{"id":122,"date":"2018-05-11T11:57:05","date_gmt":"2018-05-11T10:57:05","guid":{"rendered":"http:\/\/www.qualityopticalservices.co.uk\/?page_id=122"},"modified":"2018-05-11T11:57:05","modified_gmt":"2018-05-11T10:57:05","slug":"gdpr-compliance","status":"publish","type":"page","link":"http:\/\/www.qualityopticalservices.co.uk\/?page_id=122","title":{"rendered":"GDPR Compliance"},"content":{"rendered":"<p><span style=\"font-family: Calibri,serif;\"><span style=\"font-size: xx-large;\">GDPR <\/span><\/span><span style=\"font-family: Calibri,serif;\"><span style=\"font-size: xx-large;\">Data protection policy<\/span><\/span><\/p>\n<p><span style=\"font-size: x-large;\"><span style=\"font-family: Calibri,serif;\">Context and overview<\/span><\/span><\/p>\n<p><span style=\"font-size: x-large;\"><span style=\"font-family: Calibri,serif;\">Key details<\/span><\/span><\/p>\n<p><span style=\"font-family: Calibri,serif;\">Policy prepared by:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><span style=\"color: #808080;\"><span style=\"color: #000000;\"><span style=\"font-family: Calibri,serif;\">Steven Harbutt<\/span><\/span><\/span><br \/>\n<span style=\"font-family: Calibri,serif;\">Approved by board \/ management on:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 11\/05\/2018<br \/>\n<\/span><span style=\"font-family: Calibri,serif;\">Policy became operational on:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 25\/05\/2018<br \/>\n<\/span><span style=\"font-family: Calibri,serif;\">Next review date:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 25\/05\/2019<br \/>\n<\/span><\/p>\n<p><span style=\"font-size: x-large;\"><span style=\"font-family: Calibri,serif;\">Introduction<\/span><\/span><\/p>\n<p><span style=\"font-family: Calibri,serif;\">Quality Optical Services<\/span> <span style=\"font-family: Calibri,serif;\">needs to gather and use certain informat<\/span><span style=\"font-family: Calibri,serif;\">ion about individuals.<\/span><\/p>\n<p><span style=\"font-family: Calibri,serif;\">These can include customers, suppliers, business contacts, employees and other people the organisation has a relationship with or may need to contact.<\/span><\/p>\n<p><span style=\"font-family: Calibri,serif;\">This policy describes how this personal data must be collected, handled and stored to meet the company\u2019s data protection standards and to comply with the law.<\/span><\/p>\n<p><span style=\"font-size: x-large;\"><span style=\"font-family: Calibri,serif;\">Why this policy exists<\/span><\/span><\/p>\n<p><span style=\"font-family: Calibri,serif;\">This data protection policy ensures <\/span><span style=\"font-family: Calibri,serif;\">Quality Optical Services <\/span><span style=\"font-family: Calibri,serif;\">:<\/span><\/p>\n<ul>\n<li><span style=\"font-family: Calibri,serif;\">Complies with <\/span><span style=\"font-family: Calibri,serif;\">GDPR legislation<\/span><span style=\"font-family: Calibri,serif;\"> and follow good practice <\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Protects the rights of staff, customers and partners<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Is open about how it stores and processes individuals\u2019 data<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Protects itself from the risks of a data breach<\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: x-large;\"><span style=\"font-family: Calibri,serif;\">Data protection law<\/span><\/span><\/p>\n<p><span style=\"font-family: Calibri,serif;\">The <\/span><span style=\"font-family: Calibri,serif;\">GDPR <\/span><span style=\"font-family: Calibri,serif;\">Data Protection Act 1998 <\/span><span style=\"font-family: Calibri,serif;\">revised 2018 <\/span><span style=\"font-family: Calibri,serif;\">describes how organisations including <\/span><span style=\"font-family: Calibri,serif;\">Quality Optical Services <\/span><span style=\"font-family: Calibri,serif;\">must collect, handle and store personal information. <\/span><\/p>\n<p><span style=\"font-family: Calibri,serif;\">These rules apply regardless of whether data is stored electronically, on paper or on other materials.<\/span><\/p>\n<p><span style=\"font-family: Calibri,serif;\">To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully.