{"id":397,"date":"2023-09-20T18:27:36","date_gmt":"2023-09-20T18:27:36","guid":{"rendered":"https:\/\/lionpresentation.co.uk\/?page_id=397"},"modified":"2023-09-20T18:28:32","modified_gmt":"2023-09-20T18:28:32","slug":"gdpr-data-protection-policy","status":"publish","type":"page","link":"https:\/\/lionpresentation.co.uk\/gdpr-data-protection-policy\/","title":{"rendered":"GDPR Data Protection Policy"},"content":{"rendered":"\r\n

Data Protection Policy<\/strong><\/p>\r\n

Introduction<\/strong><\/p>\r\n

At Lion Presentation & Packaging Ltd, here after shown as\u00a0Lion Presentation in this Policy; we collect and process information about individuals i.e. \u2018personal data\u2019 for business purposes, including employment and HR administration, provision of our services, marketing, and business administration. This includes personal data relating to our staff, customers, suppliers and other third parties.<\/p>\r\n

Compliance with data protection law is essential to ensure that personal data remains safe, our business operations are secure and the rights of individuals are respected.\u00a0Lion Presentation & Packaging Ltd is a controller under data protection law, meaning it decides how and why it uses personal data. This Policy explains our procedures for complying with data protection law in relation to personal data. It also sets out your obligations whenever you are processing any personal data in the course of your employment.<\/p>\r\n

If you routinely handle individuals\u2019 personal data, you will be given specific training\/instructions regarding data protection procedures in relation to your particular role\/department. These training\/instructions will supplement your obligations as set out in this Policy.<\/p>\r\n

There will also be other policies which will impact on how you deal with personal data and data protection. The main ones are our Security Policy, Data Retention Policy, Email Policy and Social Media Policy and we expect you to comply with these where relevant.<\/p>\r\n

This Policy does not give contractual rights to any Employees. It may be updated at any time.<\/p>\r\n

 <\/p>\r\n

Who does this Policy apply to<\/strong><\/p>\r\n

This Policy applies to all\u00a0Lion Presentation employees, workers, contractors, agency workers, consultants, interns, volunteers, partners and directors, together referred to as \u2018Employees\u2019 or \u2018you\u2019.<\/p>\r\n

Who is responsible for data protection at\u00a0Lion Presentation<\/strong><\/p>\r\n

The Board is ultimately responsible for Lion Presentation\u2019s compliance with applicable data protection law.\u00a0Lion Presentation has appointed a Data Protection Lead who is responsible for overseeing advising\u00a0Lion Presentation on and administering compliance with this Policy and data protection law; further supported by Departmental Heads as GDPR Champions.<\/em><\/p>\r\n

All Employees at\u00a0Lion Presentation have some responsibility for ensuring that personal data is kept secure and processed in a lawful manner although certain Employees will have particular responsibilities, of which they will be aware and in respect of which they may receive specific instructions.<\/p>\r\n

If you are in any doubt about how you should handle personal data, or if you have any concerns or questions in relation to the operation or suspected breaches of this Policy, you should seek advice from the Data Protection Lead or your department GDPR Champion.<\/p>\r\n

Why is data protection compliance important<\/strong><\/p>\r\n

Data protection law in the UK is regulated and enforced by the Information Commissioner\u2019s Office (ICO). Failure to comply with data protection law may expose\u00a0Lion Presentation and, in some cases, individual Employees to serious legal liabilities. These can include criminal offences and fines of up to EUR20 million (approximately \u00a318 million) or 4% of total worldwide annual turnover, whichever is higher. In addition, an individual may seek damages from us in the courts if we breach their rights under data protection law. Breaches of data protection law can also lead to serious damage to our brand and reputation.<\/p>\r\n

In addition to the legal liabilities, failure to comply with your obligations under this Policy could lead to disciplinary action and, in serious cases it could result in the termination of your employment.<\/p>\r\n

What is personal data<\/strong><\/p>\r\n

Personal data means any information relating to any living individual also known as a \u2018data subject\u2019 who can be identified directly or indirectly in particular by reference to an identifier e.g. name, NI number, employee number, email address, physical features. Relevant individuals can include your colleagues, consumers, members of the public, business contacts, etc. Personal data can be factual e.g. contact details or date of birth, an opinion about a person\u2019s actions or behaviour, or information that may otherwise impact on that individual. It can be personal or business related.<\/p>\r\n

