Deadline Despatch Ltd is committed to protecting the rights and freedoms of data subject and safely and securely processing their data in accordance with all our legal obligations. We employ under 250 persons and are not required to appoint a DPO.
We are required to collect and use personal data about our employees, clients, suppliers and other individuals for a variety of business purposes in order to carry out our work. We recognise the need to treat all personal data in an appropriate and lawful manner in accordance with the GDPR.
The purpose of this policy is to make you aware of how we will handle your personal data. This policy does not form part of any contract and we may amend it at any time.
Data Principles “Personal Data”
means recorded information we hold about you from which you can be identified. It may include contact details, other personal information and photographs. “Processing” means doing anything with the data, such as accessing, disclosing, destroying or using the data in any way for the purpose of the business.
Fair and Lawful Processing
2.1: We will usually only process your personal data where you have given your consent or where the processing is necessary to comply with our legal obligations. In other cases, processing may be necessary for the protection of your vital interests, for our legitimate interests or the legitimate interests of others.
2.2: We will only process “sensitive personal data” about ethnic origin, political opinions, religious or similar beliefs, trade union memberships. Criminal records checks will be processed only when authorised by law.
Deadline Despatch Ltd is both a data controller and data processor. We must maintain our appropriate registration with the Information Commissioners Office in order to continue lawfully controlling and processing data. We will collect and process appropriate information to the extent that it is needed to fulfil its operational needs or comply with any legal requirements.
We will keep the personal data we store about you accurate and up to date. Data that is inaccurate or out of date will be destroyed. Please notify us if your personal details change or if you become aware of any inaccuracies in the personal data we hold about you.
We will not keep your personal data for longer than it is necessary for purpose or required by legal processes. This means that data will be destroyed or erased from our systems when it is no longer required.
Processing in line with your rights
You have the right to:
6.1: Request access to any personal data we hold about you.
6.2: Prevent the processing of your data for direct-marketing purposes.
6.3: Ask to have inaccurate data held about you amended.
6.4: Prevent processing that is likely to cause unwarranted substantial damage or distress to you or anyone else.
6.5: We must delete or remove an individual’s data if requested and there is no compelling reason for its continued processing.
We will ensure that appropriate measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data. We have in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. We will only transfer personal data to a third party if he agrees to comply with those procedures and policies, or if he puts in place adequate measures himself. Maintaining data security means guaranteeing the confidentiality, integrity and availability (for authorised purposes) of the personal data. Any breach of this policy or of data protection laws must be reported as soon as practically possible. Deadline Despatch Ltd has a legal responsibility to report any data breaches to the Information Commissioners Office within 72 hours.
Providing information to third parties
We will not disclose your personal data to a third party without your consent unless we are satisfied that they are legally entitled to the data. As a data controller and processor we must have written contracts in place with any third party that we use. As a data controller we must only appoint processors who can provide sufficient guarantees under GDPR that the rights of data subjects will be respected and protected. As a data processor we must only act on the documented instructions of the controller. We acknowledge our responsibilities as data processor under GDPR and will protect and respect the rights of data subjects.
Subject access requests
An individual has the right to receive confirmation that their data is being processed, access to their personal data and supplementary information which means the information should be provided in a privacy notice. We must provide an individual a copy of information free of charge. This must occur without delay and with one month of receipt. If complying with the request is complex or numerous, the deadline can be extended by two months, but the individual must be informed within one month. We can refuse to respond to certain requests, and can, in circumstances of the request being manifestly unfounded or excessive, charge a fee.