<\/span><\/p>\n<p><span style=\"font-family: Calibri,serif;\">The <\/span><span style=\"font-family: Calibri,serif;\">GDPR <\/span><span style=\"font-family: Calibri,serif;\">Data Protection Act 1998 <\/span><span style=\"font-family: Calibri,serif;\">revised 2018 <\/span><span style=\"font-family: Calibri,serif;\">is underpinned by eight important principles. These say that personal data must:<\/span><\/p>\n<ol>\n<li><span style=\"font-family: Calibri,serif;\">Be processed fairly and lawfully<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Be obtained only for specific, lawful purposes<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Be adequate, relevant and not excessive<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Be accurate and kept up to date<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Not be held for any longer than necessary<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Processed in accordance with the rights of data subjects<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Be protected in appropriate ways<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Not be transferred outside the European Economic Area (EEA), unless that country or territory also ensures an adequate level of protection<\/span><\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: x-large;\"><span style=\"font-family: Calibri,serif;\">People, risks and responsibilities<\/span><\/span><\/p>\n<p><span style=\"font-size: x-large;\"><span style=\"font-family: Calibri,serif;\">Policy scope<\/span><\/span><\/p>\n<p><span style=\"font-family: Calibri,serif;\">This policy applies to:<\/span><\/p>\n<ul>\n<li><span style=\"font-family: Calibri,serif;\">The head office of <\/span><span style=\"font-family: Calibri,serif;\">Quality Optical Services <\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">All branches of <\/span><span style=\"font-family: Calibri,serif;\">Quality Optical Services <\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">All staff and volunteers of <\/span><span style=\"font-family: Calibri,serif;\">Quality Optical Services <\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">All contractors, suppliers and other people working on behalf of <\/span><span style=\"font-family: Calibri,serif;\">Quality Optical Services <\/span><\/li>\n<\/ul>\n<p><span style=\"font-family: Calibri,serif;\">It applies to all data that the company holds relating to identifiable individuals, even if that information technically falls outside of the Data Protection Act 1998. This can include:<\/span><\/p>\n<ul>\n<li><span style=\"font-family: Calibri,serif;\">Names of individuals<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Postal addresses<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Email addresses<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Telephone numbers<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Plus any other information relating to individuals<\/span><\/li>\n<\/ul>\n<p><span style=\"font-size: x-large;\"><span style=\"font-family: Calibri,serif;\">Data protection risks<\/span><\/span><\/p>\n<p><span style=\"font-family: Calibri,serif;\">This policy helps to protect <\/span><span style=\"font-family: Calibri,serif;\">Quality Optical Services <\/span><span style=\"font-family: Calibri,serif;\"> from some very real data security risks, including:<\/span><\/p>\n<ul>\n<li><span style=\"font-family: Calibri,serif;\">Breaches of confidentiality.<\/span><span style=\"font-family: Calibri,serif;\"> For instance, information being given out inappropriately.<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Failing to offer choice.<\/span><span style=\"font-family: Calibri,serif;\"> For instance, all individuals should be free to choose how the company uses data relating to them.<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Reputational damage. <\/span><span style=\"font-family: Calibri,serif;\">For instance, the company could suffer if hackers successfully gained access to sensitive data.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-size: x-large;\"><span style=\"font-family: Calibri,serif;\">Responsibilities<\/span><\/span><\/p>\n<p><span style=\"font-family: Calibri,serif;\">Everyone who works for or with<\/span><u> <\/u><span style=\"font-family: Calibri,serif;\">Quality Optical Services <\/span><span style=\"font-family: Calibri,serif;\">has some responsibility for ensuring data is collected, stored and handled appropriately.<\/span><\/p>\n<p><span style=\"font-family: Calibri,serif;\">Each team that handles personal data must ensure that it is handled and processed in line with this policy and data protection principles. <\/span><\/p>\n<p><span style=\"font-family: Calibri,serif;\">However, these people have key areas of responsibility:<\/span><\/p>\n<ul>\n<li><span style=\"font-family: Calibri,serif;\">The <\/span><span style=\"font-family: Calibri,serif;\">partners are<\/span><span style=\"font-family: Calibri,serif;\"> ultimately responsible for ensuring that <\/span><span style=\"font-family: Calibri,serif;\">Quality Optical Services <\/span><span style=\"font-family: Calibri,serif;\">meets its legal obligations.