Data protection policy

Common terms and application

Personal data

This is any information relating to an identified or identifiable living individual (from information in our possession or when put together with other information we might reasonably access).

This policy applies to all personal data we process regardless of the media on which that data is stored. 

The law (and this policy) applies to:

  1. personal data processed by automated means such as computers, phones, tablets, CCTV, swipe cards etc. or,
  2. (structured) personal data held in a ‘relevant filing system’ for example an employee’s personnel file or it is intended to form part of such a file or,
  3. unstructured personal data. 


Special personal data is that about an individual’s race/ethnicity, political opinions, religious or philosophical beliefs, membership of a trade union, their genetic/biometric data (if used to identify them), health information or information about their sex life or sexual orientation.


Processing includes receiving information, storing it, considering it, sharing it, destroying it etc.  We recognise that the law applies to all processing activities.


A processor is a third-party individual/organisation who process personal data on our behalf – to our instructions.


We are the controller of people’s personal data as we determine what is collected, why and how it is used.

Data subject

The individual who is the focus of the information is known as the data subject.


Consent means any freely given, specific, informed and unambiguous indication of a person’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Data breach

A data breach means a breach of our security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.