Data protection policy
This is a statement of the data protection policy adopted by Transparent Trading Group Limited (“Transparent Trading”). The responsibility for the updating and distribution of this policy rests with Transparent Trading’s Information Protection Officer. Our policy is subject to periodic review to ensure that changes to the relevant legislation or the structure or internal of Transparent Trading are reflected in this policy. All directors and staff are expected to apply the policy and to seek advice or consultation as appropriate.
In the normal course of commercial Transparent Trading needs to collect and retain certain types of personal data (both public & non-public) from a variety of sources who Transparent Trading conducts business with. For the purpose of this these will be referred to as (“Data Subjects”). In addition, to ensure Transparent Trading complies with its regulatory obligations it may be required by law to collect and use certain types of information.
Personal Data means data which relates to a living individual who can be identified from that data or from that data combined with other information which is in the possession or is likely to come into the possession of, the data controller. The data controller for the purpose of this note is Transparent Trading.
All personal data must be dealt with correctly, however it is ascertained, recorded and used. This applies equally whether the data is held electronically, on paper or by other means.
In addition to any legal consideration, Transparent Trading believes the lawful and correct treatment of all personal data (non-public) is an essential step in building and maintaining confidence to everyone concerned including both staff, investors & business associates alike. With this we need to ensure that our company treats personal data in a lawful and correct manner.
- In processing will not be fair and lawful if the data subject has been deceived or misled as to the purpose or purposes for which their personal data will be processed. Transparent Trading ensure that certain information, known as “Fair Processing Information”, has been provided to the data subjects before processing takes place (i.e. on their data collection forms). This information must include the following:
- The identity of Transparent Trading as the data controller;
- The purpose(s) for which the data will be collected by and processed by Transparent Trading; and
- Any other information that is necessary to enable the particular processing to be fair (some of which are required by the other data protection principles as set out below). For example:
- The recipient or categories of recipient of the data including all those third parties that Transparent Trading disclose data to or who process data on Transparent Trading’s behalf (e.g. to financial and legal advisers, payroll and pensions processing companies, consultants working on Transparent Trading’s behalf and governmental authorities);
- Whether (or not) any of the intended recipients of the data are outside the EEA;
- Whether replies to questions asked by Transparent Trading are obligatory for justifiable operational reasons;
- The existence of the right of access to, and the right to rectify, the data;
- The use of the personal data for credit checking purposes;
- The use of the personal data for direct marketing purposes;
- The security measures implemented by Transparent Trading regarding the processing;
- Transparent Trading's policy on record retention (how long records are kept and any steps taken to ensure that records are accurate and kept up to date);
- Transparent Trading’s contact details;
- Explaining how consent, once given, can later be withdrawn etc.
- In addition to providing the Fair Processing Information, to ensure that all processing is fair and lawful Transparent Trading will also ensure that the processing in question can be justified under certain conditions set out under the Act. This means that at least one of the following, what known as “Fair Processing Conditions” must be met:
- The data subject has given freely given specific and informed consent to the processing;
- The processing is necessary for the performance of a contract to which the data subject is a party, or for the taking of steps at the request of the data subject with a view to entering into a contract;
- The processing is necessary for compliance with any legal obligation to which the Transparent Trading is subject, other than an obligation imposed by contract;
- The processing is necessary in order to protect the vital interests of the data subject; or
- The processing is necessary (a) for the administration of justice, (b) for the exercise of any functions conferred on any person by or under any enactment, (c) for the exercise of any functions of the Crown, a Minister of the Crown or a government department, or (d) for the exercise of any other functions of a public nature exercised in the public interest by any person.
