4. Personal Data Protection Principles
We adhere to the principles relating to Processing of Personal Data set out in the GDPR which require Personal Data to be:
- (a) Processed lawfully, fairly and in a transparent manner (Lawfulness, Fairness and Transparency).
- (b) Collected only for specified, explicit and legitimate purposes (Purpose Limitation).
- (c) Adequate, relevant and limited to what is necessary in relation to the purposes for which it is Processed (Data Minimisation).
- (d) Accurate and where necessary kept up to date (Accuracy).
- (e) Not kept in a form which permits identification of Data Subjects for longer than is necessary for the purposes for which the data is Processed (Storage Limitation).
- (f) Processed in a manner that ensures its security using appropriate technical and organisational measures to protect against unauthorised or unlawful Processing and against accidental loss, destruction or damage (Security, Integrity and Confidentiality).
- (g) Not transferred to another country without appropriate safeguards being in place (Transfer Limitation).
- (h) Made available to Data Subjects and Data Subjects allowed to exercise certain rights in relation to their Personal Data (Data Subject's Rights and Requests).
We are responsible for and must be able to demonstrate compliance with the data protection principles listed above (Accountability).