Data Protection Registration Number: Z1646611


Stride & Son needs to gather and use certain information about individuals.  These can include clients, suppliers, employees, leaseholders and other people with whom the organisation has a relationship or may need to contact. 


This data protection policy is designed to ensure that individuals’ rights with regard to personal data are protected.


We acknowledge that personal data should be:


- Processed fairly and lawfully


- Obtained only for specified, lawful purposes


- Adequate, relevant and not excessive


- Accurate and kept up to date


- Not to be held for longer than necessary


- Processed in accordance with the rights of data subjects


- Protected appropriately


- Not transferred outside the EEA unless that country also ensures adequate protection.


Data Protection Risks
This policy should protect against the following data security risks:
- Information being used or given out inappropriately;
- Information being out of date or incorrect;
- Information being held for longer than is appropriate;
- IT systems being breached.


Everyone at Stride & Son has some responsibility for ensuring that data is collected, stored, handled and destroyed appropriately.  The board of directors is responsible for ensuring that legal obligations are met.
The data protection officer is responsible for reviewing procedures and policies, arranging training, and dealing with requests from individuals regarding their data.


General Guidelines
- Care should be taken when employees share data with each other.  Data from one department should not be automatically available to other departments.
- Instructions regarding passwords and IT security should be followed at all times.
- Personal data should not be disclosed to unauthorised people.
- Data should be reviewed and updated if necessary.  If no longer required it should be deleted / securely shredded and disposed of.
- Employees should check with their manager or the data protection officer if unsure about any aspect of data protection.
- Reception area policy is to be followed.
- Method of electronic data storage and deletion is to be monitored by IT support firm.
- Personal information is never shared unless as per the terms of the Privacy Notice and in line with contractual or consent arrangements.
Data Storage and Disposal
- Data stored on paper should be kept in filing cabinets or closed files, not left open on desks.
- Data printouts should be shredded after use.
- Data stored on paper should not be taken out of the office unless absolutely necessary.
- Electronic data should be protected by strong passwords regularly changed and not shared between employees.
- Electronic data should only be uploaded to an approved cloud service.
- Electronic data should be backed up regularly.
- Electronic data should not be saved on individual laptops or other mobile devices or computer desktops but only to selected secure areas of the server.


Data Accuracy
- All employees should take reasonable steps to ensure data is kept as accurate and up to date as possible.
- Data should be held in as few places as necessary; additional unnecessary data sets should not be created.
- Data should be updated as inaccuracies are discovered, eg if a client can no longer be reached on their stored telephone number it should be removed from the database.
- Additional checks should be made on sensitive information (eg bank details) and on changes of correspondence information.


Subject Access Requests
- Any individual wishing for information on personal data (Subject Access Request) should make this by email or in writing to the Data Controller at Stride & Son.  The identity of someone making a subject access request will be verified before providing the information.  A reasonable charge may be made for requests involving a large amount of data.


Providing information
Privacy notices are available on the company’s website or by request from the Data Controller.


Stride & Son
11 May 2018

Request aValuation

Thinking of selling your home? Find out how much it is worth with a free, no obligation valuation.