1: Introduction
ATGlobe Research Ltd needs to collect & use information about individuals in order to conduct its business.
This policy describes how this data will be handled, stored and accessed in order to meet data compliance requirements.
2: Data Protection Principles
All data will be:
- Processed fairly and lawfully.
- Be obtained for specific and lawful purposes.
- Be adequate, relevant & not excessive.
- Be accurate and kept up to date.
- Not be held for longer than necessary.
- Processed in accordance with individuals’ data rights.
- Be protected in appropriate ways.
- Not be transferred outside of the EEA unless that country offers adequate protection.
3: Policy scope
This policy applies to ATGlobe Research Ltd and applies to all employees and contractors.
It applies to all data that the company holds relating to identifiable individuals.
4: Responsibilities
The data protection officer is David Feldman and is ultimately responsible for ensuring that ATGlobe Research Ltd meets its legal obligations
The data protection officer will:
- Review all data protection procedures annually.
- Handle all data protection issues from staff, contractors and subject access requests.
- Ensure all systems and data storage meets acceptable security standards.
- Evaluate any third-party services and contractors who store, access or process data.
5: General guidelines
5:1 Data sharing & scope
- No banking or credit card data whether business or personal will be stored.
- Personal assessments, data or recorded meetings will not be shared with any third parties or contractors beyond the employee’s employer and then only for the execution of the purpose for which the data was collected.
- We will not store any individual data that is not for the direct purpose of executing the contractual business between ATGlobe Research Ltd & the individual/individuals employer.
- We will not keep historical data unless required to do so under legal statute or unless it can reasonably be assumed that it will be required at a future point.
- All data stored electronically will be protected from unauthorised access, accidental deletion, and malicious hacking attacks.
6: Data storage
We will not store paper records of a business or personal data, coaching meetings & discussions.
- We will hold the minimum level of personal data.
- Personal data will only be collected if appropriate business alternatives are not available or there is an expressed preference from the individual themselves.
- All data stored electronically will be protected from unauthorised access, accidental deletion, and malicious hacking attacks.
- Data will be protected by strong passwords that are changed regularly and never shared.
- Data will be stored ONLY on GPDR approved cloud computing services.
- Data will not be copied or stored on mobile devices, laptops or smartphones.
- Data stored on desktop devices will be encrypted and kept within a secure office with limited access and protected by strong antivirus/hacking software.
- Data will be stored in a few places as necessary.
7: Data use
- Personal data will not be shared informally and never sent by email.
- All data will be encrypted before being sent electronically.
8: Subject access requests
All individuals who are the subject of personal data held by ATGlobe Research Ltd are entitled to:
- Ask what information the company holds on them & why
- Ask how to gain access to it
- Be informed how to keep it up to date
- Be informed about how the company is meeting its data obligations
Subject access requests will be made in writing or by email to david.feldman@atgloberesearch.com
The data controller will always verify the identity of anyone making a subject access request
9: Disclosing data for other reasons
Under certain circumstances the Data Protection Act allows personal data to be disclosed to law enforcement agencies without the consent of the data subject
Under these circumstances, ATGlobe Research Ltd will disclose requested data. However, the data controller will ensure that the request is legitimate.