Personal data may be automated e.g. electronic records such as computer files or in emails or in manual records which are part of a filing system or are intended to form part of a filing system e.g. structured paper files and archives.<\/p>\r\n

What does \u2018processing\u2019 personal data mean<\/p>\r\n

\u2018Processing\u2019 personal data means any activity that involves the use of personal data e.g. obtaining, recording or holding the data, amending, retrieving, using, disclosing, sharing, erasing or destroying. It also includes sending or transferring personal data to third parties.<\/p>\r\n

Data Protection Obligations<\/strong><\/p>\r\n

Lion Presentation\u00a0is responsible for and must be able to demonstrate compliance with data protection law. To ensure that\u00a0Lion Presentation meets its responsibilities, it is essential that its Employees comply with data protection law and any other\u00a0Lion Presentation policies, guidelines or instructions relating to personal data when processing personal data in the course of their employment.<\/p>\r\n

We have set out below the key obligations under data protection law and details of how\u00a0Lion Presentation expects Employees to comply with these requirements.<\/p>\r\n

    \r\n
  1. Process personal data in a fair, lawful and transparent manner<\/strong><\/li>\r\n<\/ol>\r\n

    Legal grounds for processing<\/strong><\/p>\r\n

    Data protection law allows us to process personal data only where there are fair and legal grounds which justify using the information.<\/p>\r\n

    Examples of legal grounds for processing personal data include the following; at least one of these must be satisfied for each processing activity:<\/p>\r\n

      \r\n
    • Complying with a legal obligation e.g. health and safety or tax laws;<\/li>\r\n
    • Entering into or performing a contract with the individual e.g. an Employee\u2019s terms and conditions of employment, or a contract for services with an individual customer;<\/li>\r\n
    • Acting in\u00a0Lion Presentation or a third party\u2019s legitimate interests e.g. maintaining records of business activities, monitoring business productivity; and<\/li>\r\n
    • Obtaining the consent of the individual e.g. for sending direct marketing communications.<\/li>\r\n<\/ul>\r\n

      Where consent is relied upon, it must be freely given, specific, informed and unambiguous, and\u00a0Lion Presentation must effectively demonstrate that consent has been given.<\/p>\r\n

      In line with ICO guidance regarding the employer\/Employee relationship,\u00a0Lion Presentation does\u00a0not<\/strong>\u00a0use consent as a legal ground for processing Employee data unless the data processing activities concerned are genuinely optional.<\/p>\r\n

      In most cases, consent is also not required for other standard business activities involving use of customer or supplier data, but it may be needed for activities which are not required to manage the main business relationship, such as direct marketing activities.<\/p>\r\n

      Transparency<\/strong><\/p>\r\n

      Data protection law also requires us to process personal data in a transparent manner by providing individuals with appropriate, clear and concise information about how we process their personal data.<\/p>\r\n

      We usually provide individuals with basic information about how we use their data on forms which collect data such as application forms or website forms, and in longer privacy notices setting out details including: the types of personal data that we hold about them, how we use it, our legal grounds for processing the information, who we might share it with and how long we keep it for. For example, we provide information about our processing of Employees\u2019 personal data in the\u00a0Lion Presentation Employee Privacy Notice.<\/p>\r\n

      We supplement these notices, where appropriate, with reminders or additional information at the time particular processing activities take place or become relevant for an individual for example when they sign up for a new service or event.<\/p>\r\n

       <\/p>\r\n

      What you need to do:<\/strong><\/p>\r\n

       <\/p>\r\n

      By processing personal data only in accordance with your lawful job duties and\u00a0Lion Presentation instructions, ordinarily, you will be processing personal data fairly and lawfully.<\/p>\r\n

       <\/p>\r\n

      The standard privacy notices and statements that we issue, for example, to Employees, customers and the public, should normally be sufficient to ensure that individuals have appropriate information about how you are handling their personal data in the course of your employment. However, you should consider whether reminders or additional information may be appropriate at the time particular processing activities take place. This is particularly important if you think that individuals may need further assistance to understand clearly how their data will be used as part of such activities.<\/p>\r\n

