Our Data Protection Principles
1. Personal data shall be processed fairly and lawfully and shall not be processed unless
certain conditions are met.
There are two parts to meeting the requirements of this principle. The first relates to
fair obtaining which requires that certain information be made available at the time of
obtaining information; and the second to the conditions for legitimate processing,
at least one of which must be met. These include:
- The data subject consenting to the processing
- Processing for various contractual or legal and statutory purposes
- Processing for the pursuit of the legitimate interests of the data controller
(subject to conditions).
2. Personal data should be obtained only for one or more specified and lawful purposes and
shall not be further processed in any manner incompatible with that purpose or those purposes.
Personal data obtained for one purpose may not be used for a completely different one
without prior reference to the individual.
3. Personal data shall be adequate, relevant and not excessive in relation to the purpose.
It shall be accurate and where necessary, kept up to date.
We regard information quality and reliability as critical factors in effective data protection.
4. Personal data processed for any purpose shall not be kept for longer than is necessary for
that purpose or those purposes.
5. Personal data (data relating to a living individual who can be identified) shall be processed
in accordance with the rights of data subjects under extant legislation. These include the rights to:
- Subject access - see below.
- Prevent processing likely to cause damage or distress.
- Prevent processing for the purposes of direct marketing.
- Take action for compensation if damage is suffered by any contravention of extant legislation by
the company.
- Take action to rectify, block, erase or destroy inaccurate data.
6. Appropriate technical and organisational measures shall be taken against unauthorised or
unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
'Processing' includes operations from collecting and acquiring through to disposal.
7. Personal data shall not be transferred to a country or territory outside the European Economic
Area (the EU member States plus Iceland, Liechtenstein, Norway or Switzerland)
unless that country or territory ensures an adequate level of protection for the rights and
freedoms of data subjects in relation to the processing of personal data. The StringsReunited database
is held on servers in Germany, with the web hosts '1and1.com'
Disclosures
Personal data should not be disclosed to anyone outside the Company (except with authorisation).
The sending of personal data by email, a conference network, the Internet or file transfer constitutes
a disclosure to the addressee and the company must ensure that such disclosures have been previously notified
and that such disclosures are compatible with the data protection principles. Disclosures with the
consent of the data subject are always permissible.
Subject Access
An individual is entitled to be supplied with all the personal data held about them, subject to
conditions.
© StringsReunited.com 2006-8.
|