Data Protection Policy
The Board of Directors and management of Lightfoot, is fully committed to protecting the rights and privacy of individuals operating in accordance with the statutory legislation in accordance with the Data Protection Act 2018 and the General Data Protection Regulations 2016.
Lightfoot is committed to preserving the confidentiality, integrity and availability of all the physical, electronic and information assets throughout our organisation in order to preserve our competitive edge, cash-flow, profitability, legal, regulatory and contractual compliance, and commercial image.
Our Data Protection Policy sets out our commitment to protecting personal and sensitive data and how we implement that commitment with regards to the collection and use of this data.
We are committed to meeting our legal obligations as laid down by the Data Protection Act 2018 and General Data Protection Regulations 2016 ensuring that we comply with the eight data protection principles, as listed below:
- Be informed of what data processing is taking place;
- The right to request access your personal data;
- The right to rectify your personal data;
- The right to delete your personal data;
- The right to restrict processing;
- The right to data portability;
- The right to object to processing your personal data; and
- The rights with respect to automated decision-making and profiling.
In order to deliver the principles, we are committed to safeguarding personal and sensitive information by:
- ensuring that data subjects' rights can be appropriately exercised
- ensuring that data is collected and used fairly and lawfully
- taking steps to ensure that personal data is up to date and accurate
- processing personal data only in order to meet our operational needs or fulfill legal requirements
- providing adequate security measures to protect personal data
- ensuring that a nominated officer is responsible for data protection compliance and provides a point of contact for all data protection issues
- ensuring that all staff are made aware of good practice in data protection
- providing adequate training for all staff responsible for personal data
- ensuring that everyone handling personal data knows where to find further guidance
- ensuring that queries about data protection, internal and external to the organisation, is dealt with effectively and promptly
- regularly reviewing data protection procedures and guidelines within the organisation.
This document was last updated on 1st April 2019