The legal bit

When we use your personal information we must comply with the legal requirements set out in the following:

the General Data Protection Regulations 2016 (GDPR) – this is EU law which applies in the UK

the Data Protection Law Enforcement Directive 2016 – this is EU law which applies in the UK

the Data Protection Act 2018 – this is UK legislation

We must process your personal information in accordance with six Data Protection Principles which form the basis of the data protection legislation. Your personal information must:

  • be processed fairly, lawfully and transparently;
  • be collected and processed only for specified, explicit and legitimate purposes;
  • be adequate, relevant and limited to what is necessary for the purposes for which it is processed;
  • be accurate and kept up to date. Any inaccurate data must be deleted or rectified without delay;
  • not be kept for longer than is necessary for the purposes for which it is processed; and
  • be processed securely.

We are accountable for these principles and must be able to show that we are compliant.

The Information Commissioner has overall responsibility for data protection and you can find out a lot more about the legal rules on the Information Commissioner’s website.

Our data protection policy also gives you more information about how we will comply with our legal obligations.

We have a range of other policies and procedures dealing with data protection issues. These can be found on the Data Protection page on our website – find out more here. We keep these policies and procedures under regular review and we will place any updates on our Data Protection page.