| C&V Data Management Services Ltd collects and securely stores personal information provided by its clients and employees. |
We ensure that the collected information is not released to other organisations or companies without your prior consent. |
| C&V Data Management Services Ltd uses such information in the following ways: |
 |
To contact our clients in the event of a query arising from a transaction |
|
To use such information as market and client research data, that is not personally identifiable, to help us improve our products and services |
|
To communicate with you information related to our products or services |
|
| We do not verify personal information. How accurate our records of your personal details are depends on the information that you provide us with. C&V cannot be held responsible for errors or problems that arise as a result of inaccurate information provided by you. |
| The Data Controller for C&V Data Management Services Ltd is Mr C L Hibbard who can be contacted at the address provided on our ‘Contacts’ page. |
| If you have any comments on our privacy policy, please e-mail us via the contacts page. |
|
What are your responsibilities under the Data Protection Act? |
| Data Protection Act |
In 1984 the Data Protection Act came into force to protect individuals with regard to the way personal computer data is collected, stored and disclosed. The new Data Protection Act which came into force on 1st March 2000 has extended the act to cover Personal Data held in manual and paper systems. The Act concerns the:
“protection of individuals with regard to the processing of personal data and on the free movement of such data”.
|
| Personal Data is any data which relates to a living individual who can be identified by the data. It includes information such as home address, status, salary, race, politics, religion, health, offences etc. |
| When storing Hardcopy Records, whether in-house or off-site the following must be considered if the boxes or files contain personal data: |
| Purpose Specific |
| DPA Requirement: |
The personal data must be obtained only for one or more specified purposes and not further processed in a manner incompatible with the purpose originally specified. |
| Meeting the Requirement: |
When the personal data is archived it should be clear what the data was collected for and access should be restricted to reduce the risk of misuse. |
|
| Defined Duration |
| DPA Requirement: |
Data must not be kept longer than necessary hence deletion and destruction policies are required to manage the lifecycle of the personal data. |
| Meeting the Requirement: |
A retention schedule which includes personal data will reduce the risks to the company and also enable the company to request confidential destruction of the data. |
|
| Security |
| DPA Requirement: |
“Appropriate security measures shall be taken against unauthorised access to, or alteration, disclosure of personal data and against accidental loss or destruction of personal data”. |
| Meeting the Requirement: |
Access will need to be limited both in terms of potential physical access to the box/file (by employees or contractors) and in terms of ordering the item from the in-house or off-site store. |
|
| Data Subject Rights |
| DPA Requirement: |
An individual may make a written request (a fee not exceeding £10 may be levied) to see a copy of the information held on them. This information must be made available to them within 40 days of the request. |
| Meeting the Requirement: |
Unless your records are structured it will not be clear where the data on the individual is held. This could result in unnecessary costs in trying to locate the data. There is a risk that unstructured records may contain personal data, disposing of these incorrectly could mean that the company is inadvertently breaking the requirements of the act. |
|
| Transferring Outside the European Economic Area |
| DPA Requirement: |
An organisation is responsible for restricting the transfer of personal data outside the European economic area. |
| Meeting the Requirement: |
Structuring records appropriately will minimise the risks of inadvertently breaking this requirement of the act. |
|
| C&V Data Management Services can assist you in answering specific questions you may have on document retention. For a free copy of our retention guidebook please request one via our contacts page. Or, you can give us a call… remember we are only a phone call away and it’s free! |
|
