Data Protection Policy - General Data Protection Regulation (GDPR)
As a part of our business Apprise Marketing Services – AMS gathers and uses specific information about individuals across the globe.
The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
The Principles
Apprise Marketing Services -AMS shall so far as is reasonably practicable comply with the Data Protection Principles contained in the Data Protection Act to ensure all data is:-
1) Fairly and lawfully processed.
2) Processed for a lawful purpose.
3) Adequate, relevant and not excessive.
4) Accurate and up to date.
5) Not kept for longer than necessary.
6) Processed in accordance with the data subject’s rights.
7) Secure.
8) Not transferred to other countries without adequate protection.
Personal Data
Personal data covers both facts and opinions about an individual where that data identifies an individual. For example, it includes information necessary for employment such as the member of staff’s name and address and details for payment of salary or a pupil’s attendance record and exam results. Personal data may also include sensitive personal data as defined in the Act.
Accuracy
AMS will endeavour to ensure that all personal data held in relation to all data subjects is accurate. Data subjects must notify the data processor of any changes to information held about them. Data subjects have the right in some circumstances to request that inaccurate information about them is erased. This does not apply in all cases, for example, where records of mistakes or corrections are kept, or records which must be kept in the interests of all parties to which they apply.
Enforcement
If an individual believes that AMS has not complied with the Policy or acted otherwise than in accordance with the Data Protection Act, the concerned person should notify it to AMS as soon as possible.
Data Security
AMS will take appropriate technical and organisational steps to ensure the security of personal data. All employees will be made aware of this policy and their duties falling under the Act. AMS and therefore all working staff are required to respect the personal data and privacy of others and must ensure that appropriate protection and security measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to all personal data.
Secure Destruction
When data held in accordance with this policy is destroyed, it must be destroyed securely in accordance with best practice at the time of destruction.
Retention of Data
AMS may retain data for differing periods of time for different business purposes as required by statute or best practices, individual departments incorporate these retention times into the processes and manuals. Other statutory obligations, legal processes and enquiries may also necessitate the retention of certain data.
Training
All employees are required to undergo basic training in order to comply with data protection law and policy. For specific roles and activities that involve the use of personal data, additional training may be required.
Training is also provided to our new joiners as part of our induction process to AMS. We operate an ongoing training program to make sure that employees’ knowledge and understanding of compliance information in the context of their role is up-to-date. It is mandatory to attend such trainings and it will be recorded.