Data Protection Policy
1. General Policy Statement
1.1 BeSure Training recognises the legal requirements of the General Data Protection Regulation (GDPR) and is committed to safeguarding personal data. In particular:
1.2 Personal data will be processed fairly and lawfully and, in particular, will not be processed unless - a) at least one of the conditions set out in Section 2 below is met, and b) in the case of special category data, at least one of the conditions in Section 3 below is also met.
1.3 Personal data will be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
1.4 Personal data will be adequate, relevant and not excessive in relation to the purpose(s) for which they are processed.
1.5 Personal data shall be accurate and, where necessary, kept up to date.
1.6 Personal data processed for any purpose(s) will not be kept for longer than is necessary.
1.7 Personal data will be processed in accordance with the rights of data subjects under the GDPR. 1.8 Appropriate technical and organisational measures will be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
1.9 Personal data will not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
2. Conditions for Processing Personal Data
2.1 Unless a relevant exemption applies, at least one of the following conditions must be met whenever we process personal data:
a) The individual has consented to the processing of their personal data.
b) The processing is necessary: in relation to a contract which the individual has entered into; or because the individual has asked for something to be done so they can enter into a contract.
c) The processing is necessary because of a legal obligation that applies to you (except an obligation imposed by a contract).
d) The processing is necessary to protect the individual’s “vital interests”. This condition only applies in cases of life or death, such as where an individual’s medical history is disclosed to a hospital’s A&E department treating them after a serious road accident.
e) The processing is necessary for administering justice, or for exercising statutory, governmental, or other public functions.
f) The processing is in accordance with the “legitimate interests” condition.
3. Conditions for Processing Special Category Data
3.1 At least one of the additional conditions listed below must also be met whenever we process special category data:
a) The individual has consented explicitly to the processing of their special category data.
b) The processing is necessary to comply with employment law.
c) The processing is necessary to protect the vital interests of: • the individual (in a case where the individual’s consent cannot be given or reasonably obtained), or • another person (in a case where the individual’s consent has been unreasonably withheld).
d) The processing is carried out by a not-for-profit organisation and does not involve disclosing personal data to a third party, unless the individual consents. Extra limitations apply to this condition.
e) The individual has deliberately made the information public.
f) The processing is necessary in relation to legal proceedings; for obtaining legal advice; or otherwise for establishing, exercising or defending legal rights.
g) The processing is necessary for administering justice, or for exercising statutory or governmental functions.
h) The processing is necessary for medical purposes, and is undertaken by a health professional or by someone who is subject to an equivalent duty of confidentiality.
i) The processing is necessary for monitoring equality of opportunity, and is carried out with appropriate safeguards for the rights of individuals.
3.2 In addition to the above conditions – which are all set out in the GDPR itself – regulations set out several other conditions for processing special category data. Their effect is to permit the processing of special category data for a range of other purposes – typically those that are in the substantial public interest, and which must necessarily be carried out without the explicit consent of the individual.
3.3 Examples of such purposes include preventing or detecting crime and protecting the public against malpractice or maladministration