Privacy and data protection rights are very important to us at Digital Documents Ltd.
Digital Documents Ltd. is registered under the Data Protection Acts 1988 – 2018 (& EU GDPR) as a data processor and all personal data will be maintained in accordance with the obligations of that legislation.
Data Protection is the safeguarding of the privacy rights of individuals in relation to the processing of personal data, in both paper and electronic format. The Data Protection Acts 1988 to 2018 and EU GDPR (the “Data Protection Acts”) lay down strict rules about the way in which personal data and sensitive personal data are collected, accessed, used and disclosed. The Data Protection Acts also permit individuals to access their personal data on request, and confer on individuals the right to have their personal data amended if found to be incorrect.
This document outlines Digital Documents Ltd.’s policy to help ensure that we comply with the Data Protection Acts.
Purpose of this Policy
This policy is a statement of Digital Documents Ltd.’s commitment to protect the rights and privacy of individuals in accordance with the Data Protection Acts.
Collecting Information
We collect and use information for the following purposes:
To provide a full range of records management services, including storage, scanning, indexing, and hosting of records for our clients, who remain the controllers of the data which we process on their behalf.
To perform accounting and other record-keeping functions
To provide personnel, payroll and pension administration services
Data Protection Principles
We shall perform our responsibilities under the Data Protection Acts in accordance with the following eight Data Protection principles:
Obtain and process information fairly
We shall obtain and process personal data fairly and in accordance with statutory and other legal obligations.
Keep it only for one or more specified, explicit and lawful purposes
We shall keep personal data for purposes that are specific, lawful and clearly stated. Personal data will only be processed in a manner compatible with these purposes as defined in the company personal data usage matrix.
Use and disclose only in ways compatible with these purposes
We shall use and disclose personal data only in circumstances that are necessary for the purposes for which we collected the data.
Keep it safe and secure
We shall take appropriate security measures against unauthorised access to, or alteration, disclosure or destruction of personal data and against its accidental loss or destruction.
Keep it accurate, complete and up-to-date
We adopt procedures that ensure high levels of data accuracy, completeness and that data is up-to-date.
Ensure it is adequate, relevant and not excessive
We shall only hold personal data, that we control, to the extent that it is adequate, relevant and not excessive.
Retain for no longer than is necessary
We have a retention policy for personal data.
Give a copy of his/ her personal data to that individual, on request
We adopt procedures to ensure that data subjects can exercise their rights under the Data Protection legislation to access their data.
Responsibility
Overall responsibility for ensuring compliance with Data Protection Acts rests with Digital Documents Ltd. However, our responsibility varies depending upon whether we are acting as either a data controller or a data processor. All employees and contractors of Digital Documents Ltd. who separately collect, control or process the content and use of personal data are individually responsible for compliance with the Data Protection Acts. Generally, due to the nature of the services that we provide, when carrying out work for our customers we are acting in our capacity as data processors. Generally, we are only data controllers for the purpose of information that we collect in relation to our employees.
Review
This Data Protection Policy will be reviewed regularly by the management team in light of any legislative or other relevant developments.
