All staff have been made aware of the Data Protection Act and GDPR and the seriousness with which FA views its duty under this legislation.
The purpose of this declaration is to state that all Forensic Analytics staff members have been made aware of the Data Protection Act (DPA) and the General Data Protection Regulation (GDPR) and the seriousness with which Forensic Analytics views its responsibilities under this legislation.
Forensic Analytics operate a clear data privacy policy outlining directive, requirement and stance with regard to compliance with the legislation and in safeguarding personal data.
Forensic Analytics staff members, contractors and any other interested parties including customers.
Forensic Analytics will only use personal information to administer duties on a lawful basis and will not share or provide personal information to a third party without appropriate consent.
This Policy aims to ensure compliance with the DPA (inclusive of GDPR) and all personal data shall be:
Processed fairly and lawfully.
Obtained and processed for specific lawful purposes.
Adequate, relevant and not excessive.
Accurate and kept up to date.
Retained for no longer than necessary.
Processed in accordance with rights of data subjects.
Processed and held in a secure manner.
Not transferred outside the European Economic Area (EEA) unless there is adequate protection.
Forensic Analytics fully supports and complies with the main data protection principles and in line with Article 5 of the GDPR has process in the place to ensure that personal data shall be:
a. Processed lawfully, fairly and in a transparent manner in relation to individuals.
b. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes.
c. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
d. Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed are erased or rectified without delay.
e. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required in order to safeguard the rights and freedoms of individuals.
f. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage using appropriate technical or organisational measures.
This Data Privacy Declaration is authorised by Martin Hanly, Chief Risk & Compliance Officer, Forensic Analytics and is subject to regular review to ensure that it remains fit for purpose.
Qualio POL-33 V3.0
Name: Martin Hanly
Role: Quality and Compliance Director