<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">The <\/span><span style=\"font-family: Calibri,serif;\">Data Controller<\/span><span style=\"font-family: Calibri,serif;\">, <\/span><span style=\"font-family: Calibri,serif;\">Barbara Harbut<\/span><span style=\"font-family: Calibri,serif;\"><u>t<\/u><\/span><span style=\"font-family: Calibri,serif;\">,<\/span> <span style=\"font-family: Calibri,serif;\">is responsible for:<\/span>\n<ul>\n<li><span style=\"font-family: Calibri,serif;\">Keeping the <\/span><span style=\"font-family: Calibri,serif;\">management<\/span><span style=\"font-family: Calibri,serif;\"> updated about data protection responsibilities, risks and issues.<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Reviewing all data protection procedures and related policies, in line with an agreed schedule.<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Arranging data protection training and advice for the people covered by this policy.<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Handling data protection questions from staff and anyone else covered by this policy.<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Dealing with requests from individuals to see the data <\/span><span style=\"font-family: Calibri,serif;\">Quality Optical Services <\/span><span style=\"font-family: Calibri,serif;\">holds about them (also called \u2018subject access requests\u2019).<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Checking and approving any contracts or agreements with third parties that may handle the company\u2019s sensitive data.<\/span><\/li>\n<\/ul>\n<\/li>\n<li><span style=\"font-family: Calibri,serif;\">The <\/span><span style=\"font-family: Calibri,serif;\">IT manager<\/span><span style=\"font-family: Calibri,serif;\">, <\/span><span style=\"font-family: Calibri,serif;\">Steven Harbutt<\/span><span style=\"font-family: Calibri,serif;\">,<\/span> <span style=\"font-family: Calibri,serif;\">is responsible for:<\/span>\n<ul>\n<li><span style=\"font-family: Calibri,serif;\">Ensuring all systems, services and equipment used for storing data meet acceptable security standards.<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Performing regular checks and scans to ensure security hardware and software is functioning properly.<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Evaluating any third-party services the company is considering using to store or process data. For instance, cloud computing services.<\/span><\/li>\n<\/ul>\n<\/li>\n<li><span style=\"font-family: Calibri,serif;\">The <\/span><span style=\"font-family: Calibri,serif;\">marketing<\/span> <span style=\"font-family: Calibri,serif;\">manager<\/span><span style=\"font-family: Calibri,serif;\">, <\/span><span style=\"font-family: Calibri,serif;\">Steven Harbutt<\/span><span style=\"font-family: Calibri,serif;\">,<\/span><span style=\"font-family: Calibri,serif;\">,<\/span><span style=\"font-family: Calibri,serif;\"> is responsible for:<\/span>\n<ul>\n<li><span style=\"font-family: Calibri,serif;\">Approving any data protection statements attached to communications such as emails and letters.<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Addressing any data protection queries from journalists or media outlets like newspapers.<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Where necessary, working with other staff to ensure marketing initiatives abide by data protection principles.<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: x-large;\"><span style=\"font-family: Calibri,serif;\">General staff guidelines<\/span><\/span><\/p>\n<ul>\n<li><span style=\"font-family: Calibri,serif;\">The only people able to access data covered by this policy should be those who <\/span><span style=\"font-family: Calibri,serif;\">need it for their work<\/span><span style=\"font-family: Calibri,serif;\">.<\/span><\/li>\n<\/ul>\n<ul>\n<li><span style=\"font-family: Calibri,serif;\">Data <\/span><span style=\"font-family: Calibri,serif;\">should not be shared informally.<\/span><span style=\"font-family: Calibri,serif;\"> When access to confidential information is required, employees can request it from their line managers.<\/span><\/li>\n<\/ul>\n<ul>\n<li><span style=\"font-family: Calibri,serif;\">Quality Optical Services<\/span> <span style=\"font-family: Calibri,serif;\">will provide training <\/span><span style=\"font-family: Calibri,serif;\">to all employees to help them understand their responsibilities when handling data.<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Employees should keep all data secure, by taking sensible precautions and following the guidelines below.<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">In particular, <\/span><span style=\"font-family: Calibri,serif;\">strong passwords must be used<\/span><span style=\"font-family: Calibri,serif;\"> and they should never be shared.<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Personal data <\/span><span style=\"font-family: Calibri,serif;\">should not be disclosed<\/span> <span style=\"font-family: Calibri,serif;\">to unauthorised people, either within the company or externally.