Quality Assurance Manual - Flipbook - Page 31
Quality Assurance Manual
Data management policy
iPowerboat Ltd needs to gather and use certain information about individuals. These can include
customers, suppliers, business contacts, employees and other people the organisation has a
relationship with or may need to contact. Please see our Data Management Guidelines Policy for
further information on our obligations and compliance.
This policy describes how this personal data must be collected, handled and stored to meet the
company’s data protection standards — and to comply with the law.
This data protection policy ensures iPowerboat Ltd:
Complies with data protection law and follow good practice;
Protects the rights of staff, customers and partners;
Is open about how it stores and processes individuals’ data;
Protects itself from the risks of a data breach Data protection law.
The Data Protection Act 2018 describes how organisations - including iPowerboat Ltd must collect,
handle and store personal information. These rules apply regardless of whether data is stored
electronically, on paper or on other materials. To comply with the law, personal information must be
collected and used fairly, stored safely and not disclosed unlawfully. These rules are documented in
the iPowerboat Ltd Data Management Guidelines.
The General Data Protection Regulation (GDPR) applies in the UK and across the EU from May 2018.
It requires personal data shall be:
Processed lawfully, fairly and in a transparent manner in relation to individuals
Collected for specified, explicit and legitimate purposes and not further processed in a
manner that is incompatible with those purposes; further processing for archiving purposes
in the public interest, scientific or historical research or statistical purposes shall not be
considered to be incompatible with the initial purposes
Adequate, relevant and limited to what is necessary in relation to the purposes for which
they are processed
Accurate and, where necessary, kept up to date; every reasonable step must be taken to
ensure that personal data that are inaccurate, having regard to the purposes for which they
are processed, are erased or rectified without delay
Kept in a form which permits identification of data subjects for no longer than is necessary
for the purposes for which the personal data are processed, personal data may be stored for
longer periods insofar as the personal data will processed solely for archiving purposes in the
public interest, scientific or historical research purposes or statistical purposes subject to
implementation of the appropriate technical and organisational measures required by GDPR
in order to safeguard the rights and freedoms of individuals.
Processed in a manner that ensures appropriate security of personal data, including
protection against unauthorised or unlawful processing and against accidental loss,
destruction or damage, using appropriate technical or organisational measures.
The controller shall be responsible for, and be able to demonstrate, compliance with the
principles.
Compliance to the above policy includes:
iPowerboat Ltd;
All staff and volunteers of iPowerboat Ltd;
Page 31 of 34
22/05/2021
Quality Assurance Manual
© Copyright iPowerboat Ltd 2021
Version_Final_Draft_0.2