DATA PROTECTION POLICY
ASSET WISDOM LIMITED
1.1 The purpose of this document is to confirm the current position of Asset Wisdom Ltd (AW) in relation to its’ obligations under the UK Data Protection Act and challenges of ensuring compliance with the privacy and data protection rules in countries where its’ clients are based. Asset Wisdom Ltd also have a GDPR Policy Statement in place.
2. CURRENT POSITION
2.1. Asset Wisdom Ltd collects personal data and is therefore a controller of that data. Asset Wisdom Ltd also holds data from and provided by third parties and is therefore a processor of data.
2.2. Asset Wisdom Ltd is registered with the Information Commissioners Office, registration number ZA061376, the company’s registered officer is June Lancaster, Operations Director.
2.3. AW has updated its’ data protection policy in line with legislation and will review on an annual basis.
3. RELEVANT INFORMATION
3.1. There are two clearly defined roles in data protection:
3.2. i) A data controller is a person, public authority, department or any other organisation who determines the purposes and means of the data processing, unless expressly designated by legislative or regulatory provisions relating to the data processing in question.
3.3. ii) A data processor is any person who processes personal data on behalf of the data controller.
3.4. Depending on the relationship with the client, Asset Wisdom Ltd will at times adopt both of these roles. It is important to note that if acting as the processor, it has an obligation to know that the controller is compliant with the legislation, this will potentially apply to a number of clients and will also apply to Kineo who host Asset Wisdom’s online learning portal.
3.5. The rules of compliance vary in all countries and in relation to some, within country. The majority of the guidance is covered or a slight variance on the UK Data Protection Act and the EU data regulations, the situation when working in some parts of the world is not so clear; an expression has been use of “they make it up as they go along depending on the potential gains”
4. DEVELOPING A ROBUST UNDERSTANDING AND COMPLIANCE POSITION
4.1. Significant research has been ongoing to try to understand Data Protection and privacy compliance in relation to the business of Asset Wisdom Ltd. It is clear, as expected, the subject is complex and described by lawyers as a “minefield”.
4.2. Using the IoD research services and legal helpline, a better picture is emerging, especially in relation to the French, USA and Canadian legislation.
4.3. The understanding from the IoD research it that Asset Wisdom Ltd, through its’ privacy and data protection policies comply with the majority of the requirements. Two aspects are important:
4.4. Each new contract will need to include reference to privacy and data protection, depending on geography it may be necessary to seek detailed legal advice.
4.5. It is not the policy that is important but acting within the constraints and the spirit of the policies.
4.6. Both policies will be reviewed on a yearly basis and/or when legislation changes that impact on the accuracy of the policies.
5. WHAT IS EXPECTED OF THE BOARD?
5.1. Ensure that the data protection and privacy policies have been read by all directors
5.2. All board members abide by the policies and prevent any breach of compliance wherever possible.
5.3. Provide assurance that should detailed legal counsel be required, this will be agreed.
APPENDIX 1 – DATA PROTECTION PROCESS
The information collected by Asset Wisdom Ltd is of a personal nature and includes:
ii. E-mail address
iii. telephone number iv. employer
Asset Wisdom do not hold any personal financial information for customers purchasing via WorldPay or PayPal and we abide by the anti-fraud legislation and are protected as part of our agreement with WorldPay.
As the Company progresses, the information collected by Asset Wisdom Ltd will be more extensive in relation to the individual’s personal and professional development activity. For the purposes of this policy, all information collected now and in future will be managed by Asset Wisdom Ltd in both the spirit and legal requirements of the data protection act.
In order to maintain data protection law and client confidentiality Asset Wisdom Ltd have the following processes in place:
1. Asset Wisdom Ltd will deal with and speak only to the company/individual purchasing the course(s).
2. Each company has the option to have a designated Administrator and requests should be put in writing to Asset Wisdom Ltd. If this option is used, Asset Wisdom Ltd will also disclose information to the Administrator.
3. The Administrator, once logged onto the LMS using their unique login and password, has ability to run reports on the progress of their delegates in a secure environment. The actions in relation to maintaining confidentiality by the administrator should be managed by the employing body and is not the responsibility of AW.
4. Asset Wisdom Ltd, including all employees and anyone else who, as a result of having access to personal and company data held by AW, will not release/share with anyone outside of AW any personal information collected as a result of business activity.
5. No Individual data collected as part of business activity will be shared with clients or partnering companies for any reason unless there is evidence of explicit permission of the Individual concerned.
6. Asset Wisdom has in place policies to ensure that data is protected. The Company designated Data protection Officer is: June Mary Lancaster, Director of Asset Wisdom Ltd. Contact details: firstname.lastname@example.org