Porthllisky Cottages aims to operate in an efficient and professional manner by managing, collecting and storing information about our clients, learners, suppliers and people with whom we work with. These may include members of the public, current, past and prospective employees, funded bodies and suppliers. In addition, we may be required by law to collect and use information in order to comply with the requirements of central government, awarding bodies or other regulatory bodies. All personal information held by the company must be handled properly under the Data Protection Act 1998 (‘the Act’). The Act regulates the way
that we handle ‘personal data’ that we collect in the course of carrying out our functions and gives certain rights to people whose ‘personal data’ we may hold. We consider that the correct treatment of personal data is integral to our successful operations and to maintaining trust of the persons we deal with. We fully appreciate the underlying principles of the Act and support
and adhere to its provisions. We are registered with the Information Commissioner to process personal data. We are named as a data controller under the register kept by the Information Commissioner in accordance with section 19 of the Act.

The Act uses the term ‘personal data’. For information held by Porthllisky Cottages – personal data essentially means any recorded information held by us and from which a living individual can be identified. It will include a variety of information including:
• Names
• Addresses
• Telephone Numbers
• Photographs of people
• Other personal details
It will include records, attachments, support documents, assessment documentation and any expression of opinion about a living individual or any indication of our intentions about that individual.

Porthllisky Cottages will comply with the eight enforceable data protection principles by making sure that ALL personal data is:
1. fairly and lawfully processed
2. processed for limited purposes
3. adequate, relevant and not excessive
4. accurate and kept up to date
5. not kept longer than necessary
6. processed in accordance with the individual’s rights
7. secure
8. not transferred to countries outside the European Economic area unless the country to which the data is to be transferred has adequate protection for the individuals.

Porthllisky Cottages will ensure that at least one of the following conditions are met before we process any personal data onto our secure CRM – customer Relationship Management system and data storage system called HubSpot:
1. the individual has consented to the processing
2. the processing is necessary for the performance of a contract with the individual
3. the processing is required under a legal obligation (other than one imposed by a contract)
4. the processing is necessary to protect vital interests of the individual
5. the processing is necessary to carry out public functions eg. administration of justice
6. the processing is necessary in order to pursue our legitimate interests or those of third parties (unless it could unjustifiably
prejudice the interests of the individual)
Under the Act, one of a set of additional conditions must be met for ‘sensitive personal data’. This includes information about their vehicle car registration. We will ensure that one of the following additional conditions are met before we process any sensitive personal data:
1. the individual has explicitly consented to the processing
2. we are required by law to process the information for employment purposes
3. we need to process the information in order to protect the vital interests of the individual or another person
4. the processing in necessary to deal with the administration of justice or legal proceedings

Porthllisky Cottages will ensure that individuals are given their rights under the Act including:
• the right to obtain their personal information from us except in limited circumstances
• the right to ask us not to process personal data where it causes substantial unwarranted damage to them or anyone else
• the right to claim compensation from us for damage and distress caused by any breach of the Act

While it is unlikely, Porthllisky Cottages may be required to disclose user data by a court order or to comply with other legal requirements. We will use all reasonable endeavours to notify you before we do so, unless we are legally restricted from doing so.

Porthllisky Cottages shall not sell, rent, distribute or otherwise make user data commercially available to any third party, except as described above or with your prior permission.

Porthllisky Cottages will ensure that:
•everyone managing and handling personal information understands that they are responsible for following good data protection practice
•there is someone with specific responsibility for data protection in the organisation
•staff who handle personal information are appropriately supervised and trained
•queries about handling personal information are promptly and courteously dealt with •people know how to access their own personal information
•methods of handling personal information are regularly assessed and evaluated
•any disclosure of personal data will be in compliance with approved procedures
•we take all necessary steps to ensure that personal data against unauthorised or unlawful loss or disclosure
•all contractors who are users of personal information supplied by the council will be required to confirm that they will abide by the
requirements of the Act with regard to information supplied by us Jan Elliott is the companies Director and is responsible for managing information compliance including data protection for Porthllisky Cottages, Jan Elliott is also the person responsible for ensuring that the data protection policy is effectively implemented and at all times upheld.