Code of Conduct
Ensus UK Ltd - Policy on Data Protection
The primary purpose of current data protection legislation is to protect individuals against possible misuse of information about them held by others. This is a very important responsibility and Ensus UK Ltd, are committed to have in place policies and procedures that protect individuals personal data and to ensure that all members of staff are aware of the requirements of the General Data Protection Regulations 2018 (“GDPR”) in relation to their individual responsibilities.
The GDPR covers personal data whether held on computer or in certain manual files.
Ensus UK Ltd is obliged to abide by the data protection regulations. These Data Protection principles require that personal data shall:
Under the terms of the GDPR, the processing of data includes any activity to do with the data involved. All staff or other individuals who have access to, or who use, personal data, have a responsibility to exercise care in the treatment of that data and to ensure that such information is not disclosed to any unauthorised person. Examples of data include address lists and contact details as well as individual files. Any processing of such information must be done in accordance with the principles outlined above. In order to comply with the principle of fair and lawful processing, at least one of the following conditions must be met:
In relation to security of Personal Data, Ensus UK Ltd takes appropriate technical and organisational measures against unauthorised or unlawful processing of personal data and against accidental loss or destruction of or damage to personal data. Staff and other individuals should be aware that guidelines and regulations relating to the security of manual filing systems and the preservation of secure passwords for access to relevant data held on computer should be strictly observed. Ensus UK Ltd, also undertakes to review data accuracy, update accordingly and remove data no longer required.
Staff should also note that personal data should not normally be provided to parties external to the company. Special arrangements apply to the exchange of data between the company and third parties. For further guidance on this, please contact Finance / HR Department.
The GDPR has specific requirements relating to the transfer of material outside the European Economic Area, personal data about an individual placed on the world wide web is likely to breach the provisions of the GDPR unless the individual whose data is used has given his or her express consent. It is important that all those preparing web pages, address lists and the like, are aware of these provisions, and seek advice if in doubt.
A failure to comply with the provisions of the GDPR may render the company, or in certain circumstances the individuals involved, liable to prosecution as well as giving rise to civil liabilities. The GDPR also requires that breaches in the data policy are reported, where feasible, within 72 hours. Individuals are encouraged to familiarise themselves with the general aspects of General Data Protection Regulation, referred to above. Further information and advice may be obtained from the Finance / HR Department.
Data Protection Definitions
Personal Data - means any information relating to an identified person, who can be identified either directly or indirectly by name, identification number, location or online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity specific. Examples of personal data would be; Online profile details, Persons health data, Employee bank details.
Data Subject – An individual who is subject of personal data. Examples include; Employee, Customer, Consumer.
Data Controller – A person who (either jointly or in common with other persons) determines the purpose for which and the manner in which any personal data are, or to be, processed. In Ensus the role of the Data Controller is jointly held by the Commercial, Finance and Production Directors. Any potential breach in data protection should be immediately reported to them.
Data Processor – A natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.
What is processing – In relation to data it means obtaining, recording or holding information or data or carrying out any operation or set of operations on the information or data. It includes access, storage, retrieval, disclosure and erasure / destruction.
For further detail on all information listed in this summary, please refer to the full Data Protection Policy document (PDF, 367.14 KB).
Ensus UK Ltd
Phone: +44 (0)1642 513 250
Fax: +44 (0)1642 513 552
|© Ensus UK Limited|