22BevisMarks,London.EC3A7JBUnitedKingdomTelephone+442071838910|Fax+442071838919|Emailops@northcottglobalsolutions.com|Web:www.northcottglobalsolutions.com

NAIROBI CALGARY LONDON

DATAPROTECTIONPOLICY

-June2017-

22BevisMarks,London.EC3A7JBUnitedKingdomTelephone+442071838910|Fax+442071838919|Emailops@northcottglobalsolutions.com|Web:www.northcottglobalsolutions.com

NAIROBI CALGARY LONDON

INFORMATIONANDDATAPROTECTIONPOLICY

NorthcottGlobalSolutionsLtdiscommittedtotheprotectionandprivacyofpersonaldata,includingthatprovidedbythirdparties,andissubjecttotheprinciplesofDataProtection.

TheDataProtectionAct1998regulatestheuseofinformationrelatingtoindividualsandwasextendedbytheFreedomofInformationAct2000toincludeinformationstoredonnon-computerisedsystemsaswell.TheDataProtectionActisenforcedbytheInformationCommissioner’sOffice(ICO)andlikeallorganisationsthatprocesspersonaldatatheCommissionmustcomplywiththeAct.

If you receive a subject access request or anything that refers to rights under the Data Protection

Act you must forward this to the directors immediately. All such requests must be dealt with within

strict time limits and our failure to do so could expose us to financial penalties.

AfullcopyoftheDataProtectionAct1998isavailableontheICO’swebsite(www.ico.gov.uk),howevergoodcompliancewiththeDataProtectionActcanbebroadlyequatedtocompliancewiththeeightDataProtectionprinciples:

1. Personaldatashouldbeprocessedfairlyandlawfully2. Personaldatashouldbeobtainedonlyforthepurposespecified3. Datashouldbeadequate,relevantandnotexcessiveforthepurposesrequired4. Accurateandkeptup-to-date5. Datashouldnotbekeptforlongerthanisnecessaryforpurpose6. Dataprocessedinaccordancewiththerightsofdatasubjectsunderthisact7. Security:appropriatetechnicalandorganizationalmeasuresshouldbetakenunauthorizedor

unlawfulprocessingofpersonaldataandagainstaccidentallossordestructionordamagetopersonaldata.

8. PersonaldatashallnotbetransferredoutsidetheEEAunlessthatcountryorterritoryensuresanadequatelevelofdataprotection.

Any personal data which is collected, recorded or used in any way whether held on paper, computer or

other media, will have appropriate safeguards applied to it to ensure that we comply with the Data

Protection Act.

Personal data is defined in the Act as information relating to living, identifiable individuals, including

personal information that can only be related to an identifiable individual by cross-referencing it to other

information held by us.

Sensitive personal data means personal data consisting of information regarding racial or ethnic origin,

political opinions, religious beliefs, trade union membership, physical or mental health, sexual life,

commission of offences or alleged offences.

22BevisMarks,London.EC3A7JBUnitedKingdomTelephone+442071838910|Fax+442071838919|Emailops@northcottglobalsolutions.com|Web:www.northcottglobalsolutions.com

NAIROBI CALGARY LONDON

Personal data, including personal data relating to employees and clients, is accessed, retained and

disposed of in line with our policies and good practice and is only accessible by people with a need to know

requirement (see our Access Control Policy, Data Classification policies).

We endorse the rights of data subjects, including the statutory right to request personal data relating to

them (Subject Access Requests), requests for or about personal data from the data subject or third parties

must be forwarded to the Information Security Officer.

For the transfer of personal data outside the countries of the EEA please refer to the Information Security

Officer

Where we are required to share employee information with third parties (e.g. HMRC), this will be

conducted in line with the requirements of the Data Protection Act and includes obtaining the consent of

staff to share their information where no statutory, contractual or other provision is in place.

Non-compliance with the Data Protection Act and the principles of data protection should be reported in

the same way as other security incidents (see our Notification and Reporting Policy).

COMPLIANCE

NorthcottGlobalSolutionsLtdaimstomeettherequirementsoftheDataProtectionAct1998whenprocessingpersonaldata.InordertofulfilitsobligationsundertheDataProtectionActNorthcottGlobalSolutionsLtdhasimplementedrobustpracticesandpolicies.AswellasrenewingourregistrationwiththeICOannually,theNorthcottGlobalSolutionsLtdtrainsallstafftosupportthefairandlawfulprocessingofpersonaldata,implementssecurityprocessestopreventtheunlawfuldisclosureofpersonaldataandimplementsretentionanddisposalprocessestoensureinformationisretainedonlyaslongasnecessary.

RelevantDocumentation:

InformationSecurityPolicy

ICOCertificate