GDPR and Data Protection Policy
Effective Date: 2nd November, 2024
Last Updated: 14th November, 2024
Review Date: 2nd November, 2025
Data Protection Policy
Policy
TreadTracker Limited is committed to safeguarding the privacy and security of personal data. We recognise the importance of data protection and will comply with all relevant provisions of the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).
Scope
This policy applies to all staff, contractors, suppliers, and others who process or control personal data on behalf of TreadTracker Limited. It covers all data collected, stored, processed, or shared by TreadTracker Limited in any format or medium.
Definitions
- Personal Data: Information relating to an identifiable person who can be directly or indirectly identified from that information.
- Processing: Any operation performed on personal data, including collection, storage, use, transfer, and destruction.
- Data Subject: The individual to whom the personal data relates.
- Data Controller: TreadTracker Limited, which determines the purpose and means of processing personal data.
- Data Processor: Any person or organisation processing data on behalf of the data controller.
Data Protection Principles
TreadTracker Limited adheres to the principles outlined in the Data Protection Act 2018 and GDPR, which mandate that personal data must be:
- Processed lawfully, fairly, and transparently.
- Collected for specified, explicit, and legitimate purposes.
- Limited to what is necessary.
- Accurate and kept up-to-date.
- Retained only for as long as necessary.
- Processed securely.
Lawful Basis for Processing
We will process personal data only where we have a legal basis to do so, such as consent, contractual necessity, compliance with a legal obligation, or legitimate interests.
Data Subject Rights
We respect the rights of data subjects, including the rights to:
- Access their personal data.
- Rectify incorrect or incomplete data.
- Erase their data, where applicable.
- Restrict processing.
- Data portability.
- Object to processing and automated decision-making.
Data Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. Measures include:
- Secure storage and encryption of data.
- Regular data access reviews.
- Limited access based on job function.
Data Retention and Disposal
We retain personal data only as long as necessary for the purposes for which it was collected. Data no longer needed will be securely deleted or anonymised.
Data Breach Response
All staff must report any suspected data breach immediately to the Data Protection Officer (DPO). The DPO will assess and, if necessary, report the breach to the Information Commissioner’s Office (ICO) within 72 hours, if feasible.
Data Protection Officer (DPO)
The DPO is responsible for monitoring compliance, providing guidance on data protection matters, and acting as the primary point of contact with the ICO.
Responsibilities
- Senior Management: Ensure compliance with data protection regulations and provide necessary resources.
- Employees: Must process data in line with this policy and report breaches immediately.
- Data Processors: Must follow contractual obligations and data protection laws when processing data on our behalf.
Training and Awareness
All employees must complete data protection training as part of onboarding and receive periodic refresher courses.
Policy Review
This policy will be reviewed annually or as necessary to reflect any changes in legal requirements, our operations, or best practices.
Contact
For questions about this policy or data protection concerns, please contact:
Data Protection Officer
Steve Richardson
Director & Data Protection Officer
TreadTracker Limited
PO Box 1458
Thornton Cleveleys
Lancashire
FY1 9TL
Email: enquiries@treadtracker.com
Signed: S. Richardson
Steve Richardson
Director & Data Protection Officer
TreadTracker Ltd, PO Box 1458, Thornton Cleveleys, FY1 9TL
Registered in England No. 05312582.