       <\/p>\r\n

      Any new forms which collect personal data and any proposed consent wording must be approved in advance by the Data Protection Lead.<\/p>\r\n

       <\/p>\r\n

      If you have any concerns about the legal grounds for processing personal data or if you are unsure whether individuals have been provided with appropriate information in particular in relation to any new processing activities, please check with the Data Protection Lead or your GDPR Departmental Champion.<\/p>\r\n

       <\/p>\r\n

        \r\n
      1. Take extra care when handling sensitive or special categories of personal data<\/strong><\/li>\r\n<\/ol>\r\n

         <\/p>\r\n

        Some categories of personal data are \u2018special\u2019 because they are particularly sensitive. These include information that reveals details of an individual\u2019s:<\/p>\r\n

         <\/p>\r\n

          \r\n
        • racial or ethnic origin;<\/li>\r\n
        • political opinions;<\/li>\r\n
        • religious or philosophical beliefs;<\/li>\r\n
        • trade union membership;<\/li>\r\n
        • physical or mental health;<\/li>\r\n
        • sexual life or sexual orientation;<\/li>\r\n
        • biometric or genetic data (if used to identify that individual); and<\/li>\r\n
        • criminal offences or convictions.<\/li>\r\n<\/ul>\r\n

           <\/p>\r\n

          Where special category personal data is concerned, data protection law requires us to have as well as one of the legal grounds described in section 1, an additional legal ground to justify using this sensitive information. The appropriate legal ground will depend on the circumstances.<\/p>\r\n

           <\/p>\r\n

          Additional legal grounds for processing special category data include the following. Those marked with an asterisk (*) would be particularly relevant to processing Employees\u2019 special category personal data:<\/p>\r\n

           <\/p>\r\n

            \r\n
          • Complying with a legal obligation\/exercising a legal right in the field of employment*;<\/li>\r\n
          • Assessing working capacity based on expert medical opinion, and subject to obligations of confidentiality*;<\/li>\r\n
          • Carrying out equalities monitoring in relation to racial or ethnic origin, religious beliefs, health or sexual orientation*;<\/li>\r\n
          • Exercising, establishing or defending legal claims*;<\/li>\r\n
          • Preventing or detecting unlawful acts; or<\/li>\r\n
          • Explicit consent of the individual. As well as the requirements for consent outlined in section 1 above, this requires an express statement from the individual that their special category of data may be used for the intended purposes.<\/li>\r\n<\/ul>\r\n

             <\/p>\r\n

            What you need to do:<\/strong><\/p>\r\n

            \u00a0<\/em><\/p>\r\n

            If you are handling special category personal data in the course of your employment, you need to take extra care regarding compliance with data protection law. In particular, try to ensure that:<\/p>\r\n

             <\/p>\r\n

              \r\n
            • Any processing activities are strictly in accordance with your lawful job duties and Advance instructions;<\/li>\r\n
            • There are appropriate legal grounds for processing the data both basic grounds under section 1 and additional grounds under this section 2 which have been assessed for your specific activities;<\/li>\r\n
            • Individuals have received adequate information regarding how their data is being handled. In some cases an existing privacy notice may need to be supplemented with more specific information regarding special category data e.g. when\u00a0Lion Presentation is managing sickness absence and\/or making adjustments to job duties for Employees with disabilities or serious illness, we may provide additional ad hoc privacy notices to supplement the Employee Privacy Notice;<\/li>\r\n
            • You apply additional security and confidentiality measures, taking into account that the impact on individuals of loss or misuse of their special category data may be greater than with other types of data. See also section 7 below; and<\/li>\r\n
            • If you are relying on consent as a legal ground for processing, you obtain\u00a0Lion Presentation approval of any consent wording from the Data Protection Lead.<\/li>\r\n<\/ul>\r\n

               <\/p>\r\n

              If you are routinely handling special category data as part of the requirements of your role and job duties,\u00a0Lion Presentation will ordinarily have put in place procedures which ensure that your processing activities satisfy the requirements above.<\/p>\r\n