<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Data should be<\/span><span style=\"font-family: Calibri,serif;\"> regularly reviewed and updated<\/span> <span style=\"font-family: Calibri,serif;\">if it is found to be out of date. If no longer required, it should be deleted and disposed of.<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Employees<\/span><span style=\"font-family: Calibri,serif;\"> should request help<\/span> <span style=\"font-family: Calibri,serif;\">from their line manager or the data protection officer if they are unsure about any aspect of data protection. <\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: x-large;\"><span style=\"font-family: Calibri,serif;\">Data storage<\/span><\/span><\/p>\n<p><span style=\"font-family: Calibri,serif;\">These rules describe how and where data should be safely stored. Questions about storing data safely can be directed to the IT manager or data controller.<\/span><\/p>\n<p><span style=\"font-family: Calibri,serif;\">When data is <\/span><span style=\"font-family: Calibri,serif;\">stored on paper,<\/span><span style=\"font-family: Calibri,serif;\"> it should be kept in a secure place where unauthorised people cannot see it.<\/span><\/p>\n<p><span style=\"font-family: Calibri,serif;\">These guidelines also apply to data that is usually stored electronically but has been printed out for some reason:<\/span><\/p>\n<ul>\n<li><span style=\"font-family: Calibri,serif;\">When not required, the paper or files should be kept <\/span><span style=\"font-family: Calibri,serif;\">in a locked drawer or filing cabinet.<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Employees should make sure paper and printouts are<\/span><span style=\"font-family: Calibri,serif;\"> not left where unauthorised people could see them, <\/span><span style=\"font-family: Calibri,serif;\">like on a printer.<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Data printouts should be shredded<\/span> <span style=\"font-family: Calibri,serif;\">and disposed of securely when no longer required.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-family: Calibri,serif;\">When data is <\/span><span style=\"font-family: Calibri,serif;\">stored electronically,<\/span><span style=\"font-family: Calibri,serif;\"> it must be protected from unauthorised access, accidental deletion and malicious hacking attempts:<\/span><\/p>\n<ul>\n<li><span style=\"font-family: Calibri,serif;\">Data should be <\/span><span style=\"font-family: Calibri,serif;\">protected by strong passwords<\/span><span style=\"font-family: Calibri,serif;\"> that are changed regularly and never shared between employees.<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">If data is <\/span><span style=\"font-family: Calibri,serif;\">stored on removable media<\/span> <span style=\"font-family: Calibri,serif;\">(like a CD or DVD), these should be kept locked away securely when not being used.<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Data should only be stored on <\/span><span style=\"font-family: Calibri,serif;\">designated drives and servers,<\/span><span style=\"font-family: Calibri,serif;\"> and should only be uploaded to an <\/span><span style=\"font-family: Calibri,serif;\">approved cloud computing services.<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Servers containing personal data should be <\/span><span style=\"font-family: Calibri,serif;\">sited in a secure location,<\/span><span style=\"font-family: Calibri,serif;\"> away from general office space.<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Data should be <\/span><span style=\"font-family: Calibri,serif;\">backed up frequently.<\/span><span style=\"font-family: Calibri,serif;\"> Those backups should be tested regularly, in line with the company\u2019s standard backup procedures.<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Data should <\/span><span style=\"font-family: Calibri,serif;\">never be saved directly<\/span> <span style=\"font-family: Calibri,serif;\">to laptops or other mobile devices like tablets or smart phones.<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">All servers and computers containing data should be protected by <\/span><span style=\"font-family: Calibri,serif;\">approved security software and a firewall.<\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: x-large;\"><span style=\"font-family: Calibri,serif;\">Data use<\/span><\/span><\/p>\n<p><span style=\"font-family: Calibri,serif;\">Personal data is of no value to <\/span><span style=\"font-family: Calibri,serif;\">Quality Optical Services<\/span> <span style=\"font-family: Calibri,serif;\">unless the business can make use of it. However, it is when personal data is accessed and used that it can be at the greatest risk of loss, corruption or theft:<\/span><\/p>\n<ul>\n<li><span style=\"font-family: Calibri,serif;\">When working with personal data, employees should ensure <\/span><span style=\"font-family: Calibri,serif;\">the screens of their computers are always locked<\/span> <span style=\"font-family: Calibri,serif;\">when left unattended.