Data Protection Policy
adaptiVLE Ltd recognises the importance of protecting personal information of our customers, suppliers, employees, and other stakeholders. We are committed to complying with the requirements of the Data Protection Act 2018 and the General Data Protection Regulation (GDPR) in the processing of personal data.
This policy applies to all personal data that we process, regardless of the format or location of the data. It applies to all employees, contractors, and other third-party processors who have access to personal data in the course of their work for adaptiVLE Ltd.
adaptiVLE Ltd has appointed a Data Protection Officer (DPO) who is responsible for ensuring that we comply with data protection legislation. The DPO's contact details are provided at the end of this policy.
All employees, contractors, and other third-party processors who handle personal data are responsible for ensuring that they comply with this policy and relevant data protection legislation.
Data Protection Principles
We will process personal data in accordance with the following data protection principles:
Lawfulness, fairness and transparency: We will process personal data lawfully, fairly, and in a transparent manner.
Purpose limitation: We will only process personal data for specified, explicit, and legitimate purposes.
Data minimisation: We will only process personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
Accuracy: We will take reasonable steps to ensure that personal data is accurate and kept up-to-date.
Storage limitation: We will only store personal data for as long as necessary for the purposes for which it was collected.
Integrity and confidentiality: We will process personal data in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.
Data Subject Rights
We will respect the rights of data subjects in accordance with the Data Protection Act 2018 and GDPR. Data subjects have the right to:
Access their personal data
Rectify their personal data
Erase their personal data
Restrict the processing of their personal data
Object to processing of their personal data
Object to automated decision-making and profiling
We will respond to data subject requests within one month of receipt of the request. We may extend this period by a further two months where necessary, taking into account the complexity and number of requests.
We will take appropriate technical and organisational measures to protect personal data from unauthorised or unlawful processing, and from accidental loss, destruction, or damage.
We will ensure that all employees, contractors, and other third-party processors who have access to personal data are aware of their obligations under data protection legislation.
We will implement procedures for regularly testing, assessing, and evaluating the effectiveness of technical and organisational measures for ensuring the security of processing.
In the event of a personal data breach, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals.
If the breach is likely to result in a high risk to the rights and freedoms of individuals, we will also notify the affected individuals without undue delay.
Data Protection Officer
Our Data Protection Officer (DPO) is responsible for monitoring our compliance with data protection legislation, providing advice and guidance on data protection matters, and acting as a point of contact for data subjects and the ICO.
Contact details for our DPO are as follows:
Name: Lewis Carr
This policy will be reviewed annually, or more frequently if required.