               <\/p>\r\n

              However, if alternative circumstances apply e.g. you are involved in a new project or updating an existing system which involves new types of processing of special category data, please contact the Data Protection Lead or your GDPR Departmental Champion to ensure that the correct compliance procedures are followed.<\/p>\r\n

               <\/p>\r\n

              Similarly, if you have any concerns over the legal grounds that apply when you are processing special category data or the appropriate information to be provided to individuals, please get in touch with the Data Protection Lead or your GDPR Departmental Champion.<\/p>\r\n

               <\/p>\r\n

                \r\n
              1. Only process personal data for specified, explicit and legitimate purposes<\/strong><\/li>\r\n<\/ol>\r\n

                 <\/p>\r\n

                Lion Presentation\u00a0will only process personal data in accordance with our legitimate purposes to carry out our business operations and to administer employment and other business relationships.<\/p>\r\n

                 <\/p>\r\n

                What you need to do:<\/strong><\/p>\r\n

                \u00a0<\/em><\/p>\r\n

                You must only use the personal data that you process in the course of your duties for\u00a0Lion Presentation legitimate and authorised purposes. You must not process personal data for any purposes which are unrelated to your job duties.<\/p>\r\n

                 <\/p>\r\n

                Processing personal data for any incompatible or unauthorised purposes could result in a breach of data protection law e.g. using the company contacts database to find out a colleague\u2019s home address for private, non-work related purposes. This may have potentially damaging consequences for all parties concerned, including disciplinary action.<\/p>\r\n

                 <\/p>\r\n

                If you find that you need to process personal data for a different purpose from that for which it was originally collected, you must check whether the individuals have been informed and, if not, consider whether the additional purpose is legitimate in the context of Lion Presentation\u2019s business activities and compatible with the original purpose.<\/p>\r\n

                 <\/p>\r\n

                If you are unsure about whether the purposes for processing are legitimate, you should contact the Data Protection Lead or your GDPR Departmental Champion before going ahead with processing the data for the additional purpose.<\/p>\r\n

                 <\/p>\r\n

                 <\/p>\r\n

                 <\/p>\r\n

                  \r\n
                1. Make sure that personal data is adequate, relevant and limited to what is necessary for your legitimate purposes<\/strong><\/li>\r\n<\/ol>\r\n

                  \u00a0<\/strong><\/p>\r\n

                  Data protection law requires us to ensure that, when we process personal data, it is adequate, relevant to our purposes and limited to what is necessary for those purposes also known as \u2018data minimisation\u2019. \u00a0In other words, we ask for the information we need for our legitimate business purposes, but we won\u2019t ask for more information than we need in order to carry out our business operations.<\/p>\r\n

                   <\/p>\r\n

                  What you need to do:<\/strong><\/p>\r\n

                   <\/p>\r\n

                  You should try to ensure that you only acquire and process the personal data that you actually need for Lion Presentation\u2019s legitimate and authorised purposes within the scope of your role.<\/p>\r\n

                   <\/p>\r\n

                  You must ensure that you have sufficient personal data needed to be able to use it fairly and to take into account all relevant details.<\/p>\r\n

                   <\/p>\r\n

                  If you are creating forms that collect personal data, you should be able to justify why each specific category of data is being requested.<\/p>\r\n

                   <\/p>\r\n

                  You must also comply with Lion Presentation\u2019s instructions about data retention and storage, ensuring that personal data is only kept for as long as it is needed for any intended purpose.<\/p>\r\n

                   <\/p>\r\n

                    \r\n
                  1. Keep personal data accurate and where necessary up-to-date<\/strong><\/li>\r\n<\/ol>\r\n

                     <\/p>\r\n

                    Lion Presentation\u00a0must take steps to ensure that personal data is accurate and where necessary kept up-to-date. For example, we request that Employees provide us with any change in contact details or personal information via ADP Self Service HR portal. We also take care that decisions impacting individuals are based on accurate and up-to-date information.<\/p>\r\n

                     <\/p>\r\n

                    What you need to do:<\/strong><\/p>\r\n

                     <\/p>\r\n

                    When you process individuals\u2019 personal data in the course of your employment, you must make reasonable efforts to be accurate and, where necessary, keep the relevant information updated.<\/p>\r\n

