​

This policy applies to the processing of personal data in manual and electronic records kept by the Company. It also covers the Company’s response to any data breach and other rights under the Data Protection and Privacy Act (2019).

 

“Personal data” is information that relates to an identifiable person who can be directly or indirectly identified from that information, for example, a person’s name, identification number, location, online identifier. 

 

“Special categories of personal data” is data, which relates to the religious or philosophical beliefs, political opinion, sexual life, financial information, health status or medical records of an individual.

 

“Data processing” is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

The Company makes a commitment to ensuring that personal data, including special categories of personal data is processed in compliance with the Data Protection and Privacy Act (2019) and all its employees conduct themselves in line with this, and other related policies. Where third parties process personal data on behalf of the Company, the Company will ensure that the third party takes such measures in order to maintain the Company’s commitment to protecting personal data. In line with the Data Protection and Privacy Act (2019), the Company understands that it will be accountable for the processing, management and storage and retention of all personal data held in the form of manual records and on information systems.