We treat any personal or sensitive personal data supplied so that we comply with the seven principles of the General Data Protection Regulation (GDPR) as implemented in the UK by the Data Protection Act 2018 (DPA).
These are;
1. Be processed lawfully, fairly and in a transparent manner.
2. Be collected for specified, explicit and legitimate processes and not further processed in a manner that is incompatible with those purposes (this excludes archiving for public interest, scientific or historical research, or statistical purposes)
3. Be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
4. Be accurate, and where necessary, kept up to date.
5. Be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes which personal data are processed (this excludes archiving for public interest, scientific or historical research, or statistical purposes)
6. Have appropriate security measures in place to protect it
7. Have responsibility taken, by the organisation, for its use and compliance with the other principles.