- In the case of ‘sensitive’ personal data (i.e. personal data concerning a Data Subject’s racial or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health or condition (which will include employee’s health records), sexual life or the commission or alleged commission of any offense or proceedings for any actual or alleged offense, the disposal of such proceedings or the sentence of any court in such proceedings) this may only be collected stored, used, disclosed or otherwise processed if, in addition to the requirements set out above one of the following conditions is met:
- The data subject concerned has given Transparent Trading specific written consent to process the personal data;
- Transparent Trading needs to process the personal data to carry out its obligations under national employment law;
- Transparent Trading needs to process the personal data to protect the individual (or another person) where that individual is physically or legally incapable of giving his consent (e.g. where an individual has been involved in a road accident or develops a health condition); or
- The processing relates to personal data which has been made public by the individual concerned or is necessary for legal claims.
Personal data shall be obtained only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes
- Transparent Trading has set up internal procedures to identify the collection points of data (e.g. websites, application forms, emails, CCTV, application forms etc.), the nature of the data collected and the purposes for which such data is processed.
- Transparent Trading will give data subjects the Fair Processing Information when data is collected or obtained.
- Transparent Trading will ensure that personal data is not used for reasons not set out in the Fair Processing Information without ensuring that one of the Fair Processing Conditions is met.
Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which it is processed
In order to process data in a way which is compatible with the purposes for which it is processed Transparent Trading will, for example:
- Periodically review data collection procedures to ensure that they are adequate, relevant and not excessive in relation to the purpose for which data is going to be processed;
- Review requests for personal data, to ensure that all data which is supplied is necessary or whether it can be destroyed;
- Periodically review personal data held in manual filing systems and computerized filing systems to ensure that Transparent Trading is holding no more than the minimum of data required for the purpose for which the data was collected; and
- Ensure that if employees are allowed to enter free text onto records, training is given to them to ensure its relevance.
Personal data shall be accurate and, where necessary, kept up to date
Transparent Trading will check that personal data is accurate, complete and current by, for example:
- Keeping a record of the dates on which personal data is created and/or obtained both manually and electronically;
- Assessing the accuracy of the personal data at the time of collection when it comes from sources other than the data subject concerned and, in any case, reviewing the accuracy of personal data before it is entered into any filing systems;
- Ensuring that where personal data is duplicated and held separately (e.g. at or in a different department) any updates or amendments are communicated to all holders of the personal data and that the personal data is updated/amended accordingly; and
- Checking personal data periodically to ensure that it is accurate and up to date and to evaluate the degree of damage to the data subject (and Transparent Trading) which could be caused through inaccurate or out of date personal data being held. This could be done by putting a procedure in place which provides that when a record is accessed, the individual accessing the file has to sign off that they have briefly reviewed the entire file and removed/amended any inaccurate personal data.
Personal data processed for any purpose or purposes shall not be kept for longer than necessary for that purpose or those purposes
Transparent Trading will comply with this principle by, for example:
- Reviewing personal data periodically to determine whether retention is justifiably necessary for legitimate business purposes or whether the personal data can be archived or destroyed; and
- Ascertaining whether such personal data could be retained in an anonymous format (e.g. if kept only for historical or statistical purposes).
- Determining the integrity of the personal data used and ensuring that records are not maintained for longer than is necessary.
Personal data shall be processed in accordance with the rights of data subjects under the Act
Transparent Trading will inform data subjects of:
- The obligatory or optional nature of the personal data requested (e.g. optional fields could be marked with a star which indicates that such personal data may be used for future marketing activities; and
- Data Subjects can contact Transparent Trading with any enquiries or complaints about the processing of personal data and the choices and the means offered by Transparent Trading for limiting the use and disclosure of personal data.
Transparent Trading has also established suitable procedures to enable an individual to find out whether personal data (of which that individual is the data subject) is being processed by or on behalf of Transparent Trading and if so what such personal data comprises. Such a request by an individual must be in writing and Transparent Trading may be entitled to charge a small fee for responding to such requests. Transparent Trading has trained staff to recognize subject access requests from data subjects and to respond to these in accordance with the DPA and particularly in accordance with the statutory time limits.
