- State what data you collect, e.g.
- name and job title
- contact information including email address
- demographic information such as postcode, preferences and interests, transactional data
- Explain what you do with personal data – and what you do NOT do.
- State the physical address of the Data Controller.
- List out your group companies, where applicable.
- Explain how the personal data you hold is handled and processed.
- Your policy on transfer of data overseas (i.e if you don’t do it, then state this).
- Subject access arrangements – how can a customer/contact gain access to the personal data you hold on them.
- Data security guarantees – ie the physical, electronic and business procedures in place to safeguard and secure the information you collect.
Personal data is defined as information about a living, identifiable individual – identifiable either from that data, or from other information which is likely to come into the possession of the Data Controller. It includes an expression of opinion about the individual and any indication of intention in respect of the individual.
The Data Controller is a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.