General Data Protection Regulations Policy

Plantexpand Limited collects and processes personal information which meets the legal obligations of the General Data Protection Regulations(GDPR) and the Data Protection Act 2018, ensuring that data is used fairly and lawfully.  

The collection and processing of personal data is only done in order to meet employment law requirements such as right to work, payments or contractual obligations. Personal information will be dealt with properly and securely however it is collected, recorded and used, whether it is on paper, on a computer or recorded on other materials, observing the safeguards contained in the Act. Personal data will not be shared with any 3^rd parties, without an individuals’ consent.

The Company regards the lawful and correct treatment of personal information as very important to the successful and efficient performance of its functions, and to maintain confidence between those with whom it deals. To this end Plantexpand Ltd fully endorses and adheres to the GDPR.

The purpose of this policy is to ensure that employees and other stakeholders are clear about the purpose and principles of data protection and to ensure that it has guidelines and procedures in place which are consistently followed. Failure to adhere to the GDPR is unlawful and could result in legal action being taken against the company or employees.

The GDPR regulates the processing of information relating to living and identifiable individuals. This includes the obtaining, holding, using or disclosing of such information, and covers computerised records as well as manual filing systems.

Data users must comply with the principles of good practice which underpin the regulations which means in order to operate lawfully, information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully.  

In summary the information collected must be:
• Used fairly and lawfully
• Used for specifically stated employment and/or contractual purposes
• Used in a way that is adequate, relevant and not excessive
• Accurate
• Not shared with any 3^rd party without an individual’s consent
• Kept for no longer than is absolutely necessary
• Handled according to people’s data protection rights
• Kept safe and secure
• Not transferred outside the European Economic Area without adequate protection.

Date: 1^stJanuary 2022

Mark Knight
(Operations Director)