top of page

Data Protection and Data Security Policy for Golden Gardening Services

Update date: 26/10/2023

 

1. Introduction and Scope

This Data Protection and Data Security Policy ("the Policy") outlines the commitment of Golden Gardening Services ("the Company") to protect the privacy and rights of individuals in accordance with the UK General Data Protection Regulation (UK GDPR) and other relevant data protection legislation. This Policy applies to all employees, contractors, and third parties who process personal data on behalf of the Company.

 

2. Statement and Purpose of Policy

Golden Gardening Services, located at Ashford TW15, UK, is dedicated to ensuring that all personal data under its control is processed in adherence to the highest standards of data protection and security.

As a data controller, the Company has the responsibility to determine the purposes and means of processing personal data. This Policy provides guidance on the Company's approach to data protection and the measures in place to safeguard personal data.

 

3. Objectives

The primary objectives of this Policy are rooted in ensuring that Golden Gardening Services remains compliant with the UK's data protection framework, notably the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. These objectives are:

 

a. Information and Transparency: To inform our staff, relevant stakeholders, and data subjects about the types of personal data we process, the purposes for which it is processed, and the rights of data subjects. This is in line with Article 13 and 14 of the UK GDPR which mandates the provision of information to data subjects about the processing of their personal data.

b. Guidelines and Compliance: To establish clear guidelines on data protection, ensuring that all data processing activities are lawful, fair, and transparent. This objective seeks to ensure compliance with legal and regulatory requirements as set out in the Data Protection Act 2018 and other relevant legislation. Regular audits and reviews will be conducted to ensure ongoing compliance, as recommended by the UK's Information Commissioner's Office (ICO).

c. Roles and Responsibilities: To clearly define and communicate the roles and responsibilities of staff, contractors, and third-party processors in relation to data protection and security. This includes ensuring that all personnel are aware of their obligations under the UK GDPR and are provided with adequate training and resources to fulfil these obligations. Furthermore, third-party processors will be bound by contractual clauses that mandate compliance with data protection principles, as stipulated in Article 28 of the UK GDPR.

By achieving these objectives, Golden Gardening Services aims to foster trust with its stakeholders and ensure the rights and freedoms of data subjects are upheld.

 

4. Definitions

  • Data Protection Laws: All applicable legislation relating to the processing of personal data, notably the UK General Data Protection Regulation.

  • Data Subject: An identifiable natural person to whom the personal data pertains.

  • Personal Data: Any information relating to an identified or identifiable natural person.

  • Processing: Any operation performed on personal data, whether automated or manual, including collection, recording, organisation, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, or erasure.

  • Special Categories of Personal Data: Data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health information, or data concerning a person's sex life or sexual orientation.

 

5. Data Protection Principles

The Company is committed to upholding the core principles of data protection as enshrined in the UK's data protection framework. These principles, derived from the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, guide all our data processing activities. Specifically:

 

a. Lawfulness, Fairness, and Transparency:

Personal data must be processed lawfully, fairly, and in a transparent manner in relation to the data subject. This principle is anchored in Article 5(1)(a) of the UK GDPR. It mandates that data subjects are informed of the processing, and that there is a legitimate basis for such processing.

 

b. Purpose Limitation:

Personal data must be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes. This is in accordance with Article 5(1)(b) of the UK GDPR. It ensures that data is not used in unexpected ways that could harm or disadvantage the data subject.

 

c. Data Minimisation:

Personal data must be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed. This principle, as set out in Article 5(1)(c) of the UK GDPR, ensures that excessive data is not collected or stored.

 

d. Accuracy:

Personal data must be accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that inaccurate data is rectified or deleted, as per Article 5(1)(d) of the UK GDPR.

 

e. Storage Limitation:

Personal data must be retained in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. This principle, rooted in Article 5(1)(e) of the UK GDPR, ensures that data is not stored indefinitely and that it is disposed of securely once it is no longer needed.

 

f. Integrity and Confidentiality:

Personal data must be processed securely, ensuring appropriate protection against unauthorised or unlawful processing, accidental loss, destruction, or damage. This is in line with Article 5(1)(f) of the UK GDPR, which mandates the use of appropriate technical and organisational measures to safeguard data.

