Data Protection Policy

Introduction

Enduralife Ltd is fully committed to compliance with the requirements of the Data Protection Act 1998 ("the Act"), which came into force on the 1st March 2000.  We will therefore follow procedures that aim to ensure that all employees, contractors, agents, consultants, partners or other who have access to any personal data held by or on behalf of us are fully aware of and abide by their duties and responsibilities under the Act.

Statement of policy

n order to operate efficiently, the company has to collect and use information about people with whom it works.  These may include members of the public, current, past and prospective employees, clients and customers, and suppliers.  This personal information must be handled and dealt with properly, however it is collected, recorded and used, and whether it be on paper, in computer records or recorded by any other means, and there are safeguards within the Act to ensure this.

We regard the lawful and correct treatment of personal information as very important to a successful operation and to maintaining confidence between us and those with whom we carry out business.  We will ensure that we treat personal information lawfully and correctly.

To this end, Enduralife Ltd fully endorses and adheres to the Principles of Data Protection as set out in the Data Protection Act 1998.

The principles of data protection

The Act stipulates that anyone processing personal data must comply with Eight Principles of good practice.  These Principles are legally enforceable.

The Principles require that personal information:

  1. Shall be processed fairly and lawfully and in particular, shall not be processed unless specific conditions are met;
  2. Shall be obtained only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes;
  3. Shall be adequate, relevant and not excessive in relation to the purpose or purposes for which it is processed;
  4. Shall be accurate and where necessary, kept up to date;
  5. Shall not be kept for longer than is necessary for that purpose or those purposes;
  6. Shall be processed in accordance with the rights of data subjects under the Act;
  7. Shall be kept secure i.e. protected by an appropriate degree of security;
  8. Shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of data protection.

All managers and staff will take steps to ensure that personal data is kept secure at all times against unauthorised or unlawful loss or disclosure and in particular will ensure that:

  • Paper files and other records or documents containing personal/sensitive data are kept in a secure environment;
  •  
  • Personal data held on computers and computer systems is protected by the use of secure passwords, which where possible have forced changes periodically;
  • Individual passwords should be such that they are not easily compromised.

All contractors, consultants, partners must:

  • Ensure that they and all of their staff who have access to personal data held or processed for or on behalf of the company, are aware of this policy and are fully trained in and are aware of their duties and responsibilities under the Act.  Any breach of any provision of the Act will be deemed as being a breach of any contract between the company and that individual, company, partner or firm;
  • Allow data protection audits by the company of data held on its behalf (if requested);
  • Indemnify the company against any prosecutions, claims, proceedings, actions or payments of compensation or damages, without limitation.

All contractors who are users of personal information supplied by us will be required to confirm that they will abide by the requirements of the Act with regard to the information supplied. 

Implementation

The Directors will ensure that the Policy is implemented. The Managing Director will have overall responsibility for overseeing:

  • The provision of cascade data protection training, for staff within the business.
  •  
  • The development of best practice guidelines.
  •  
  • The carrying out of compliance checks to ensure adherence, throughout the company, with the Data Protection Act.

   

Protection Products...  pure and simple

Enduralife is determined to always give access to products from a selection of market leading providers, in plain English, to people who want to ensure they make the right financial decisions at the right times and at the right cost. It's simple!