Key Details

Introduction

Dancing Goat Coffee needs to gather and use certain information about individuals.  These can include customers, suppliers, business contacts, employees and other people the organization has a relationship with or may need to contact.

This policy describes how this personal data must be collected, handled and stored to meet Dancing Goat Coffee Limited’s data protection standards and to ensure it complies with the law.

Why this policy exists 

This data protection policy ensures Dancing Goat Coffee Limited

Data Protection Law

To comply with the law, personal information must be collected and used fairly, stored safely and not be disclosed unlawfully.  The rules apply regardless of whether data is stored electronically, on paper or on other materials.

All personal data must:

People, Risks and Responsibilities

Policy Scope

This policy applies to

It applied to all data that the company holds relating to identifiable individuals, even if that information technically falls outside of the Data Protection Act.

This can include:

Data Protection Risks

This policy helps Dancing Goat Coffee Limited from data security risks including

Responsibilities

Everyone who works for Dancing Goat Coffee Limited has some responsibility for ensuring data is collected, stored and handled appropriately.

Everyone who handles personal data must ensure that it is handled and processed in line with this policy and data protection principles.

However, the following have key areas of responsibility:

General Guidelines

Data Storage

These rules describe how and where data should be safely stored.  Any questions about storing data safely should be directed to Ian Noble.

When data is stored on paper, it should be kept in a secure place where unauthorized people cannot see it.  These guidelines also apply to data that is usually stored electronically but has been printed out for some reason:

When data is stored electronically, it must be protected from unauthorized access, accidental deletion and malicious hacking attempts:

Data use

Personal data is of no value to Dancing Goat Coffee Limited unless the business can make use of it.  However, it is when personal data is accessed and used that it can be at the greatest risk of loss, corruption or theft.  All due care and attention should be made when dealing with personal data, as detailed above.

Data Accuracy

The law requires Dancing Goat Coffee Limited to take reasonable steps to ensure that data is kept accurate and up to date.

Subject access requests

All individuals who are the subject of personal data held by Dancing Goat Coffee Limited are entitled to

If an individual contacts the company requesting this information, this is called a subject access request.

Subject access requests from individuals should be made via email, addressed to Ian Noble at accounts@dancing-goat.co.uk

Disclosing data for other reasons

In certain circumstances, the Data Protection Act allows personal data to be disclosed to certain agencies without the consent of the data subject.

Under these circumstances, Dancing Goat Coffee Limited will disclose the requested data.  However, Ian Noble will ensure that the request is legitimate.

Providing Information

Dancing Goat Coffee Limited aims to ensure that individuals are aware that their data is being processed and that they understand: