DATA PROTECTION POLICY
Dream Designs NI receives, uses, and stores personal information about our customers and suppliers. It is important that this information is handled lawfully and appropriately, with due consideration for the requirements of the General Data Protection Regulations. We take our Data Protection duties seriously, because we respect the trust that is being placed in us to use personal information appropriately and responsibly.
This Policy, and any other documents referred to in it, sets out the basis on which we will process any personal data. Any questions about the operation of this Policy, or any concerns that the Policy has not been followed, should be referred in the first instance to the founder of Dream Designs NI, Mr Nial Bell.
Personal Data means data (whether stored electronically or in hard copy) that relates a living individual who can be identified directly or indirectly from that data.
Data Processing is any activity that involves the use of personal data, including: obtaining, recording, holding, organising, amending, retrieving, using, disclosing, erasing, or destroying the data.
When we process Personal Data, we ensure that it is:
a. Processed fairly, lawfully, and in a transparent manner.
b. Collected for specified, explicit, and legitimate purposes, and that any further processing is limited to compatible purposes.
c. Adequate, relevant, and limited to what is necessary for the intended purposes.
d. Accurate, and where necessary, kept up-to-date.
e. Kept for no longer than necessary for the intended purposes.
f. Processed in-line with the individual’s rights, and in a manner that ensures appropriate security including
protection against: unauthorised access, unlawful processing, accidental loss, destruction, or damage,
using appropriate technical or organisational protection measures.
g. Not transferred to third parties, or to people or organisations situated in countries without adequate
protection, without firstly having advised the individual.
In accordance with the General Data Protection Regulations, we only process Personal Data where a lawful basis applies. The lawful bases are: where the individual has given their consent, where the processing is necessary for the performance of a contract, for compliance with a legal obligation, for the legitimate interest of the business, for a vital interest, or for the performance of a public task.
In the course of our business, we may collect and process Personal Data. This may include data we receive directly from a Data Subject (for example, by completing forms or by corresponding with us by mail, telephone, email, or otherwise) and Personal Data we receive from other sources (for example, location data, data from business partners or sub-contractors, and credit reference agencies, etc.).
We process all Personal Data in-line with Data Subjects’ rights, in particular their right to:
a. Confirmation as to whether or not their Personal Data is being processed.
b. Request access to any data we hold about them.
c. Request rectification, erasure, or restriction on the processing of their Personal Data.
d. Lodge a complaint with a supervisory authority.
e. Data portability.
f. Object to processing, including for direct marketing purposes.
g. Not be subject to automated decision making, including profiling in certain circumstances.
We take appropriate security measures to protect Personal Data from unauthorised access, unlawful processing, accidental loss or destruction, alteration, and unauthorised disclosure. This includes appropriate procedures and technologies to maintain the confidentiality, integrity, and availability of the data:
a. Confidentiality means that only people who are authorised to use the data can access it.
b. Integrity means that Personal Data is accurate and suitable for the purpose for which it is processed.
c. Availability means that authorised users are able to access the data if they need it for authorised purposes. Personal Data will therefore be stored on Dream Designs NI’s central computer system.
Our protection methods include:
a. Passwords – all hardware is appropriately password protected to prevent unauthorised access.
b. Secure and lockable desks and cupboards – desks and cupboards containing Personal Data are kept locked at all times, with access restricted to authorised users.
c. Minimisation – only data that the business has a legitimate interest in retaining is maintained. All other data deemed no longer necessary is securely deleted or destroyed.
d. Disposal – hard copy documents are shredded or destroyed. Digital storage devices are physically destroyed when they are no longer required.
e. Restriction – we do not share Personal Data with any third parties without the Data Subject’s consent.
Subject Access Requests
Individuals must make a formal request, in writing, to obtain a copy of the information we hold about them. Where a request is made electronically, data will be provided electronically, where possible. We will make every effort to check the identity of the individual before releasing information. Subject Access Requests may be sent to: 2 Woodstock Link, Belfast, BT6 8DD, or alternatively to firstname.lastname@example.org.
We reserve the right to change this Policy at any time. Where appropriate, we will notify individuals of changes by mail or email.