Dolphin Tec Limited
Data Protection Policy
This Policy sets out the obligations of Dolphintec Limited, a company registered in England under number 1287852, whose registered office is at C/O Ann Richards Accountancy Svcs, 8-9 Borough Court, Grammar School Lane, Halesowen, West Midlands B63 3SW (“the Company”) regarding data protection and the rights of its employees (in this context, “employee data subjects”) in respect of their personal data under the Data Protection Legislation (defined below).
This Policy sets out the Company’s obligations regarding the collection, processing, transfer, storage, and disposal of personal data relating to employee data subjects. The procedures and principles set out herein must be followed at all times by the Company, its employees, agents, contractors, and other parties working on behalf of the Company.
means the consent of the data subject which must be a freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they (by a statement or by a clear affirmative action) signify their agreement to the processing of personal data relating to them;
means the natural or legal person or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data. For the purposes of this Policy, the Company is the data controller of all personal data relating to employee data subjects;
means a person or organisation which processes personal data on behalf of a data controller;
“Data Protection Legislation”
means all applicable data protection and privacy laws including, but not limited to, the GDPR, and any applicable national laws, regulations, and secondary legislation in England and Wales concerning the processing of personal data or the privacy of electronic communications, as amended, replaced, or updated from time to time;
means a living, identified, or identifiable individual about whom the Company holds personal data (in this context, employee data subjects);
means the European Economic Area, consisting of all EU Member States, Iceland, Liechtenstein, and Norway;
means any information relating to a data subject who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that data subject;
“personal data breach”
means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored, or otherwise processed;
means any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person; and
“special category personal data”
means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sexual life, sexual orientation, biometric, or genetic data.
The Data Protection Legislation sets out the following principles with which anyone handling personal data must comply. Data controllers are responsible for, and must be able to demonstrate, such compliance. All personal data must be:
The Data Protection Legislation sets out the following key rights applicable to data subjects:
If consent is relied upon as the lawful basis for collecting, holding, and/or processing any personal data, the following shall apply:
The Company collects, holds, and processes personal data about its employees at all times in accordance with employee data subjects’ rights and the Company’s obligations under the Data Protection Legislation and this Policy.
For details of data retention, please refer to the Company’s Data Retention Policy.
Special Category Personal Data
Equal Opportunities Monitoring
This Policy shall be deemed effective as of 1 October 2020. No part of this Policy shall have retroactive effect and shall thus apply only to matters occurring on or after this date.
This Policy has been approved and authorised by:
Due for Review by: