Data Protection Policy

Foster & Scott Data Protection Policy

1. Introduction

Foster & Scott (hereafter referred to as “the Company”) is committed to safeguarding the personal data of its employees, clients, and partners. This Data Protection Policy outlines our approach to ensuring that personal data is handled and processed in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and any other relevant legislation.

2. Scope

This policy applies to all employees, contractors, and third-party service providers who process personal data on behalf of the Company. It covers all personal data, in any format, including electronic and paper records.

3. Definitions

Personal Data: Any information relating to an identified or identifiable natural person.
Data Subject: An individual whose personal data is processed.
Processing: Any operation or set of operations performed on personal data, whether or not by automated means.
Controller: The entity that determines the purposes and means of processing personal data.
Processor: The entity that processes personal data on behalf of the controller.

4. Data Protection Principles

The Company adheres to the following principles when processing personal data:

4.1 Lawfulness, Fairness, and Transparency

Personal data shall be processed lawfully, fairly, and in a transparent manner in relation to the data subject.

4.2 Purpose Limitation

Personal data shall be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

4.3 Data Minimisation

Personal data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.

4.4 Accuracy

Personal data shall be accurate and, where necessary, kept up to date. Inaccurate personal data shall be erased or rectified without delay.

4.5 Storage Limitation

Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

4.6 Integrity and Confidentiality

Personal data shall be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing, accidental loss, destruction, or damage.

5. Data Subject Rights

The Company respects and facilitates the rights of data subjects, including:

5.1 Right to Access

Data subjects have the right to access their personal data and obtain information about how it is being processed.

5.2 Right to Rectification

Data subjects have the right to have inaccurate personal data corrected or completed if it is incomplete.

5.3 Right to Erasure

Data subjects have the right to request the deletion of their personal data, subject to certain conditions.

5.4 Right to Restriction of Processing

Data subjects have the right to request the restriction of processing of their personal data under certain circumstances.

5.5 Right to Data Portability

Data subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format and transmit it to another controller.

5.6 Right to Object

Data subjects have the right to object to the processing of their personal data based on legitimate interests or direct marketing purposes.

5.7 Right to Withdraw Consent

Data subjects have the right to withdraw their consent at any time where processing is based on consent.

6. Data Security

The Company implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

Encryption of personal data
Regular security assessments and audits
Access controls to limit access to personal data
Procedures for data breach detection, investigation, and reporting

7. Data Breach Management

In the event of a data breach, the Company will:

Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, if the breach is likely to result in a risk to the rights and freedoms of individuals.
Communicate the breach to affected data subjects without undue delay, where the breach is likely to result in a high risk to their rights and freedoms.
Document all data breaches, including the facts relating to the breach, its effects, and the remedial actions taken.

8. Third-Party Processors

The Company will ensure that any third-party processors engaged to process personal data on its behalf are compliant with data protection laws and provide sufficient guarantees to implement appropriate technical and organisational measures.

9. Training and Awareness

The Company will provide regular training and awareness programmes for employees and contractors to ensure they understand their data protection responsibilities.

10. Review and Updates

This policy will be reviewed annually and updated as necessary to reflect changes in legislation, regulatory guidance, or Company practices.

11. Contact Information

For any questions or concerns regarding this Data Protection Policy, please contact:

Data Protection Officer Foster & Scott, Sheffield Business Centre, Europa Court, Sheffield, S91XZ. [email protected], Tel: 0114 261 8661

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Marketing

Websites

Branding

Data Protection Policy

Let’s get the conversation started!