We follow the general principles of the GDPR when we collect and process your personal data. These are:
- Your data is accurate and, where necessary, kept up to date. We take every reasonable step to ensure that inaccurate data, having regard to the purposes for which they are processed, are erased or rectified without delay.
- The data we collect will be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (this is called ‘data minimisation’);
- We process personal data in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
- Data is encrypted at rest and stored in UK data centers only, backed up constantly.
- Your personal data will be processed lawfully, fairly and in a transparent manner in relation to you;
- Your data is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- Your data will be kept in a form which permits identification of you for no longer than is necessary for the purposes for which the personal data are processed.