Data Protection and Data Security Policy – May 2018
Statement of policy and purpose of policy
Anakwue Way LTD is committed to ensuring that all personal information handled by us will be processed accordingly to legally compliant standards of data protection and data security.
The purpose of this policy is to help us achieve our data protection and data security aims by:
- Notifying our clients of the types of personal information that we may hold about them and what we do with that information.
- Ensuring that we are transparent about the information we hold and what we will do with it.
- Ensuring our clients understand us.
This is a statement of policy which we may amend at any time but you will be notified of any changes.
Categories of data we collect
We may collect and process the following categories of information about you:
Your name and surname and your contact details
(email address, telephone number and postal address)
When you request to be on our mailing list
When you purchase any products or services from us
When you take part in our competitions, or
When you choose an offer we make available on our website
When you include other people’s information for example by referring them to us or information about children in your care.
Information about your transaction, including your payment card details
When you purchase our products or services
When you purchase such products or services
When you pre-order these products.
The communications you exchange with us (for example, your emails, letters, calls, or your messages on our online chats)
When you contact us or you are contacted by us
Your posts and messages on social media directed to Anakwue Way
When you interact with us on social media
When you reply to our requests for feedback or participate in our customer surveys
Information that relates to your memberships (for example with courses or workshops that we run)
When you obtain, renew or cancel your memberships
Who is responsible for data protection and data security?
Maintaining appropriate standards of data protection and data security is a team effort shared between all that work or volunteer within the company irrespective of seniority, tenure and length of service.
The Director has overall responsibility for ensuring that all personal information is handled in compliance with the law. The Director has been appointed as the Data Protection Officer with day to say responsibility for date processing and data security.
Sensitive personal data
In the course of providing services to you, we may collect information that could reveal your racial or ethnic origin, physical or mental health, religious beliefs or alleged commission or conviction of criminal offences. Such information is considered “sensitive personal data” under the UK Data Protection Act 1998 and other data protection laws. We only collect this information where you have given your explicit consent, it is necessary, or you have deliberately made it public.
For example, we may collect this information in the following circumstances:
For your safety, when you have a specific medical condition, you will need to inform us of that and –where required – provide us with a medical certificate. This will be in the course of our dealings with you to enable us to provide adequate assistance and support.
If you do not allow us to process any sensitive personal data, this may mean we are unable to provide all or parts of the services you have requested from us.
This policy covers personal information:
a which relates to a living individual who can be identified either from that information in isolation or by reading it together with other information we possess;
b. is stored electronically or on paper in a filing system;
c.i n the form of statements of opinion as well as facts;
d. which relates to any other individual whose personal information we handle or control;
e. Which we obtain, hold or store, organise, disclose or transfer, amend, retrieve, use, handle, process, transport or destroy.
We will have special protection for children’s personal data particularly in relation to internet services such as social networking. We will only collect information about children in your care with your consent. We will require a parent or guardian’s consent in order to process a child’s personal data lawfully. The law sets the age when a child can give their consent to this processing at 16 (although this may be lowered to a minimum of 13 in the UK). Where a child in the UK is younger than 13, we will need to obtain consent from a person with parental responsibility.
What personal information do we process and what do we do with it?
We collect personal information about you which you provided to us.
We may also collect Information about you which is in the public domain.
How and why we use your personal data
We use your personal data for the following purposes:
To communicate with you and manage our relationship with you
Occasionally we may need to contact you by email and/or SMS for administrative or operational reasons, for example in order to send you information about a course you are interested in or have booked, provide a date upon which we will respond to your query.
We will also use your personal data if we contact you after you have sent us a request, filled in a web-form through our website or contacted us on social media.
Your opinion is very important to us, so we may send you an email or SMS to seek your feedback.
We will use the information you exchange with us and the feedback you may provide in order to manage our relationship with you as our customer and to improve our services and experiences for customers.
To personalise and improve your customer experience
We may use your personal data in order to tailor our services to your needs and preferences and to provide you with a personalised customer experience.
To inform you about news and offers that you may like
Security of your personal data
We are committed to taking appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage to personal data.
We may in some instances disclose your personal data to third parties. Where Anakwue Way Ltd discloses your personal data to a third party, we require that third party to have appropriate technical and organisational measures in place to protect your personal data; however in some instances we may be compelled by law to disclose your personal data to a third party, such as the police or local authority and have limited control over how it is protected by that party.
Requesting access to your personal data
You have a right to request access to the personal data that we hold about you.
If you would like to request a copy of your personal data and or have any questions in relation to your personal data, please send an email to firstname.lastname@example.org with your request.