Privacy Policy
Data Protection Principles
HHF TRAINING LTD is dedicated to handling data following its obligations under the General Data Protection Regulation (GDPR). In adherence to Article 5 of the GDPR, personal data must be:
- Processed in a lawful, fair, and transparent manner concerning individuals.
- Collected for specific, explicit, and legitimate purposes, avoiding incompatible further processing.
- Adequate, relevant, and limited to what is necessary for the intended purposes.
- Accurate and regularly updated; inaccurate data should be promptly rectified or erased.
- Retained only for the duration necessary for processing purposes, with provisions for extended storage for archival, public interest, or research purposes, ensuring compliance with GDPR safeguards.
- Processed securely, employing appropriate technical or organizational measures to prevent unauthorized processing, accidental loss, destruction, or damage.
General Provisions
- This policy encompasses all personal data processed by HHF TRAINING LTD.
- The Responsible Person assumes responsibility for HHF TRAINING LTD’s ongoing compliance with this policy.
- Periodic reviews of this policy are mandated at least annually.
- HHF TRAINING LTD will register with the Information Commissioner’s Office as a personal data processing organization
Privacy Policy
- To guarantee lawful, fair, and transparent data processing, HHF TRAINING LTD will maintain a Register of Systems.
- The Register of Systems will undergo an annual review.
- Individuals possess the right to access their Personal Data, and HHF TRAINING LTD will handle requests promptly.
Lawful Purposes
- All data processing by HHF TRAINING LTD must align with lawful bases such as consent, contract, legal obligation, vital interests, public task, or legitimate interests.
- The appropriate lawful basis will be documented in the Register of Systems.
- For consent-based processing, evidence of opt-in consent will be retained with the personal data.
- Systems will allow individuals to easily revoke consent, with accurate reflection in HHF TRAINING LTD’s systems.
Data Minimization
Personal data processed by HHF TRAINING LTD will be adequate, relevant, and limited to the necessary extent for the intended purposes.
Accuracy
HHF TRAINING LTD commits to maintaining accurate personal data, with steps taken to ensure data currency when necessary.
Archiving / Removal
- An archiving policy for each data processing area will be established and reviewed annually, and retention duration and reasons for data preservation will be considered.
- The policy will determine which data should/must be retained.
Security
- Personal data will be stored securely using updated software.
- Access to personal data will be restricted to personnel requiring Access, with adequate security measures to prevent unauthorized sharing.
- Secure deletion procedures will be implemented for irrecoverable data removal.
- Appropriate backup and disaster recovery solutions will be in place.
Breach
If a security breach compromises personal data, HHF TRAINING LTD will promptly assess the risk and, if necessary, report the breach to the ICO following their guidelines.
Approval
The management of HHF Training LTD approves this Quality Assurance Review Policy, effective from the 1st of January 2024.