4. The data controller

The Company processes personal data relating to employee’s, clients and other individuals and therefore is a data controller.

AWH Holdings Ltd is registered as a data controller with the ICO and will renew this registration annually or as otherwise legally required.

5. Roles and responsibilities

This policy applies to all staff employed by AWH Holdings Ltd, and to external organisations or individuals working on our behalf. Members of staff who do not comply with this policy may face disciplinary action.

5.1 Data privacy officer

The data privacy officer is responsible for overseeing the implementation of this policy, monitoring our compliance with data protection law, and developing related policies and guidelines where applicable.

They will provide an annual report of their activities directly to the board and, where relevant, report to the board their advice and recommendations on any AWH Holdings Ltd data protection issues.

The privacy officer is also the first point of contact for individuals whose data AWH Holdings Ltd processes, and for the ICO.

Our privacy officer is XXXX and is contactable via privacy officer @ XXXX

5.2 All staff

Employees are responsible for:

  • Collecting, storing and processing any personal data in accordance with this policy
  • Informing AWH Holdings Ltd of any changes to their personal data, such as a change of address
  • Contacting the privacy officer in the following circumstances:
    • With any questions about the operation of this policy, data protection law, retaining personal data or keeping personal data secure
    • If they have any concerns that this policy is not being followed
    • If they are unsure whether or not they have a lawful basis to use personal data in a particular way
    • If they need to rely on or capture consent, draft a privacy notice, deal with data protection rights invoked by an individual, or transfer personal data outside the European Economic Area
    • If there has been a data breach
    • Whenever they are engaging in a new activity that may affect the privacy rights of individuals
    • If they need help with any contracts or sharing personal data with third parties

6. Data protection principles

The GDPR is based on data protection principles that AWH Holdings Ltd must comply with.

The principles say that personal data must be:

  • Processed lawfully, fairly and in a transparent manner
  • Collected for specified, explicit and legitimate AWH Holdings Ltd poses
  • Adequate, relevant and limited to what is necessary to fulfil the purposes for which it is processed
  • Accurate and, where necessary, kept up to date
  • Kept for no longer than is necessary for the purposes for which it is processed
  • Processed in a way that ensures it is appropriately secure

This policy sets out how AWH Holdings Ltd aims to comply with these principles.