Effective Date: 12th July 2024 - Apple Central Taxis (SW) Limited
1. Introduction
Apple Central Taxis (SW) Limited ("the Company") is committed to protecting and respecting the privacy of personal data. This policy sets out the basis on which any personal data we collect from individuals, or that is provided to us, will be processed by us in compliance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.
2. Scope
This policy applies to all employees, contractors, consultants, temporary staff, and other workers at the Company, as well as to third parties with whom we share personal data. It covers all data that the Company holds relating to identifiable individuals, including customers, suppliers, business contacts, employees, and others.
3. Definitions
Personal Data: Any information relating to an identified or identifiable natural person.
Processing: Any operation performed on personal data, whether automated or not, such as collection, storage, use, and destruction.
Data Subject: An individual whose personal data is being processed.
Data Controller: The entity that determines the purposes and means of processing personal data.
Data Processor: The entity that processes personal data on behalf of the Data Controller.
4. Data Protection Principles
We adhere to the following principles when processing personal data:
Lawfulness, Fairness, and Transparency: Personal data shall be processed lawfully, fairly, and in a transparent manner.
Purpose Limitation: Personal data shall be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
Data Minimisation: Personal data shall be adequate, relevant, and limited to what is necessary for the purposes for which they are processed.
Accuracy: Personal data shall be accurate and, where necessary, kept up to date.
Storage Limitation: Personal data shall be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
Integrity and Confidentiality: Personal data shall be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage.
5. Legal Basis for Processing
The Company will only process personal data where there is a lawful basis for doing so. These bases include:
Consent of the data subject.
Performance of a contract with the data subject.
Compliance with a legal obligation.
Protection of vital interests of the data subject or another person.
Performance of a task carried out in the public interest or in the exercise of official authority.
Legitimate interests pursued by the Company or a third party, except were overridden by the interests or fundamental rights and freedoms of the data subject. Effective Date: 12th July 2024 - Apple Central Taxis (SW) Limited
6. Rights of Data Subjects
Data subjects have the following rights under the GDPR:
Right to be Informed: About the collection and use of their personal data.
Right of Access: To their personal data and supplementary information.
Right to Rectification: To have inaccurate personal data rectified or completed if it is incomplete.
Right to Erasure: To have personal data erased in certain circumstances.
Right to Restrict Processing: To request the restriction or suppression of their personal data.
Right to Data Portability: To obtain and reuse their personal data for their own purposes across different services.
Right to Object: To the processing of their personal data in certain circumstances.
Rights in relation to Automated Decision Making and Profiling: To not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
7. Data Security
The Company will implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including but not limited to:
Encryption of personal data.
Measures to ensure ongoing confidentiality, integrity, availability, and resilience of processing systems and services.
Regular testing, assessing, and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
8. Data Breach Notification
In the event of a data breach, the Company will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, if it is likely to result in a risk to the rights and freedoms of individuals. If the breach is likely to result in a high risk of adversely affecting individuals' rights and freedoms, the Company will also inform those individuals without undue delay.
9. Data Protection Officer
The Company has appointed a Data Protection Officer (DPO) who is responsible for overseeing this data protection policy and ensuring compliance with GDPR and UK data protection laws. The DPO can be contacted at:
Mr Graham Brown - manager@appletaxisexeter.co.uk - 01392411411
10. Review and Changes to this Policy
The Company will review this policy regularly and may update it from time to time to reflect changes in legislation or our data processing practices. Any updates will be communicated to all staff and relevant stakeholders.
11. Contact Information
Questions, comments, and requests regarding this data protection policy are welcomed and should be addressed to:
Apple Central Taxis (SW) Limited, 3-4 Isambard Parade, Exeter, Devon, EX4 4BX
12. Compliance and Monitoring
Compliance with this policy will be monitored regularly, and any breaches or potential issues identified will be addressed promptly and appropriately. Employees found to have breached this policy may be subject to disciplinary action, up to and including termination of employment.