DATA PROTECTION POLICY & PROCEDURE
Capital Books are accountants, Tax advisors and insolvency practioners.
All references to Capital Books in this document will be taken to mean the service provided by Capital Books (UK) Limited.
This Data Protection Policy will be reviewed at regular intervals as a ‘Policy in Progress’ to take account of changes within Capital Books’ operations.
2. Principles of Data Protection as Outlined in the Data Protection Act 1998
2.1 Anyone processing personal data must comply with the eight enforceable principles of good practice.
2.2 These eight principles are that data must be:
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Not kept longer than necessary
- Processed in accordance with the data subjects rights
- Not transferred to countries outside of the EU without adequate protection
3. Care Advice Commitment
Capital Books is committed to meeting its obligations under the Data Protection Act of 1998. Capital Books will strive to observe the law in all collection and processing of subject data and will meet any subject access request in compliance with the law. Capital Books will only use data in ways relevant to carrying out its legitimate purposes and functions in a way that is not prejudicial to the interests of individuals. Capital Books has adopted a code of practice for sharing personal information which we will adhere to when sharing personal information between the Capital Books companies.
3.1 Staff working for Capital Books will take due care in the collection and storage of any data and will do their utmost to keep all data Capital Bookste, timely and secure. Where notified of changes to personal data, Capital Books will amend records within 20 days of receipt of notification.
3.2 Staff working for Capital Books, whether permanent, temporary, or contractors, must be aware of the requirements of the Data Protection Act when they collect or handle data about an individual and appropriate training will be provided if required.
3.3 Staff working for Capital Books, whether permanent, temporary, or contractors, must not disclose data except within the Policy and Procedure on disclosures described in Paragraphs 11 and 12.
3.4 Data supplied to outside agencies must always be protected by a written contract or in the case of existing software houses via emailed assurances.
3.5 All data collection and processing must be carried out in good faith.
3.6 Capital Books will keep records of all complaints by data subjects and any subsequent follow up. Capital Books will also keep a record of all data access requests.
3.7 Capital Books will inform subjects of any processing, disclosure or transfer that does not fall within Capital Bookss’ purpose in a way that any individual supplying could be expected to understand.
3.8 Capital Books will keep Data Protection notification up to date.
4. Policy on Collecting Subject Data
Capital Books will only collect data that is relevant to the carrying out of legitimate purposes and functions in a way that is not prejudicial to the interests of individuals.
4.1 Capital Books will strive to ensure that data collection is as accurate as is possible.
4.2 Data may be stored in many ways such as in databases, manual files or Word or Excel files.
5. Sensitive Data
5.1 There are various categories of sensitive data relating to individuals. These include (a) racial or ethnic origin (b) physical or mental health (c) lifestyle, (d) sexuality (e) religious or cultural beliefs.
5.2 Capital Books undertakes not to collect sensitive data where it is unnecessary to do so.
5.3 Capital Books will strive to ensure that any sensitive data is Capital Bookstely identified on collection.
6. Procedures for Collecting Subject Data
6.1 Staff are responsible for ensuring that all personal data is collected accurately and fully. Staff are responsible for ensuring that sensitive data is identified when collected.
7. Data Protection Statements
7.1 When personal data, is held by Capital Books the following statement must be included in all written forms, letters and email communications to the data subject:
7.2 Capital Books will store and process your data in accordance with the requirements of the Data Protection Act 1998. Capital Books will not provide your information to any organisations apart from those that form part of Capital Books without your express permission.
7.3 Emails transmitted by Capital Books will display the following statement which will be applied automatically by our firewall:
This message contains confidential information and is intended only for the individual or business entity named. It may also be privileged or otherwise protected by work product immunity or other legal rules. If you are not the named addressee you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and then delete this email from your system. Please send us by fax any message containing deadlines as incoming emails are not screened for response deadlines. Email transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of email transmission. If verification is required please request a hard-copy version. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
8. Policy for Data Storage and Processing
8.1 Capital Books will only hold data that is relevant to the carrying out of its legitimate purposes and functions, in a way that is not prejudicial to the interests of individuals. Information will be Capital Bookste and timely and will be held in an environment as secure as possible. Capital Books and its partners will be responsible for ensuring that all regular data care procedures are fully and conscientiously followed. All manual and computer files and data held within databases will be archived or destroyed as required under various legislation. Where data is held in a paper format, procedures for the disposal of confidential waste will apply e.g. shredding.
