Data Protection policy
Northern Fires & Stoves is committed to protecting the rights and privacy of individuals in accordance with the Data Protection Act 1998 (UK). Northern Fires & Stoves processes information (know as ‘data’ within the law) about its customers, other individuals and organisations for a range of business purposes. To comply with the law, data about individuals is collected and used fairly, stored safely and not disclosed to any third party unlawfully.
All “processing” of personal data (includes collection, holding, retention, destruction and use of personal data) is governed by the Data Protection Act 1998. The Act applies to all personal data – whether held on a computer or similar automatic system or whether held as part of a manual file. Personal data is defined as information relating to an identifiable living individual and can be held in any format, electronic (including websites and emails), paper-based, photographic etc. from which the individual’s information can be readily extracted.
It is an offence to process personal data except in strict accordance with the eight principles of data protection and rights of data subjects.
Further information on the Data Protection Act can be found at http://www.dataprotection.gov.uk/.
In you have any questions, contact Northern Fires & Stoves at firstname.lastname@example.org or on 01463-236-093.
Eight Data Protection Principles
- Data should be processed fairly and lawfully.
- Data should be obtained for one or more specified lawful purposes.
- Data shall be adequate, relevant and not excessive.
- Data shall be accurate and where necessary kept up to date.
- Data is not kept longer than is necessary for its purpose.
- Data shall be processed in accordance with subject rights under the Act.
- Appropriate technical and organisational measures shall be taken against unauthorised/unlawful processing, loss, destruction, damage to personal data.
- Data shall not be transferred outside EEA unless that country/territory ensures adequate level of protection for rights and freedoms of data subjects in relation to the processing of personal data.
Data Subject Rights
- To make subject access requests regarding the nature of information held and to whom it has been disclosed.
- To prevent processing likely to cause damage or distress
- To prevent processing for purposes of direct marketing
- To be informed about mechanics of automated decision taking process that will significantly affect them
- Not to have significant decisions that will affect them taken solely by automated process
- To take action for compensation if they suffer damage by any contravention of the Act
- To take action to rectify, block, erase or destroy inaccurate data
- To request the Commissioner to assess whether any provision of the Act has been contravened.