedures laid down by the Company from time to time. Employees have a duty to follow these rules and procedures and to co-operate with the Company to ensure this policy is effective.
Disciplinary action may be taken against any employee who fails to comply with these rules and procedures.
The Company has a responsibility to ensure that personal data dealt with in the course of the Company's business is handled in accordance with statutory requirements and reasonable steps will be taken by all concerned to ensure this duty is observed.
The Company will consult with its employees periodically to ascertain what measures should be taken to increase awareness of data protection issues and to ensure that all necessary measures are taken to make this policy effective.
The Company will take such measures as may be necessary to ensure the proper training, supervision and instruction of all relevant employees in matters pertaining to data protection and to provide any necessary information.
The Company will monitor on an ongoing basis compliance with the provisions of the Act by third party processors of the Company's data.
The person having overall responsibility for data protection will be the Data Protection Officer, details of whom can be obtained from the Company Secretary.
Each manager will have immediate responsibility for data protection matters in his/her own area of work.
The Company will continually review data security arrangements, monitor the risk of exposure to major threats to data security, review and monitor security incidents, and establish and implement initiatives to enhance data security.
1. RESPONSIBILITY
Data protection is a responsibility shared by all employees of the Company. Employees must familiarise themselves with and observe at all times these Rules and Procedures relating to data protection, the Data Protection Policy Statement and any additional instructions which may be issued from time to time.
The person having overall responsibility for data protection within the Company will be the Data Protection Officer.
Each manager will have responsibility for data protection matters in his/her own immediate area of work, but in addition, many employees doing their normal duties may be required to process personal data; for example, information about customers, suppliers or fellow employees.
Employees who have any questions, comments or suggestions in relation to data protection should contact their line manager or HR.
2. PROCESSING PERSONAL DATA
In certain instances, the Company is required to obtain the consent of the individual to hold/process information about him/her. You will be advised and instructed when such consent is required and how such consent should be obtained and if you are in any doubt about whether consent is required from an individual, you should contact your line manager or HR.
Remember that an 'individual' could be someone that you manage or supervise, or a customer, supplier or other third party with whom you have dealings.
When consent is required, the employee or individual concerned must be provided with certain information at the time consent is requested. Specifically, the individual or employee about whom you are disclosing or processing data must be informed of:
- the purpose or purposes for which the data is intended to be processed;
- the identity of the Company;
- the identity of the Company's nominated representative
Personal data should only be used for the purpose or purposes advised to the individual and not for any ancillary purpose. For example, if an individual such as a supplier or customer was informed that his/her data would be used for marketing purposes, then such data cannot be used for any other purpose other than marketing.
Personal data held about an individual should be adequate, relevant and not excessive in relation to the purpose or purposes for which it is held. All opinions and/or statements of fact recorded about the individual must be accurate and relevant.
Personal data held about an individual must be kept up-to-date and accurate, and all employees are required to notify their line manager
of changes in their circumstances so that accurate, up to date data records can be maintained.
If the individual or employee withholds his/her consent or if his/her consent is not provided, then immediate reference should be made to their line manager or HR.
3. SECURITY OF DATA
All personal data held by the Company is to be treated as confidential.
Personal data must not be disclosed to anyone outside the Company unless the individual concerned has consented to such disclosure, or the Data Protection Officer has given you a specific instruction to do so.
Personal data must not be disclosed to any unauthorised employees. HR will establish and control personal data access.
User passwords will be issued to relevant employees who deal with computerised personal data. Such user passwords are not to be disclosed to any third party or unauthorised employee.
Personal data must be kept secure at all times.
Personal data must not be left unattended unless it has been placed in a secure location. Relevant employees will be advised by their line manager of the physical security arrangements to be adopted appropriate to the level of confidentiality of the personal data concerned.
Personal data must not be copied (whether on computer media, photocopies, computer print outs, or otherwise) without authorisation from your line manager.
Personal data must not be removed or transferred from the Company's premises (whether on computer media, in hard copy form, or otherwise) without authorisation from your line manager.
Individuals will have a right on written request to obtain a copy of personal data relating to him/her held by the Company. This includes employees.
All requests by individuals for information about personal data the Company holds about them must be referred immediately on receipt to HR who will co-ordinate the response to the relevant individual.
Failure to follow these security procedures may be considered to be an act of misconduct and the subject of disciplinary proceedings.
All security breaches, or suspected security breaches, relating to unauthorised access to or disclosure of personal data must be reported immediately to The Company HR or the IT Support Desk
It is the policy of Odyssey Knebworth Limited (‘the Company’) to take all necessary steps to ensure that personal data held by the Company about its employees, customers, suppliers and all other individuals is processed fairly and lawfully. The Company will ensure that all relevant statutory requirements are complied with and that the Company's internal procedures are monitored periodically to ensure compliance.
