Daara Data Protection Policy

1. Policy Statement
All individuals have rights in relation to how their personal information is handled. During the course of our business, we will collect, store and process personal information and we recognise the need to treat it in an appropriate and lawful manner.
The types of information we may be required to handle include details of current, past and prospective directors and employees; contractors; suppliers; clients; and others we communicate with. The information is subject to certain legal safeguards primarily those which are specified in the Data Protection Act 2018 (the Act) and other regulations including the UK GDPR. The Act imposes restrictions on how we may use that information.
This policy together with our privacy policy sets out our policy on data protection. We will continue to monitor and review the effectiveness of the policy. Anyone who handles personal data in any way on behalf of the company must ensure that they comply with this policy. Any breach of this policy will be taken seriously and may result in disciplinary action or more serious sanctions.

2. Data Protection Officer
Alice Cornish (Director) is Daara’s Data Protection Officer and is responsible for ensuring compliance with the Act and with this policy.

3. Definitions

  • Data is information which is stored electronically or in certain paper-based filing systems.
  • Data subjects for the purpose of this policy include all living individuals about whom we hold personal data. All data subjects have legal rights in relation to their personal data.
  • Personal data means data relating to a living individual who can be identified from that data, alone or when it is combined with data in our possession.
  • Data controllers determine the purposes for which and the manner in which any personal data is processed. They have a responsibility to establish practices and policies in line with the Act. Daara is the data controller of all personal data used in our business.
  • Data users include directors and employees (including contractors) whose work involves using personal data.
  • Data processors include anyone who processes personal data on behalf of a data controller.
  • Processing is any activity that involves use of personal data.
  • Sensitive personal data includes information about a person’s racial or ethnic origins; political opinions; religious or similar beliefs; trade union memberships; physical or mental health; sex life or orientation; or criminal charges or records.

4. Data Protection Principles
Anyone processing personal data must comply with the eight data protection principles which are set out in the Act. These provide that personal data must be:

  1. Processed fairly and lawfully;
  2. Processed for purposes which the individual has been told about, and not in a way that is incompatible with those purposes;
  3. Adequate, relevant and not excessive in relation to those purposes;
  4. Accurate and up-to-date;
  5. Not kept longer than necessary;
  6. Processed in line with data subjects’ rights;
  7. Secure; and,
  8. Not transferred to people or organisations situated in countries outside the European Economic Area (EEA) without adequate data protection.
    Daara is committed to complying with these principles.

5. Processing of Data
The Act is not intended to prevent the processing of personal data but to ensure that it is done fairly.
The data subject must be told who the data controller is (i.e. Daara), the purpose for which the data is to be processed by us (e.g. for employees, to facilitate their employment or to provide updates), and the identities of anyone to whom the data may be disclosed or transferred.
For personal data to be processed lawfully, one of a number of conditions has to be met…

(Section continues unchanged except replacing the company name with Daara where applicable.)

6. Accuracy of Data

Daara maintains an employee database detailing all the information we need to know about our employees…

7. Retention of Data

Please contact the Directors of Daara or seek legal advice.

8. Data Subjects’ Rights

9. Data Security

10. Marketing Materials

11. Subject Access Requests
A formal request from a data subject for information held about them must be made in writing to the Data Protection Officer with evidence of the identity of the data subject. A fee of £10 is payable for provision of this information. Any subject access requests will be dealt with in accordance with the statutory time limit.

Last updated: 13 January 2023
Next review date: 13 January 2024

Let me know if you’d like this formatted as a downloadable PDF or Word document, or if you want to update the Data Protection Officer’s name or contact details, the review dates, or add website-specific policies (like cookie usage on daara.academy).