This policy covers all activities undertaken within WrightWay Digital Ltd and applies to all contact with, or activity involving, Service Users (ie customers, suppliers and any other users of WrightWay Digital Ltd). This policy is binding and failure to comply with its provisions may result in disciplinary action. For the purpose of this policy, ‘information’ includes both oral and written information as well as knowledge acquired through observation.
WrightWay Digital Ltd’ staff are bound by a duty of confidentiality to those using our services and staff must aim rigorously to protect the confidentiality of Service Users. Practical steps will be taken, through staff training and the provision of administration arrangements, to prevent the inappropriate disclosure of any information relating to a Service User. Breaches of confidentiality will be viewed as a disciplinary matter.
The UK Data Protection Act 1998 aims to protect individuals from the potential misuse of personal data held by organisations, regulating the use of information relating to individuals and the provision of services in respect of such information. The Act outlines what sort of information it deems to be ‘sensitive personal data’.
Both employees and employers are legally responsible for compliance with the Act and may face prosecution or fines for knowingly or recklessly disregarding its requirements.
WrightWay Digital reserves the right to share personal information about Service Users with other staff members for purposes relating to maintaining administrative records, or the safety of an individual or maintaining the reputation of WrightWay Digital Ltd.
WrightWay Digital will identify the information needed for a specific purpose and ensure it is accurate and up to date. If there is a complaint regarding the accuracy of information held then WrightWay Digital will investigate this and amend the records or at least note the complaint on file.
Confidential records, files or any other information relating to Service Users will always be stored in a secure place and access to them controlled.
The Act requires that personal data must not be kept any longer than is necessary for the purpose(s) for which it was collected. When this time has expired, information is no longer current and must be archived. Once the period of required retention has expired, data will be disposed of.
When WrightWay Digital uses the information about a Service User it will ensure that the Service User is properly informed of what WrightWay Digital intends to do with the information.
The Service User has a right to see information that WrightWay Digital holds on them. A request for this information must be received in writing and evidence of identity will be required. An administrative fee may of £10 (GBP) may be requested. WrightWay Digital has up to 40 days to comply with the request.
If the request is from a third party then permission should be sought from the Service User before information is provided to the third party. If permission is withheld then WrightWay Digital will not provide the information unless WrightWay Digital is under a legal obligation to do so.