GDPR

GDPR Policy

This policy sets out the obligations of Coral Starfish Ltd with regard to how data, and in particular, personal data, are protected to ensure that people’s rights are protected in accordance with the Data Protection Act 1998 and the General Data Protection Regulation.

It is the policy of Coral Starfish Ltd to conduct all our business in an honest, transparent and ethical manner. We take a zero-tolerance approach to the passing on of any data stored within our business without the client’s consent. We are committed to acting professionally, fairly and with integrity in all our business dealings and relationships wherever we operate. We implement and enforce systems to ensure compliance with current legislation.

Definition of Personal Data

Personal Data is defined by the Data Protection Act as “data which relates to a living individual who can be identified from those data or other information which is in the possession of, or is likely to come into the possession of, the Data Controller”.

Coral Starfish Ltd is a Business to Business organisation that has to collect a range of information from its clients, potential clients and suppliers so that it can provide its services. Coral Starfish Ltd only collects personal information (e.g. e-mail addresses, names, contact numbers etc) from those who choose to give it so that business can be conducted. This information is held in strict confidentiality in secure files and is not passed on to any third parties.

We fully endorse the principles of data protection legislation and do not process any personal information that we do not consider relevant to our business. We ensure that any information we store is kept up to date to the best of our ability and that the only people who are able to access this information have been suitably trained in data protection requirements and have read this Policy.

Personal data that is no longer required is removed from our records. We use the best protection available to us for our computers as recommended by our technical consultants to ensure that the data we hold cannot be stolen.

Coral Starfish Ltd uses third party websites to help run our business, all of which have produced policies for the way that they handle data protection and we are satisfied that the following have taken the right precautions to ensure that they comply with all the relevant legislation.

Everyone at Coral Starfish Ltd understands their obligations with regard to the handling of personal data and has been trained to understand the legislation that refers to data protection. Any breach of the rules regarding data protection will lead to disciplinary action being taken against whoever has caused such a breach.

Coral Starfish Ltd understands and adheres to the principles set out below.

Each individual or company about whom Coral Starfish Ltd holds personal data has the right:

• to be informed about how their personal data is being used.
• to withdraw their consent at any time.
• to access the personal data we hold in a transparent and timely manner (i.e. within one month). This must be supplied in an electronic format if requested.
• to have any incorrect data rectified and to know that this has been carried out in a timely manner.
• to ensure that their personal data has not been processed until any rectifications have been made.
• to have their data erased in a timely manner.
• not to be part of any automated decision making within an organisation.
• to object and to have their questions answered in a transparent and timely manner.

This policy will be updated as necessary to reflect best practice in data management, security and control so that Coral Starfish can demonstrate compliance with any changes in the legislation which relates to the Data Protection Act 1998.