Data Protection Policy
Purpose of this policy
This policy is a statement of CQR Company’s commitment to protect the rights and privacy
of individuals in accordance with the Data Protection Acts.
Individuals’ Responsibilities
Any staff member of CQR Company who is involved in the collection, storage or processing
of personal data has responsibilities under the legislation:.
Any staff member involved in the processing/storing of personal data should make sure;
• to obtain and process personal data fairly.
• to keep such data only for explicit and lawful purposes.
• to disclose such data only in ways compatible with these purposes
• to keep such data safe and secure.
• to keep such data accurate, complete and up-to-date.
• to ensure that such data is adequate, relevant and not excessive.
• to retain such data for no longer than is necessary for the explicit purpose.
Any data access requests received should be forwarded immediately to the Manager,
Compliance & Information Management.
Individual Rights
The individuals for whom CQR Company stores personal data have the following rights:
• to have their personal data obtained and processed fairly
• to have personal data kept securely and not illegitimately disclosed to others.
• to be informed of the identity of the Data Controller and of the purpose for which the
information is held.
• to get a copy of their personal data.
• to have their personal data corrected or deleted if inaccurate.
• to prevent their personal data from being used for certain purposes: for example, one
might want to have the data blocked for research purposes where it is held for other
purposes.
• under Employment Rights, not to be forced to disclose information to a prospective
employer. No one can force another person to make an access request, or reveal the results
of an access request, as a condition of recruitment, employment or provision of a service.
Where vetting for employment purposes is necessary, this can be facilitated where the
individual gives consent to the data controller to release personal data to a third party.
• It should be noted that under the Freedom of Information Act 2014, records containing
personal information may be released to a third party, where the public interest so requires.
Principles of the Acts
CQR Company will administer its responsibilities under the legislation in accordance with the
eight stated data protection principles outlined in the Act as follows:
Obtain and process information fairly.
CQR Company will obtain and process personal data fairly and in accordance with the
fulfilment of its functions.
Keep data only for one or more specified, explicit and lawful purposes.
CQR Company will keep data for purposes that are specific, lawful and clearly stated and
the data will only be processed in a manner compatible with these purposes.
Use and disclose data only in ways compatible with these purposes.
CQR Company will only disclose personal data that is necessary for the purpose/s or
compatible with the purpose/s for which it collects and keeps the data.
Keep data safe and secure.
CQR Company will take appropriate security measures against unauthorised access
to, or alteration, disclosure or destruction of, the data and against their accidental loss or
destruction. CQR Company is aware that high standards of security are essential for all
personal data.
Keep data accurate, complete and up-to-date.
CQR Company will have procedures that are adequate to ensure high levels of data
accuracy. CQR Company will examine the general requirement to keep personal data
up-to-date. CQR Company will put in place appropriate procedures to assist staff in keeping
data up-to-date.
Ensure that data are adequate, relevant and not excessive.
Personal data held by CQR Company will be adequate, relevant and not excessive in
relation to the purpose/s for which it is kept.
Retain data for no longer than is necessary for the purpose or purposes for which they are
kept.
CQR Company will have a policy on retention periods for personal data.
Give a copy of his/her personal data to that individual, on request
CQR Company will have procedures in place to ensure that data subjects can exercise their
rights under the Data Protection legislation.
Roles/Responsibilities of CQR Company
CQR Company has overall responsibility for ensuring compliance with the Data Protection
legislation. However, all employees of CQR Company who collect and/or control the
contents and use of personal data are also responsible for compliance with the Data
Protection legislation. CQR Company will provide support, assistance, advice and training to
all relevant Departments, Offices and staff to ensure it is in a position to comply with the
legislation.
CQR Company is registered as a Data Controller in compliance the Act and the following
roles are included in the registration,
Contact Person: Manager, Compliance & Information Management
Compliance Person: Manager, Compliance & Information Management
Procedures and Guidelines
This policy supports the provision of a structure to assist in CQR Company’s compliance with
the Data Protection legislation, including the provision of best practice guidelines and
procedures in relation to all aspects of Data Protection.
Review
This Policy will be reviewed regularly in light of any legislative or other relevant indicators.