Data Protection Policy

Data Protection Policy

 
The security and privacy of your data is taken seriously by the Company, but we need to gather and use information, or ‘data’, about you as part of our business and to manage our relationship with you. The Company is a ‘data controller’ for the purposes of your personal data. We are committed to complying with all our data protection legal obligations regarding how we obtain, handle, process or store personal data.
 
Our Data Protection policy applies to current and former employees, workers, volunteers, interns, apprentices and consultants. If you fall into one of these categories, you are a ‘data subject’ for the purposes of this policy. You should read this policy alongside your contract of employment (or contract for services), our Privacy Notice, IT policy and any other notice we issue to you from time to time in relation to your data. Any breach of this policy may result in disciplinary action being taken up to and including dismissal.
 
We have taken steps to protect the security of your data in accordance with our Data Protection policy. We train staff about their data protection responsibilities as part of the induction process. We will only hold data for as long as necessary for the purposes for which we collected it.
 
This policy does not form part of your contract of employment (or contract for services, if relevant) and can be amended by the Company at any time.
 

Data Protection Principles

Personal data must be processed in accordance with six ‘Data Protection principles. It must be:
 
  • Processed fairly, lawfully and transparently.
  • Collected and processed only for specified, explicit and legitimate purposes.
  • Adequate, relevant and limited to what is necessary for the purposes for which it is processed.
  • Accurate and kept up to date. Any inaccurate data must be deleted or rectified without delay.
  • Not kept for longer than is necessary for the purposes for which it is processed.
  • Processed securely.
 

How we define personal data

‘Personal data’ means information which relates to a living person who can be identified from that data (a ‘data subject’) on its own, or when taken together with other information which is likely to come into our possession. Personal data includes any expression of opinion about the person and an indication of the intentions of us or others in respect of that person. It applies to data stored electronically, on paper or other materials, but does not include anonymised data.
 
The types of personal data we collect and use about you is included in the Privacy Notice that is issued with your contract of employment.
 
 
 

Special categories of personal data

These may be processed for monitoring equal opportunities, managing your absence or complying with deductions from payroll, among other reasons.
 
  • Your racial or ethnic origin.
  • Your political opinions.
  • Your religious or philosophical beliefs.
  • Your trade union membership.
  • Your genetic or biometric data.
  • Your health.
  • Your sex life and sexual orientation.
  • Any criminal convictions and offences.
 

How and Why We Process Your Data

‘Processing’ the data that we hold includes collection, recording, organisation, structuring or storage, adapting, retrieving, disseminating, aligning and also removing or erasing it.
 
The Company will process your personal data if it is needed to perform the contract of employment (or services) between us or to comply with any legal obligation, or if it is necessary for our legitimate interests (or for the legitimate interests of someone else). The Privacy Notice covers the reasons for collecting and processing your data, and when and who we share it with. We can process your personal data for these purposes without your knowledge or consent. However, we will not use your personal data for an unrelated purpose without telling you about it and the legal basis that we intend to rely on for processing it. We will only process special categories of your personal data in certain situations in accordance with the law.
 
We do not take automated decisions about you using your personal data or use profiling in relation to you.
 

Sharing Your Personal Data

Sometimes we might share your personal data with group companies or our business partners, contractors and agents in order to carry out our obligations under our contract with you or for our legitimate interests; these parties are required to hold data legally and confidentially. These parties are detailed in your Privacy Notice.
 
We do not send your personal data outside the European Economic Area. If this changes, you will be notified of this and the protections which are in place to protect the security of your data will be explained.
 

How You Should Process Personal Data for the Company

Everyone who works for, or on behalf of, the Company has some responsibility for ensuring data is collected, stored and handled appropriately, in line with this policy and the Company’s IT policy.
 
You should only access personal data covered by this policy if you need it for the work you do for, or on behalf of, the Company and only if you are authorised to do so. You should only use the data for the specified lawful purpose for which it was obtained and follow the following principles:
 
 
 
  • Do not share personal data informally; keep it secure and don’t share it with unauthorised people.
  • Regularly review and update personal data which you have to deal with. Update us if your own contact details change.
  • Do not make unnecessary copies or keep personal data. Dispose of any copies securely.
  • Consider anonymising data or using separate keys/codes so that the data subject cannot be identified.
  • Do not transfer personal data out of the European Economic Area except in compliance with the law and with authorisation of the person responsible for data in the Company.
  • Lock drawers and filing cabinets. Do not leave papers with personal data lying about.
  • Do not take personal data away from Company premises without authorisation.
  • Ask for help from the person responsible for data in the Company if you are unsure about data protection or the IT Policy, or if you notice any areas we can improve upon.
 

How to Deal with Data Breaches

We have robust measures in place to minimise and prevent data breaches from taking place. Should a breach of personal data occur, please inform Operations Director immediately and keep any evidence you have in relation to the breach. We will take the appropriate action.
 

Subject Access Request (SAR)

Data subjects can make a ‘Subject Access Request’ (‘SAR’) to find out the information we hold about them. If you would like to make a SAR in relation to your own personal data, you should make this in writing to the person responsible for data in the Company. We will comply with all legal requirements. If you receive a SAR, please pass it on to the person responsible for data and ensure that you keep any information regarding it.
 

Your Data Subject Rights

The law provides clear rights with regard to your data protection; a full list can be found on the Information Commissioner’s Office website (www.ico.org.uk). This website has further information on your rights and our obligations, and also on the route for you to make a complaint. The following are the key, but not exhaustive, list of rights:
 
  • The right to information about what personal data we process: how and on what basis.
  • The right to access your own personal data via a SAR.
  • The right to correct any inaccuracies in your personal data, by contacting the person responsible for data in the Company.
  • The right to request that we erase your personal data where we were not entitled under the law to process it – or where it is no longer necessary to process it for the purpose it was collected – and have access temporarily restricted. To do this, you should contact the person responsible for data in the Company.
  • The right to object to data processing where we are relying on a ‘legitimate interest’ to do so, and you think that your rights and interests outweigh our own and you wish us to stop; or for use in direct marketing.
  • The right to receive a copy of your personal data and to transfer your personal data to another data controller.
  • The right to be notified of a data security breach concerning your personal data.
  • The right not to give your consent for processing of personal data, or to withdraw this later by contacting the person responsible for data in the Company.
 

Review

The Operations Director is responsible for reviewing this policy. You should direct any questions in relation to this policy or data protection to this person and address any written requests to them.


 

 
 
Proud suppliers to
Sitemap
Policies and Statements
Contact us
Quentor Ltd
Unit 6, Lansdowne Road
Norwich, Norfolk, England, NR6 6NF

Registered in England
and Wales No. 02144668

Accreditations
NQA ALU Norfolk Chamber
Awards
Mia


UK Patent No. GB2 390 657.
US Patent No. US 7, 802,408
EP Patent No. 1 534 962

© 2025 Quentor Ltd. All Rights Reserved. / Privacy Policy / Website powered by empresa