Data Protection Policy

4. Data protection principles

4.1 Anyone processing personal data must comply with the six data protection principles set out in the GDPR. We are required to comply with these principles (summarized below), and show that we comply, in respect of any personal data that we deal with as a data controller.


4.2 Personal data should be:

  • (a) processed fairly, lawfully and transparently;
  • (b) collected for specified, explicit and legitimate purposes and not further processed in a way which is incompatible with those purposes;
  • (c) adequate, relevant and limited to what is necessary for the purpose for which it is held;
  • (d) accurate and, where necessary, kept up to date;
  • (e) not kept longer than necessary; and
  • (f) processed in a manner that ensures appropriate security of the personal data.