Tel: 01332 821200

My Account (0) £0.00Checkout
You have no items in your Basket.

Data Protection Policy


Version 1.0.0 14-05-18

This Policy sets out Davpack (Davenport Paper Co. Ltd) strategic commitment to data protection. It is the policy of business to ensure the confidentiality, integrity and availability of information owned by both Davpack (Davenport Paper Co. Ltd) and clients is maintained in order to:

• Ensure continued quality of service
• Meet the business contractual, legal and regulatory obligations
• Meet the needs and expectations of other interested parties.

Information security management shall be treated as an integral part of management activities and will be pursued in the same manner and with the same vigour as other managerial objectives.

The company shall comply with Data Protection Guidelines issued by it’s ultimate parent company, TAKKT AG.

Davpack (Davenport Paper Co. Ltd) is committed to ensuring that personal data:

 

• is processed fairly and lawfully
• is only obtained for specified and lawful purposes
• is adequate, relevant and not excessive to the purpose(s) of which it is processed
• is accurate and kept up to date
• is not kept for longer than is necessary
• is processed in accordance with the rights of the data subjects
• is kept secure and is protected from unauthorised and unlawful processing and against accidental loss or destruction or damage by appropriate technical and organisational measures
• is not transferred to a country or territory outside of the EEA unless an adequate level of protection and rights and freedoms of the data subject(s) are ensured

 

“data subject(s)”, “personal data” and “sensitive personal data” have the meanings defined within the Data Protection Act. This policy, supporting policies and procedures will be subject to periodic internal audit and may be subject to external audits as necessary by the Information Commissioner. Staff may raise concerns relating to the handling of their personal data, either with their line manager or Human Resources, or formally through the Business grievance procedure. The Business recognises data subject’s rights to raise a Subject Access Request. A formal request from a data subject for information that is held must be made in writing. A fee is payable by the data subject for provision of this information. Any member of staff who receives a written request should forward it immediately to their line manager who must follow the processes set out in the TAKKT Data Protection Guidelines.

The Board with support from the Business Heads and Directors has overall responsibility and authority to ensure that this Policy is effectively implemented and delivered throughout the Business. All personnel are required to play an active role in the protection of company assets and treat information security appropriately in order that this purpose can be achieved.

To support this Policy, the management overseeing security and risk will produce subject specific policies and supporting procedures which will be reviewed and updated in response to changes in risks faced by the Business, legislation, regulation, contractual obligations and operational working practices.

Information security objectives, which are aligned with the business objectives, are agreed on an annual basis, supported by a set of key performance indicators (KPIs) and are reported regularly to the Board.

The business recognises the need for continual improvement. The information security management system is constantly reviewed and any changes are communicated to all relevant employees and interested parties.

The Heads and Directors will be responsible and have authority for communicating and implementing this policy, supporting policies and procedures within their area of responsibility and will ensure individual accountability.

All personnel (i.e. permanent staff, contractors and temporary staff) will adhere to this Policy, supporting policies and procedures.

Failure to comply with this policy, subject specific policies and supporting procedures, may result in disciplinary action being taken.

This Policy and the business performance in meeting its requirements will be monitored and reviewed as a minimum, on an annual basis.