General Data Protection Regulation- May 2018
Privacy Policy issue 1 April 2018 (NDBP-036 issue 1)
The company (ND Brown Ltd) is keen to ensure that staff who are employed by the company and other business associates are aware of the requirements in connection with individual’s privacy rights.
The company are keen to ensure that all staff are aware that personal data held by the company will be made available only to the individual in question. We allow staff to see all information we are holding, which relates solely to them.
Such information is for the benefit of the company and will not be shared with any other organisation.
The company will only hold personal information which is applicable and necessary.
The company will NOT provide that information to any outside source or organisation, it must be noted the ‘company’ need to provide information to government organisations, such as tax, National insurance and pensions contributions.
When explained in sufficiently broad terms a privacy notice does allow for development in the way we as a company use personal Data, whilst we are committed at the same time to providing individuals with enough knowledge to allow them to appreciate why the information is required.
Gain and record consent.
We consider how we will gain and record individuals’ consent, if required. The Company understands that there is a difference between telling a person how we’re going to use their personal information and getting their consent.
Although in many cases it may be enough to be transparent, and rely on a lawful basis other than consent, in others a positive indication of an individual’s agreement will be deemed necessary.
When relying on consent, our method of obtaining consent, will be assisted by:
Asking the individual to be positive and Opt-in, as this is in line with Good Practice. Giving individuals sufficient information to make the right choice, we recognise that is a far better system, then getting a tick box completed.
Privacy for customers
It is Company Policy not to divulge information in connection with other clients and what financial arrangements they may have. The company and its officers are not at liberty to detail any business relationship they may have with other
customers.
General Data Protection Regulation- May 2018
Privacy Policy issue 1 (page 2 of 2)
The company will explain the different ways in which information will be used. The company will provide a clear and simple method as to why different types of processing may be required. In other words, people will not be forced to agree to several types of processing simply because the privacy notice only includes an option to agree or disagree to all. People are permitted to give consent to their information being used for one purpose but not another.
The company only want to be associated with Good Practice the proposed method is with separate unticked opt-in boxes for each or Yes/No buttons of equal size and prominence.
The company will gain consent following any changes to the Privacy Policy, and how individuals can revoke their consent if they do not agree with the changes. Individuals have the right to not accept change should they not wish so.
We take privacy seriously and will only use personal information to administer a person’s account and to provide the products and services requested from us.
The company is aware of individuals rights and the policy of the company in all situations is as follows:
The Data protection Act (DPA) is being replaced, this Privacy Policy reflects The General Data Protection Regulation (GDPR) which becomes law on 28th May 2018.
The Privacy Policy is referred to within Clause VII of our ISO 9001:2015 Quality Management system which is independently audited in accordance with UKAS accreditation.
Mark Fernyhough (Managing Director)
18th May 2018