Company

Company

Code of Conduct

Ensus UK Ltd - Policy on Data Protection

The primary purpose of current data protection legislation is to protect individuals against possible misuse of information about them held by others. This is a very important responsibility and Ensus UK Ltd, are committed to have in place policies and procedures that protect individuals personal data and to ensure that all members of staff are aware of the requirements of the General Data Protection Regulations 2018 (“GDPR”) in relation to their individual responsibilities.
The GDPR covers personal data whether held on computer or in certain manual files.
Ensus UK Ltd is obliged to abide by the data protection regulations. These Data Protection principles require that personal data shall:
  • be processed lawfully, fairly and in a transparent manner in relation to the data subject;
  • be collected for specified, explicit and legitimate purposes and not processed in a manner that is incompatible with those purposes;
  • be adequate, relevant and limited to what is necessary to the purposes for which they are processed;
  • be accurate and where necessary, kept up-to-date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay
  • be kept in a form which permits identification of data subjects for no longer than is necessary for which the personal data are processed;
  • be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures;
The GDPR provides individuals with rights in connection with personal data held about them. It provides individuals with the right to access data concerning themselves (subject to the rights of third parties). It also includes the right to seek compensation through the courts for damages and distress suffered by reason of inaccuracy or the unauthorised destruction or wrongful disclosure of data. Ensus UK Ltd, will respond to written requests to the HR/Finance department requesting information on what data is being held and processed by Ensus UK Ltd or its Data Processors.
Under the terms of the GDPR, the processing of data includes any activity to do with the data involved. All staff or other individuals who have access to, or who use, personal data, have a responsibility to exercise care in the treatment of that data and to ensure that such information is not disclosed to any unauthorised person. Examples of data include address lists and contact details as well as individual files. Any processing of such information must be done in accordance with the principles outlined above. In order to comply with the principle of fair and lawful processing, at least one of the following conditions must be met:
  • the individual has given his or her consent to the processing;
  • the processing is necessary for the performance of a contract with the individual;
  • processing is required under a legal obligation;
  • processing is necessary to protect the vital interests of the individual;
  • processing is necessary to carry out public functions;
  • processing is necessary in order to pursue the legitimate interests of the controller or third parties (unless it could prejudice the interests of the individual).
In the case of sensitive personal data, which includes information about racial or ethnic origins; political beliefs; religious or other beliefs; trade union membership; health; sex life; criminal allegations, proceedings or convictions, there are additional restrictions and explicit consent will normally be required.
In relation to security of Personal Data, Ensus UK Ltd takes appropriate technical and organisational measures against unauthorised or unlawful processing of personal data and against accidental loss or destruction of or damage to personal data. Staff and other individuals should be aware that guidelines and regulations relating to the security of manual filing systems and the preservation of secure passwords for access to relevant data held on computer should be strictly observed. Ensus UK Ltd, also undertakes to review data accuracy, update accordingly and remove data no longer required.
Staff should also note that personal data should not normally be provided to parties external to the company. Special arrangements apply to the exchange of data between the company and third parties. For further guidance on this, please contact Finance / HR Department.
The GDPR has specific requirements relating to the transfer of material outside the European Economic Area, personal data about an individual placed on the world wide web is likely to breach the provisions of the GDPR unless the individual whose data is used has given his or her express consent. It is important that all those preparing web pages, address lists and the like, are aware of these provisions, and seek advice if in doubt.
A failure to comply with the provisions of the GDPR may render the company, or in certain circumstances the individuals involved, liable to prosecution as well as giving rise to civil liabilities. The GDPR also requires that breaches in the data policy are reported, where feasible, within 72 hours. Individuals are encouraged to familiarise themselves with the general aspects of General Data Protection Regulation, referred to above. Further information and advice may be obtained from the Finance / HR Department.
Data Protection Definitions
Personal Data - means any information relating to an identified person, who can be identified either directly or indirectly by name, identification number, location or online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity specific. Examples of personal data would be; Online profile details, Persons health data, Employee bank details.
Data Subject – An individual who is subject of personal data. Examples include; Employee, Customer, Consumer.
Data Controller – A person who (either jointly or in common with other persons) determines the purpose for which and the manner in which any personal data are, or to be, processed. In Ensus the role of the Data Controller is jointly held by the Commercial, Finance and Production Directors. Any potential breach in data protection should be immediately reported to them.
Data Processor – A natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.
What is processing – In relation to data it means obtaining, recording or holding information or data or carrying out any operation or set of operations on the information or data. It includes access, storage, retrieval, disclosure and erasure / destruction.
For further detail on all information listed in this summary, please refer to the full Data Protection Policy document (PDF, 367.14 KB).

to top of page