8.2 All individual data will be kept secure through controls over the computer network.
8.3 Data processing within Capital Books, including data sharing by Capital Books’s partner companies will only take place in accordance with the Capital Books Code of Practice
8.4 Where data is passed to a third party for processing, Capital Books will ensure that a written contract is in place that states that the agent will work within Capital Books’s data protection policy. Control of the data will not be allowed to move to the third party.
9. Procedure for Data Storage and Processing
9.1 All staff must take responsibility for following through any data care work required of them to maintain Capital Bookste data systems. They are also responsible for any records they keep in any filing systems.
10.1 All possible steps will be taken to maintain effective security for the whole of the computer system. Access to information stored on computer systems, including laptops should be appropriately password protected. Staff and volunteers will take all necessary steps to avoid careless loss of data, including when working remotely.
11. Policy on Disclosures
11.1 Capital Books will not allow personal data collected from subjects to be disclosed to third parties except in circumstances which meet the requirements of the Data Protection Act. This will be where either the subject has consented to the disclosure, where Capital Books receives information which may prevent a crime or assist in the detection of a crime, or where Capital Books is legally obliged to disclose the data.
12. Procedure on Disclosures
12.1 Any general disclosure must be recorded by the Data Protection Officer and he will ensure that each class of disclosure includes a clear justification as to why the disclosure is taking place.
12.2 Any new disclosure to be made must be checked for suitability with the Data Protection Officer beforehand who may refer to the Data Protection registrar for advice and guidance.
12.3 Any request for data based on a legal requirement, e.g. from Police or other body, must be put in writing and be checked by the Data protection Officer against the advice of the Data Protection Registrar before any data is disclosed.
13. Subject Access Policy
Capital Books will provide information in response to any reasonable subject
access request and will ensure that data is kept in an accessible form to facilitate such subject access.
13.1 Procedure on Subject Access Policy
13.2 Capital Books will make every effort to ensure that timely action is taken when a data access request is received. The Data Protection Officer will be informed as soon as is practicable.
13.3 A standard letter (amended as appropriate) will be sent to the subject stating Capital Books’s policy on subject access. This will promise to provide the required data to the best of Capital Books’s ability within 20 days. Capital Books will ask for payment of £10 as a fee for this service.
13.4 A search will be set up by the Data Protection Officer, using staff as necessary, to ensure that all relevant data will be collected and collated ready to send to the subject. This will include all relevant electronic data and manual files. Information on data collection, storage, processing and transfer may also be required and statements will be prepared in advance.
13.5 The relevant information will be sent by email or registered post depending on volumes and the wishes of the data subject.
14. Policy on Complaints and Queries
14.1 Capital Books will respond to any complaints as quickly as possible. Any letter or contact we receive in relation to the Data Protection Act, that questions our policy and/or procedure will be acknowledged within 5 working days, and responded to in full within 20 working days.
14.2 The Data Protection Officer will be advised without delay, of any complaints or queries relating to Data Protection policy or issues (as in 14.1 above)
14.3 Records will be kept of all correspondence for 5 years.
15. Procedure on Complaints and Queries
15.1 Notify the Data Protection Officer of the receipt of the complaint / query.
15.2 Copy all relevant documentation to the Data Protection Officer.
15.3 The Data Protection Officer will maintain a record of actions taken by staff to resolve a complaint or query.
15.4 Advise the Data Protection Officer of any further correspondence and developments as they occur.
15.5 On completion, records must be kept for 5 years
16. Reporting on Data Protection Matters
The Data Protection Officer will report on all Data Protection matters to the Directors of Capital Books on an annual basis.
