The Company must comply with the UK General Data Protection Regulation (GDPR), the key principles of which are:
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality (security)
- Accountability
Personal data must only be held as necessary, it must be held securely, and it must only be used for appropriate purposes by appropriate people.
For most of our activities we are a Data Controller, controlling how and why personal information is collected, used, stored and destroyed. Where our employees deliver services on behalf of clients, we are a Data Processor, handling data on their behalf, on the basis of their instructions.
Orford Services Limited holds personal data about Directors, Members, current and former employees, clients, suppliers, and people whose payments we process. We do this on the basis of the following lawful bases for data processing:
- Contract (for example, for current and former employees, clients and suppliers, people whose payments we process)
- Legal obligation (for example, Members and Directors, employees)
- Legitimate interests
- Consent
All Directors and employees are responsible for GDPR compliance, but the primary contact is Ian Allinson (Director).
Individuals whose data the Company holds or processes have the following rights, but please note that there may be exceptions to them:
- To be informed
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Rights related to automated decision-making including profiling
The Company does not use CCTV or any automated decision-making or profiling, and will never sell personal data. We only share personal data with other organisations (e.g. Companies House, HMRC, our bank, pension provider, clients) as necessary to conduct our business.
Further information is available at https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/
If you have any concerns relating to data protection, please contact Ian Allinson via https://orfordservices.co.uk/contact-us/.