Appropriate policy document

Article 5 of the UK-GDPR states that personal data shall be:

• processed lawfully, fairly and transparently

• collected for specific and legitimate purposes and processed in accordance with those purposes

• adequate, relevant and limited to what is necessary for the stated purposes

• accurate and, where necessary, kept up-to-date

• retained for no longer than necessary

• kept secure

In addition, Article 5 requires that the data controller shall be responsible for, and able to demonstrate compliance with, these principles (the accountability principle).

Our data protection policy sets out requirements for the data protection principles to be complied with when processing personal data. Our Data Protection Officer ensures that the data protection principles are applied and that we can be held accountable for the personal data it processes.

When processing special category data, the following procedures are used to ensure compliance with the data protection principles.