The Company will implement and comply with the eight Data Protection Principles contained in the Data Protection Act 1998 (‘the Act’) which promote good conduct in relation to processing personal information: These Principles are:
i. Personal data shall be processed fairly and lawfully.
ii. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
iii. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which it is processed.
iv. Personal data shall be accurate and, where necessary, kept up to date.
v. Personal data processed shall not be kept for longer than is necessary for that purpose or those purposes.
vi. Personal data shall be processed in accordance with the rights of data subjects under the Act.
vii. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction or, damage to, personal data.
viii. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights of data subjects in relation to the processing of personal data.
The attention of all employees is drawn to the data protection rules and procedures laid down by the Company from time to time. Employees have a duty to follow these rules and procedures and to co-operate with the Company to ensure this policy is effective.
Disciplinary action may be taken against any employee who fails to comply with these rules and procedures.
The Company has a responsibility to ensure that personal data dealt with in the course of the Company's business is handled in accordance with statutory requirements and reasonable steps will be taken by all concerned to ensure this duty is observed.
The Company will consult with its employees periodically to ascertain what measures should be taken to increase awareness of data protection issues and to ensure that all necessary measures are taken to make this policy effective.
The Company will take such measures as may be necessary to ensure the proper training, supervision and instruction of all relevant employees in matters pertaining to data protection and to provide any necessary information.
The Company will monitor on an ongoing basis compliance with the provisions of the Act by third party processors of the Company's data.
The person having overall responsibility for data protection will be the Data Protection Officer, details of whom can be obtained from the Company Secretary.
Each manager will have immediate responsibility for data protection matters in his/her own area of work.
The Company will continually review data security arrangements, monitor the risk of exposure to major threats to data security, review and monitor security incidents, and establish and implement initiatives to enhance data security.
1. RESPONSIBILITY
Data protection is a responsibility shared by all employees of the Company. Employees must familiarise themselves with and observe at all times these Rules and Procedures relating to data protection, the Data Protection Policy Statement and any additional instructions which may be issued from time to time.
The person having overall responsibility for data protection within the Company will be the Data Protection Officer.
Each manager will have responsibility for data protection matters in his/her own immediate area of work, but in addition, many employees doing their normal duties may be required to process personal data; for example, information about customers, suppliers or fellow employees.
Employees who have any questions, comments or suggestions in relation to data protection should contact their line manager or HR.
2. PROCESSING PERSONAL DATA
In certain instances, the Company is required to obtain the consent of the individual to hold/process information about him/her. You will be advised and instructed when such consent is required and how such consent should be obtained and if you are in any doubt about whether consent is required from an individual, you should contact your line manager or HR.
Remember that an 'individual' could be someone that you manage or supervise, or a customer, supplier or other third party with whom you have dealings.
When consent is required, the employee or individual concerned must be provided with certain information at the time consent is requested. Specifically, the individual or employee about whom you are disclosing or processing data must be informed of:
- the purpose or purposes for which the data is intended to be processed;
- the identity of the Company;
- the identity of the Company's nominated representative
Personal data should only be used for the purpose or purposes advised to the individual and not for any ancillary purpose. For example, if an individual such as a supplier or customer was informed that his/her data would be used for marketing purposes, then such data cannot be used for any other purpose other than marketing.
Personal data held about an individual should be adequate, relevant and not excessive in relation to the purpose or purposes for which it is held. All opinions and/or statements of fact recorded about the individual must be accurate and relevant.
Personal data held about an individual must be kept up-to-date and accurate, and all employees are required to notify their line manager
of changes in their circumstances so that accurate, up to date data records can be maintained.
If the individual or employee withholds his/her consent or if his/her consent is not provided, then immediate reference should be made to their line manager or HR.
3. SECURITY OF DATA
All personal data held by the Company is to be treated as confidential.
Personal data must not be disclosed to anyone outside the Company unless the individual concerned has consented to such disclosure, or the Data Protection Officer has given you a specific instruction to do so.
Personal data must not be disclosed to any unauthorised employees. HR will establish and control personal data access.
User passwords will be issued to relevant employees who deal with computerised personal data. Such user passwords are not to be disclosed to any third party or unauthorised employee.
Personal data must be kept secure at all times.
Personal data must not be left unattended unless it has been placed in a secure location. Relevant employees will be advised by their line manager of the physical security arrangements to be adopted appropriate to the level of confidentiality of the personal data concerned.
Personal data must not be copied (whether on computer media, photocopies, computer print outs, or otherwise) without authorisation from your line manager.
Personal data must not be removed or transferred from the Company's premises (whether on computer media, in hard copy form, or otherwise) without authorisation from your line manager.
Individuals will have a right on written request to obtain a copy of personal data relating to him/her held by the Company. This includes employees.
All requests by individuals for information about personal data the Company holds about them must be referred immediately on receipt to HR who will co-ordinate the response to the relevant individual.
Failure to follow these security procedures may be considered to be an act of misconduct and the subject of disciplinary proceedings.
All security breaches, or suspected security breaches, relating to unauthorised access to or disclosure of personal data must be reported immediately to The Company HR or the IT Support Desk
{{ error }}
{{ item.attachmentChangeReason.user }}
{{ item.attachmentChangeReason.date }} {{ item.attachmentChangeReason.time }}
{{ item.attachmentChangeReason.text }}
Associated File Items:
File signed: {{ item.signedDate }}