Where Transparent Trading obtains personal data about an individual from a third party (e.g. from a marketing company) Transparent Trading will inform the data subject as soon as practicable that it is holding the personal data and set out the purposes for which such personal data will be held. This will not, however, be necessary where the third party has already informed the data subject that their personal data will be passed to Transparent Trading and identified these purposes.
Transparent Trading will obtain specific written consent from data subjects to use their personal data for non-obvious purposes such as for direct marketing at the time data subjects are first asked to provide personal data (or as soon after as is practicable) i.e. through a data protection notice on data collection forms (e.g. on website registration forms, application forms etc).
Transparent Trading will inform data subjects if it intends to use their personal data for a purpose which is different from those for which the personal data was originally collected or where it intends to disclose personal data to a third party who has not previously been authorized by the individual concerned.
Transparent Trading will ensure the rights granted to the people about whom personal data is held are upheld, including such issues as their right to be informed that processing is being undertaken, their rights to access such personal data, and their rights to correct or have deleted personal data that is determined as wrong personal data.
Appropriate technical and organizational measures shall be taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data
In order to protect personal data stored by Transparent Trading from being lost, misused, accessed without authorization, disclosed, altered or destroyed, Transparent Trading will, for example:
- Ensure that all necessary technical & structural security measures are undertaken to safeguard personal data;
- Promote awareness of data security among employees and where possible, conduct training in security responsibilities and issues;
- Only individuals to access personal data where they have a business need to do so, where they are reliable and where they have the appropriate knowledge to make decisions concerning how it should be handled (i.e. carry out background checks and conduct training to ensure that individuals understand their responsibilities, particularly surrounding confidential information and special categories of data). Transparent Trading will also segregate employee duties to ensure that responsibility for sensitive tasks is appropriately controlled;
- Monitor access to personal data to prevent violations, intentional or accidental damage or disclosure;
- Identify potential security risks and exposures within the company and implement appropriate security measures to counter those risks (e.g. Transparent Trading will (i) only give employees access to personal data where they are authorized and have a legitimate business need to do so; (ii) create a system of secure cabinets within locked rooms; (iii) maintain a clear desk policy; and (iv) where possible use partition screens in open plan areas);
- Ensure that where personal data is taken off-site (e.g. on laptop computers or hard copy files), only necessary personal data is taken and that training is given on security rules which employees must follow (e.g. ensuring the personal data is not left in an unlocked car or unattended in a place where it could be viewed by others etc);
- Ensure that: (i) computer servers are set up to optimize security; (ii) all systems passwords/ authorization levels etc. are periodically reviewed to ensure that they are assigned to appropriate staff; (iii) where possible, audit trail capabilities of automated systems are used to track who accesses and amends personal data; and (iv) account is taken of the risks of transmitting confidential information by fax, by e-mail or via the internet;
- Implement procedures to stop all employees whose employment has been terminated or transferred and any third parties (e.g. contractors) who are no longer used, from accessing systems used to process personal data; and
- Ensure that where the processing of personal data is carried out by a data processor on Transparent Trading’s behalf it chooses a data processor providing sufficient guarantees in respect of the technical and organizational security measures governing that processing and takes reasonable steps to ensure compliance with those measures. Such processing must be carried out under a written contract with appropriate obligations as required under the Act, for example, ensuring that the data processor is to act only on the instructions of Transparent Trading.
Personal data shall not be transferred to a country or territory outside the European Economic unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data
Transparent Trading will ensure that the transfer of personal data abroad is only done once suitable safeguards have been made.
This will be where either one or several of the following conditions ;
- The data subject has given specific consent
- by using binding Corporate Rules which are aimed at multinational organizations.
The information protection officer can be contacted by writing to Transparent Trading Group Limited, 90 Main Street, P.O. Box 3099, Road Town, Tortola or via email at firstname.lastname@example.org Please note that due to potential sensitivity of personal data we cannot process enquires in the first instance by telephone.
Copyright © 2017 Transparent Trading Group Limited. All rights reserved. Transparent Trading and the Transparent Trading logo are registered trademarks or trademarks of Transparent Trading Group Limited.