Our Data Protection Policy is achieved by a stringent set of controls, including policies, processes, procedures and software and hardware functions. These controls are monitored, reviewed and improved to ensure that specific data protection, security and business objectives are met. This is operated in conjunction with other business management processes, and incorporates the applicable statutory, regulatory and contractual requirements.
In particular, Corrotherm are committed to compliance with data protection requirements and good practice to include:
- Processing personal information only where this is strictly necessary for legal and regulatory purposes, or for legitimate organisational purposes;
- Processing only the minimum personal information required for these purposes;
- Providing clear information to natural persons (including children) about how their personal information can be used and by whom;
- Only processing relevant and adequate personal information;
- Processing personal information fairly and lawfully;
- Maintaining a documented inventory of the categories of personal information processed by the organisation;
- Keeping personal information accurate and, where necessary, up-to-date;
- Retaining personal information only for as long as is necessary for legal or regulatory reasons or for legitimate organisational purposes and ensuring timely and appropriate disposal;
- Respecting natural persons’ rights in relation to their personal information;
- Keeping all personal information secure;
- Only transferring personal information outside the UK in circumstances where it can be adequately protected;
- Enabling the data protection policy to be implemented;
- Where appropriate, identifying internal and external interested parties and the degree to which they are involved in the governance of the organisation;
- Identify workers with specific responsibility and accountability;
- Maintain records of processing of personal information.
Our Data Protection Policy Awareness Program is incorporated in our staff induction and training program. The Data Protection policy is readily accessible internally and presented to existing and prospective clients. In addition to employees; suppliers, contractors and sub-contractors of Corrotherm are expected to adhere to our Data Protection Policy.
Corrotherm are committed to continual improvement and all employees are empowered to take responsibility for data protection, with a robust process for identifying and reporting data breaches in place and subject to regular review.
Through compliance to applicable statutory, regulatory and contractual requirements, and the requirements of the General Data Protection Regulations (GDPR) for the Protection of Personal Information, Corrotherm will demonstrate confidence, integrity and credibility both internally and externally.