1. Aims

AWH Holdings Ltd aims to ensure that all personal data collected about employees, clients and other individuals is collected, stored and processed in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA 2018).

This policy applies to all personal data, regardless of whether it is in paper or electronic format.

2. Legislation and guidance

This policy meets the requirements of the GDPR and the provisions of the DPA 2018. It is based on guidance published by the Information Commissioner’s Office (ICO) on the GDPR and the ICO’s code of practice for subject access requests.

It also reflects the ICO’s code of practice for the use of surveillance cameras and personal information.

3. Definitions

Personal data - Any information relating to an identified, or identifiable, individual.

This may include the individual’s:

  • Name (including initials)
  • Identification number
  • Location data
  • Online identifier, such as a username

It may also include factors specific to the individual’s physical, physiological, genetic, mental, economic, cultural or social identity.

Special categories of personal data - Personal data which is more sensitive and so needs more protection, including information about an individual’s:

  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Genetics
  • Biometrics (such as fingerprints, retina and iris patterns), where used for identification purposes
  • Health – physical or mental
  • Sex life or sexual orientation

Processing - Anything done to personal data, such as collecting, recording, organising, structuring, storing, adapting, altering, retrieving, using, disseminating, erasing or destroying.

Processing can be automated or manual.

Data subject - The identified or identifiable individual whose personal data is held or processed.

Data controller

A person or organisation that determines the purposes and the means of processing of personal data.

Data processor - A person or other body, other than an employee of the data controller, who processes personal data on behalf of the data controller.

Personal data breach - A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data.