Capital Books will convey its policies on Data Protection and Privacy to the public by including the following document on its websites. A printed version will also be available on request.
Capital Books are accountants, Tax Advisors and insolvency professionals registered as Capital Books (UK) Limited which has a company registration number of 07057648.
Why and how do we collect dataPersonal Information
You may at times be asked to supply personal information when contacting Capital Books by telephone, email or via the Capital Books websites. Personal information is anything which enables us to identify you in some way, such as your name and a postal or email address. If you supply such information, we are legally bound by the Data Protection Act 1998 to ensure that such information is only used for the purpose for which it was requested and also to ensure that the data is held securely. This information will be shared on a routine, systematic basis within our partner organisations, working collaboratively to provide Capital Books service in accordance with our Code of Practice.
We may collect and record information in order for us to understand more about how our services are used and in turn to make sure that the services reflect your needs. In order to do this we may send cookies to your PC. A cookie will contain information that allows us to recognise that you have used the site before, but will not contain any other personal data. You can disable this function within your browser but this may affect your ability to use the search functions.
Requests for information
Data is not retained on our web servers. Personal information provided to Capital Books whether by post, telephone, email or via websites will be held in accordance with the Data Protection Act 1998 for the purpose of providing necessary services to you and to meet our legal obligations.
If you have requested information via post or telephone, unless otherwise specified, you will be deemed to have given your consent to use your personal data to respond to your initial query / request. We will retain that information in order to respond to any further requests for information or advice.
Capital Books may on occasion suggest you contact other specialist organisations for assistance with your enquiry. Where this is the case, we will give you the contact information for that organization so that you may contact them directly. We will not pass your personal data to any other agency/organisation without your express permission.
Capital Books websites may include links to other sites, not owned or managed by Capital Books. We cannot be held responsible for the privacy of data collected by websites not managed by Capital Books.
Who we share information with
Occasionally, Capital Books may work with other organisations or companies to send you information on other ways in which you can benefit from your contact with Capital Books and/or support the work of Capital Books. However, we will not simply add your name to another organisation’s database. We will always seek your permission first.
All possible steps will be taken to maintain effective security for the whole of the computer system as outlined in our full Data Protection Policy, available on request. Please note that information transferred over the internet can never be guaranteed up to be 100% secure.
Capital Books may use the services of an Internet Provider, which for financial or technical reasons may be sited outside the European Economic Area. Use of data by the Internet Service Provider on behalf of Capital Books is regulated and safeguarded by both international procedures and the observation of legal agreements to comply with the requirements of the Data Protection Act 1998.
If Capital Books set-up any discussion boards then any communication that you transmit to, or post on, any public area of the site including, but not limited to, any data, questions, comments, suggestions, or the like, is, and will be treated as, non –confidential and non proprietary information.
When entering the discussion forum, you agree not to, post, disseminate, distribute or otherwise transmit any defamatory, offensive, infringing, indecent or otherwise unlawful or objectionable material or information.
Capital Books will not be responsible for the posting by any user of any defamatory, obscene or otherwise unlawful material.
Access to your information
You may request a copy of any personal information which Capital Books holds about you. Please write to the Data Protection Officer, Capital Books (UK) Limited, 103 Scotney Gardens, St Peters Street, Maidstone, Kent, ME16 0GT.
The Data Protection Act allows Capital Books to make a reasonable charge (currently £10) for supplying this information and we will impose this charge. We will reply within 20 days of receipt of your request. It will help us to locate your records more easily if you can tell us something about the nature of your contact with Capital Books.
Any changes to this policy will be posted on the website. A paper-based copy of our policy is available on request.
All Data Protection enquiries should be made to the Data Protection Officer, Capital Books, 103 Scotney Gardens, St Peters Street, Maidstone, Kent, ME16 0GT.
Capital Books is a trading name of Capital Books (UK) Limited
Company No. 07057648
Capital Books, 66 Earl Street, Maidstone, Kent, ME14 1PS Tel: 01622 753 501