                     <\/p>\r\n

                    When collecting any personal data, try to confirm its accuracy at the outset. If you subsequently discover any inaccuracies in the personal data that you are handling, these need to be corrected or deleted without delay.<\/p>\r\n

                     <\/p>\r\n

                    Personal data should be held in as few places as possible to avoid the risk that duplicate copies are not updated and become out of sync. You should not create additional copies of personal data, but should work from and update a single central copy where possible in accordance with standard\u00a0Lion Presentation procedures on retention and storage of records.<\/p>\r\n

                     <\/p>\r\n

                      \r\n
                    1. Keep personal data for no longer than is necessary for the identified purposes<\/strong><\/li>\r\n<\/ol>\r\n

                       <\/p>\r\n

                      Records containing personal data should only be kept for as long as they are needed for the identified purposes.\u00a0Lion Presentation has in place data retention, storage and deletion policies and internal processes\/guidelines regarding various types of company records and information that contain personal data.<\/p>\r\n

                       <\/p>\r\n

                      We take appropriate steps to retain personal data only for so long as is necessary, taking into account the following criteria:<\/p>\r\n

                        \r\n
                      • The amount, nature, and sensitivity of the personal data;<\/li>\r\n
                      • The risk of harm from unauthorised use or disclosure;<\/li>\r\n
                      • The purposes for which we process the personal data and how long we need the particular data to achieve these purposes;<\/li>\r\n
                      • How long the personal data is likely to remain accurate and up-to-date;<\/li>\r\n
                      • For how long the personal data might be relevant to possible future legal claims; and<\/li>\r\n
                      • Any applicable legal, accounting, reporting or regulatory requirements that specify how long certain records must be kept.<\/li>\r\n<\/ul>\r\n

                         <\/p>\r\n

                        What you need to do:<\/strong><\/p>\r\n

                         <\/p>\r\n

                        Please familiarise yourself with our retention policies, processes, guidelines and instructions that are relevant to your job. Ensure that, where it falls within your responsibility, you destroy or erase all information that you no longer require in accordance with these.<\/p>\r\n

                         <\/p>\r\n

                        If you are not sure what retention guidelines\/instructions apply to you in your role, or you are unsure of how to apply them to a particular type or item of personal data, please contact the Data Protection Lead or your GDPR Departmental Champion.<\/p>\r\n

                         <\/p>\r\n

                          \r\n
                        1. Take appropriate steps to keep personal data secure<\/strong><\/li>\r\n<\/ol>\r\n

                          \u00a0<\/em><\/p>\r\n

                          Keeping personal data safe and complying with Lion Presentation\u2019s security procedures to protect the confidentiality, integrity, availability and resilience of personal data is a key responsibility for\u00a0Lion Presentation and its workforce.<\/p>\r\n

                           <\/p>\r\n

                          Lion Presentation\u00a0has an Security Policy, which sets out its organisational and technical security measures to protect information, including personal data in relation to physical, technological and organisational controls, e.g. locked filing cabinets, building security, information subject to access controls and passwords, reliability checks on\/confidentiality obligations of Employees, encryption of hardware or software, pseudonymisation, anti-virus and network protection, software updates, security testing and incident management, secure disposal of records and equipment, backup and disaster recovery, remote working procedures, protocols on use of technology and data storage, asset registers.<\/p>\r\n

                           <\/p>\r\n

                          Lion Presentation\u00a0also has a Email and Social Media Policy\u2019s setting out protocols for Employees on use of technology and communications systems, which also help to ensure appropriate security of personal data stored or communicated using such systems.<\/p>\r\n

                           <\/p>\r\n

                          We regularly evaluate and test the effectiveness of these measures to ensure the security of our personal data processing activities as set out in our Security Policy as carried out by our Compliance Team.<\/p>\r\n

                           <\/p>\r\n

                          What you need to do:<\/strong><\/p>\r\n

                           <\/p>\r\n

                          To assist\u00a0Lion Presentation in maintaining data security and protecting the confidentiality and integrity of the personal data you handle in course of your employment, we require you to comply with this Policy, our Security Policy and Email and Social Media Policy and any\u00a0Lion Presentation instructions regarding the processing and security of personal data.<\/p>\r\n

                          In particular, we require you to although this list is not exhaustive<\/p>\r\n

                           <\/p>\r\n