While conducting business, it is necessary to hold and process data about living individuals. The collection, storage and processing of this data is subject to the terms of the Data Protection Acts 1988 and 2003. Among the core values of the GULP organisation are that we conduct our business in a manner which is compliant with the letter and spirit of all relevant laws and regulations and that we implement best practice standards in all areas of our business. GULP has established a set of principles as the foundation of the organisations Data Protection Policy and it is the responsibility of each GULP employee to be aware of the obligations that these principles place upon everyone who is involved in collecting, processing or insuring the security of data within the organisation.
These principles require that relevant data:
- Be processed fairly and lawfully and shall not be processed unless certain conditions are met;
- Be obtained for a specified and lawful purpose and shall not be processed in any manner incompatible with that purpose;
- Be adequate, relevant and not excessive for those purposes;
- Be accurate and, where necessary, kept up to date;
- Not be kept for longer than is necessary for that purpose;
- Be processed in accordance with the data subject’s rights;
- Be kept secure from unauthorised or unlawful processing and protected against accidental loss, destruction or damage by using the appropriate technical and organisational measures;
- Not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.