<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Personal data <\/span><span style=\"font-family: Calibri,serif;\">should not be shared informally.<\/span><span style=\"font-family: Calibri,serif;\"> In particular, it should never be sent by email, as this form of communication is not secure.<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Data must be <\/span><span style=\"font-family: Calibri,serif;\">encrypted before being transferred electronically.<\/span><span style=\"font-family: Calibri,serif;\"> The IT manager can explain how to send data to authorised external contacts.<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Personal data should <\/span><span style=\"font-family: Calibri,serif;\">never be transferred outside of the European Economic Area.<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Employees <\/span><span style=\"font-family: Calibri,serif;\">should not save copies of personal data to their own computers.<\/span> <span style=\"font-family: Calibri,serif;\">Always access and update the central copy of any data.<\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: x-large;\"><span style=\"font-family: Calibri,serif;\">Data accuracy<\/span><\/span><\/p>\n<p><span style=\"font-family: Calibri,serif;\">The law requires <\/span><span style=\"font-family: Calibri,serif;\">Quality Optical Services<\/span><span style=\"font-family: Calibri,serif;\"> to take reasonable steps to ensure data is <\/span><span style=\"font-family: Calibri,serif;\">kept accurate and up to date.<\/span><\/p>\n<p><span style=\"font-family: Calibri,serif;\">The more important it is that the personal data is accurate, the greater the effort <\/span><span style=\"font-family: Calibri,serif;\">Quality Optical Services<\/span><span style=\"font-family: Calibri,serif;\"> should put<\/span><span style=\"font-family: Calibri,serif;\"> into ensuring its accuracy.<\/span><\/p>\n<p><span style=\"font-family: Calibri,serif;\">It is the responsibility of all employees who work with data to take reasonable steps to ensure it is kept as accurate and up to date as possible. <\/span><\/p>\n<ul>\n<li><span style=\"font-family: Calibri,serif;\">Data will be held in <\/span><span style=\"font-family: Calibri,serif;\">as few places as necessary. <\/span><span style=\"font-family: Calibri,serif;\">Staff should not create any unnecessary additional data sets.<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Staff should <\/span><span style=\"font-family: Calibri,serif;\">take every opportunity to ensure data is updated.<\/span><span style=\"font-family: Calibri,serif;\"> For instance, by confirming a customer\u2019s details when they call.<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Quality Optical Services<\/span><span style=\"font-family: Calibri,serif;\"> will make i<\/span><span style=\"font-family: Calibri,serif;\">t <\/span><span style=\"font-family: Calibri,serif;\">easy for data subjects to update the information<\/span> <span style=\"font-family: Calibri,serif;\">Quality Optical Services<\/span><span style=\"font-family: Calibri,serif;\"> holds<\/span><span style=\"font-family: Calibri,serif;\"> about them. For instance, via the company website.<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">Data should be <\/span><span style=\"font-family: Calibri,serif;\">updated as inaccuracies are discovered.<\/span><span style=\"font-family: Calibri,serif;\"> For instance, if a customer can no longer be reached on their stored telephone number, it should be removed from the database.<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">It is the marketing manager\u2019s responsibility to ensure<\/span> <span style=\"font-family: Calibri,serif;\">marketing databases are checked against industry suppression files<\/span> <span style=\"font-family: Calibri,serif;\">every six months.<\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: x-large;\"><span style=\"font-family: Calibri,serif;\">Subject access requests<\/span><\/span><\/p>\n<p><span style=\"font-family: Calibri,serif;\"><span lang=\"en-US\">All individuals who are the subject of personal data held by <\/span><\/span><span style=\"font-family: Calibri,serif;\"><span lang=\"en-US\">Quality Optical Services<\/span><\/span> <span style=\"font-family: Calibri,serif;\"><span lang=\"en-US\">are entitled to:<\/span><\/span><\/p>\n<ul>\n<li><span style=\"font-family: Calibri,serif;\"><span lang=\"en-US\">Ask <\/span><\/span><span style=\"font-family: Calibri,serif;\"><span lang=\"en-US\">what information<\/span><\/span><span style=\"font-family: Calibri,serif;\"><span lang=\"en-US\"> the company holds about them and why.<\/span><\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\"><span lang=\"en-US\">Ask <\/span><\/span><span style=\"font-family: Calibri,serif;\"><span lang=\"en-US\">how to gain access<\/span><\/span><span style=\"font-family: Calibri,serif;\"><span lang=\"en-US\"> to it.<\/span><\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\"><span lang=\"en-US\">Be informed <\/span><\/span><span style=\"font-family: Calibri,serif;\"><span lang=\"en-US\">how to keep it up to date. <\/span><\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\"><span lang=\"en-US\">Be informed how the company is meeting its data protection obligations.<\/span><\/span><\/li>\n<\/ul>\n<p><span style=\"font-family: Calibri,serif;\">If an individual contacts the company requesting this information, this is called a subject access request. <\/span><\/p>\n<p><span style=\"font-family: Calibri,serif;\">Subject access requests from individuals should be made by email, addressed to the data controller at steve@fifu.co.uk. The data controller can supply a standard request form, although individuals do not have to use this.<\/span><\/p>\n<p><span style=\"font-family: Calibri,serif;\">The data controller will always verify the identity of anyone making a subject access request before handing over any information.<\/span><\/p>\n<p><span style=\"font-size: x-large;\"><span style=\"font-family: Calibri,serif;\">Disclosing data for other reasons<\/span><\/span><\/p>\n<p><span style=\"font-family: Calibri,serif;\">In certain circumstances, the Data Protection Act allows personal data to be disclosed to law enforcement agencies without the consent of the data subject.<\/span><\/p>\n<p><span style=\"font-family: Calibri,serif;\">Under these circumstances, <\/span><span style=\"font-family: Calibri,serif;\">Quality Optical Services<\/span><span style=\"font-family: Calibri,serif;\"> will disclose requested data.<\/span><span style=\"font-family: Calibri,serif;\"> However, the data controller will ensure the request is legitimate, seeking assistance from the board and from the company\u2019s legal advisers where necessary.<\/span><\/p>\n<p><span style=\"font-size: x-large;\"><span style=\"font-family: Calibri,serif;\">Providing information<\/span><\/span><\/p>\n<p><span style=\"font-family: Calibri,serif;\">Quality Optical Services<\/span><span style=\"font-family: Calibri,serif;\"> aims to ensure <\/span><span style=\"font-family: Calibri,serif;\">that individuals are aware that their data is being processed, and that they understand:<\/span><\/p>\n<ul>\n<li><span style=\"font-family: Calibri,serif;\">How the data is being used<\/span><\/li>\n<li><span style=\"font-family: Calibri,serif;\">How to exercise their rights <\/span><\/li>\n<\/ul>\n<p><span style=\"font-family: Calibri,serif;\">To these ends, the company has a privacy statement, setting out how data relating to individuals is used by the company.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>GDPR Data protection policy Context and overview Key details Policy prepared by:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Steven Harbutt Approved by board \/ management on:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 11\/05\/2018 Policy became operational on:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 25\/05\/2018 Next review date:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 25\/05\/2019 Introduction Quality Optical Services needs to gather and use certain information about individuals. These can include customers, suppliers, business contacts, employees and other &hellip; <a href=\"http:\/\/www.qualityopticalservices.co.uk\/?page_id=122\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;GDPR Compliance&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":[],"_links":{"self":[{"href":"http:\/\/www.qualityopticalservices.co.uk\/index.php?rest_route=\/wp\/v2\/pages\/122"}],"collection":[{"href":"http:\/\/www.qualityopticalservices.co.uk\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"http:\/\/www.qualityopticalservices.co.uk\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"http:\/\/www.qualityopticalservices.co.uk\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.qualityopticalservices.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=122"}],"version-history":[{"count":4,"href":"http:\/\/www.qualityopticalservices.co.uk\/index.php?rest_route=\/wp\/v2\/pages\/122\/revisions"}],"predecessor-version":[{"id":127,"href":"http:\/\/www.qualityopticalservices.co.uk\/index.php?rest_route=\/wp\/v2\/pages\/122\/revisions\/127"}],"wp:attachment":[{"href":"http:\/\/www.qualityopticalservices.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=122"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}