Data Protection Policy
The Data Protection Act 1998 (‘DPA’) applies to all organisations and governs the way ‘personal data’ is processed.
‘Personal data’ means data which relates to a living individual who can be identified from that data, or from that data and other information which is in the possession of, or is likely to come into the possession of, the data controller and includes both electronic and ‘hard copy’ (paper based) data.
The DPA rules must be adhered to within the Palletline Network surrounding the storing or usage of personal data. This applies, but is not limited to, information kept on staff, customers and account holders. e.g. When:
- Recruiting Staff
- Managing Staff Records
- Marketing Products or Services
- Use CCTV
Palletline Ltd collect, store and process personal data about staff, customers and account holders for the purpose of administering and managing the Palletline Ltd operation. Palletline Ltd are obligated to retain information for a period of 7 years, but will continue to hold data in the form of archive for the purposes of analysis and promoting the Company and will not be disclosed to any third party, except within terms of the DPA.
Palletline Member Depots
Palletline member depots collect, store and process personal information about staff, customers and account holders for the purpose of administering and managing the Palletline Ltd operation as well as their individual operations. Each member depot is obligated to retain information locally in accordance with their individual Data Security Policy as long as it does not contravene the above Palletline statement, and any Palletline or Member depot related information will not be disclosed to any third party, except within terms of the DPA and with agreement from the Palletline Board of Directors.
For Palletline Member Depots, customer collection and delivery information constitute personal data under the DPA.
Signatures obtained from Digital Signature Capture devices constitute personal data under the DPA.
In order to ensure compliance with privacy and data protection, Member companies must be aware of and comply with all of their obligations under the DPA.
In particular, each Member company must:
- Notify its data processing activities to the Information Commissioner in accordance with the DPA;
- Ensure that the signatures and other personal data are not used for any other purpose other than that for which they were collected;
- Ensure that the signatures and other personal data are not kept for longer than is necessary for the purpose for which they were collected;
- Ensure that the signatures and other personal data are not sent outside the European Economic Area (EEA) unless sufficient protection is in place;
- Ensure that there are appropriate technical and organisational measures in place to keep signatures and other personal data secure.