Scott Fleary Data Protection Policy
All organisations collecting and using personal information are legally required to comply with the Data Protection Act 2018, the UK’s implementation of General Data Protection Regulation (GDPR) (EU) 2016/679. Information will be treated in line with the seven ‘data protection principles’. These principles require that anyone collecting personal information must:
- Process it lawfully, fairly and in a transparent manner in relation to individuals (‘lawfulness, fairness and transparency’);
- Collect it for specified, explicit and legitimate purposes ad not further process it in a manner that is incompatible with those purposes; (‘purpose limitation’);
- Use the information in a way that is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
- Hold accurate data and where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay (‘accuracy’);
- Keep it in a form which permits identification of data subjects for no longer than is necessary for periods in so far as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisation measures required by the GDPR in order to safeguard the rights and freedoms of individuals (‘storage limitation’);
- Process it in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisation measures (‘integrity and confidentiality; security’);
- Ensure compliance with GDPR by implementing, documenting, reviewing and where necessary updating measures and processes in place to meet the requirements (‘accountability’).
What are the lawful bases for processing?
The lawful bases for processing are set out in Article 6 of the GDPR. At least one must apply whenever Scott Fleary processes personal data:
- Consent: the individual has given clear consent for the company to process their personal data for a specific purpose.
- Contract: the processing is necessary for a contract that the company has with the individual, or because the individual has asked the company to take specific steps before entering into a contract.
- Legal obligation: the processing is necessary for the company to comply with the law (not including contractual obligations).
- Vital interests: the processing is necessary to protect someone’s life.
- Public task: the processing is necessary to perform a task in the public interest or for official functions, and the task or function has a clear basis in law.
- Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
The law provides stronger protection for more sensitive information, such as your ethnic background, political opinions, religious beliefs, health, sexual life or any criminal history. It is enforced by an independent information commissioner, who can take action against any Company or governmental body that fails to protect your information, or that abuses its right to collect and hold that information.
Your rights under Data Protection
Under the Data Protection Act 2018, you have the right to find out what information the government and other organisations store about you. The GDPR provides the following rights for individuals:
- The right to be informed (about how your data is being used).
- The right of access (to personal data).
- The right to rectification (to have incorrect data updated).
- The right to erasure (to have your data erased).
- The right to restrict processing (to stop or restrict the processing of your data).
- The right to data portability (allowing you to get and reuse your data for different services).
- The right to object (how your data is processed in certain circumstances).
- Rights in relation to automated decision making and profiling (making decision solely by automated means without any human involvement; profiling can be part of an automated process).
Scott Fleary Modern Slavery Statement
Scott Fleary Productions recognises that slavery and human trafficking remains a hidden blight on our global society. We are committed to acting ethically and with integrity in all our business relationships, and to implementing and enforcing effective systems and controls to ensure slavery and human trafficking is not taking place anywhere in our business or in our supply chains. Staff are expected and encouraged to report concerns to management who should then act upon them.
The Company will achieve these aims to identify and mitigate risk in the following ways:
- Ensuring that all suppliers are aware of our zero tolerance approach towards Slavery and Human Trafficking and our expectations as to how they conduct their business in an ethical and responsible manner.
- Requiring suppliers who have a turnover of £36m and above to provide a copy of their Statement published under the Modern Slavery Act 2015;
- Update our standard commercial contract terms to impose obligations upon sub-contractors that they comply with the Act and take steps to ensure their organisations are free from modern slavery.
- The company will not knowingly support or deal with any business involved in slavery or human trafficking.
- Carry out internal training to ensure the risks relating to modern slavery are understood and mitigated.
- Protect Whistleblowers.
- Regularly review our supplier relationships and internal policies.
This statement is made pursuant to section 54(1) of the Modern Slavery Act 2015 and constitutes our Slavery and Human Trafficking Statement.