By adhering to these principles, Golden Gardening Services demonstrates its commitment to data protection and the rights of individuals, ensuring compliance with the UK's stringent data protection standards.

 

6. Rights of Data Subjects

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, data subjects are granted a set of rights concerning their personal data. Golden Gardening Services recognises and respects these rights, ensuring that they can be effectively exercised. Specifically:

a. Right to Access (Subject Access Request):

Data subjects have the right to obtain confirmation as to whether or not their personal data is being processed and, if so, to access that data. This is detailed in Article 15 of the UK GDPR. It allows individuals to understand what data is held about them and how it is used.

 

b. Right to Rectification:

Data subjects can request the rectification of inaccurate personal data concerning them. This is set out in Article 16 of the UK GDPR. It ensures that personal data remains accurate and up-to-date.

 

c. Right to Erasure (‘Right to be Forgotten’):

In certain circumstances, data subjects can request the deletion of their personal data. This right is enshrined in Article 17 of the UK GDPR.

d. Right to Restriction of Processing:

Data subjects have the right to request the restriction of processing of their personal data in specific situations, as detailed in Article 18 of the UK GDPR.

 

e. Right to Data Portability:

This right allows data subjects to receive their personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller. It is set out in Article 20 of the UK GDPR.

 

f. Right to Object:

Data subjects have the right to object to the processing of their personal data for specific purposes, including for direct marketing. This is detailed in Article 21 of the UK GDPR.

 

g. Rights related to Automated Decision-making and Profiling:

Data subjects have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them. This right is enshrined in Article 22 of the UK GDPR.

 

Golden Gardening Services is committed to facilitating these rights and ensuring that data subjects can exercise them effectively. Any requests from data subjects relating to the above rights will be handled promptly and in accordance with the relevant legal provisions.

 

7. Data Security Policy

Ensuring the security of personal data is paramount to Golden Gardening Services. In line with our commitment to safeguarding data subjects' rights and in compliance with the UK's data protection framework, we have implemented a comprehensive Data Security Policy tailored to the specific needs of gardening businesses. This policy is grounded in the following provisions:

 

a. Technical Measures:

The Company utilises state-of-the-art technical solutions to protect personal data. This includes encryption technologies, secure server configurations, firewalls, and regular security patch updates. Such measures are in alignment with Article 32 of the UK GDPR, which mandates the implementation of appropriate technical measures to ensure data security.

 

b. Organisational Measures:

Beyond technical solutions, the Company has established organisational protocols to ensure data security. This includes staff training, clear data handling procedures, and a hierarchical access system where only authorised personnel can access certain data. These measures are also in line with the recommendations set out in the UK's Information Commissioner's Office (ICO) guidelines.

 

c. Incident Response Plan:

In the event of a data breach or security incident, the Company has a clear response plan in place. This ensures swift action to mitigate potential damages and notify affected parties, as required by Article 33 and 34 of the UK GDPR.

 

d. Regular Audits:

To ensure ongoing compliance and security, the Company conducts regular audits of its data processing activities and security measures. This proactive approach ensures that any potential vulnerabilities are identified and addressed promptly.

 

e. Third-party Vendors:

When engaging with third-party vendors or service providers, the Company ensures that they adhere to stringent data protection standards. Contracts with such parties include clauses mandating compliance with data protection principles, as stipulated in Article 28 of the UK GDPR.

f. Physical Security:

Given the nature of gardening businesses, where physical documents might be used, the Company ensures secure storage facilities, locked filing cabinets, and restricted access areas to prevent unauthorised access to personal data.

 

By adhering to this Data Security Policy, Golden Gardening Services demonstrates its unwavering commitment to protecting personal data and ensuring compliance with the UK's rigorous data protection standards.

 

8. Amendments

This Policy may be updated periodically to reflect changes in legal, regulatory, or operational requirements. Staff will be informed of any significant changes.

 

9. Contact Details for Golden Gardening Services:

  • Address: Ashford TW15 3PS, UK

  • Phone: 07545667675 or 07738795801

 

10. Policy Review

This Policy will be reviewed at regular intervals to ensure its continued relevance and compliance with current legislation.

bottom of page