Data Protection Statement of Intent
It is the policy of Woodside Joinery to comply with the GDPR legislation and continually ensure that our methods and practices are in line – and to satisfy the full requirements of our legal and moral obligations to enforcing bodies and the public.
The type of data we process is limited to:
- Employee/subcontractor information to ensure we meet our legal requirements and to ensure prompt payment
- Customer information required to fulfil contract requirements
We commit ourselves to this GDPR policy by the implementation of a documented and maintained system which follows the six principles of GDPR:
- That the processing of personal data must be lawful and fair.
- That the purpose for which personal data is collected on any occasion must be specified, explicit and legitimate.
- Personal data must be adequate, relevant and not excessive in relation to the purpose for which it is processed.
- That personal data undergoing processing must be accurate and, where necessary, kept up to date.
- That personal data must be kept for no longer than is necessary for the purpose for which it is processed.
- That personal data must be processed in a manner that includes taking appropriate security measures about risks that arise from processing personal data. The risks include (but are not limited to) accidental or unauthorised access to, or destruction, loss, use, modification or disclosure of, personal data.
The GDPR Policy is mandatory for all company staff and a source of reference to others. The policy is available to all interested parties and copies are posted on company notice boards to ensure the GDPR policy is understood at all levels of the organisation. The policy is introduced to each new employee during the induction process.
The Data Protection Officer and Controller is the Managing Director.