Company Name: Acet (People Development) Ltd (“the Company”)
Registered in England and Wales
Company number: 10059841
Policy Name: Information Security and Data Protection
Date: 22nd June 2016
Version: AP/01


The Data Protection Act 1998:

The Company processes personal data in relation to its own staff, training delegates and individual client contacts – therefore it is a “data controller” for the purposes of the Data Protection Act 1998. The Company has notified the Information Commissioner’s Office – the Company’s data protection registration number is ZA188056.

The Company holds personal data on individuals (“data subjects”) for the following general purposes:

  • Administration.
  • Advertising, marketing and public relations.
  • Accounts and records.
  • Design and delivery of learning and development programmes.

The eight principles of data protection:

The Data Protection Act 1998 requires the Company as data controller to process data in accordance with the principles of data protection. These require that personal data shall be:

  1. Fairly and lawfully processed.
  2. Processed for limited purposes.
  3. Adequate, relevant and not excessive.
  4. Accurate.
  5. Not kept longer than necessary.
  6. Processed in accordance with the data subjects rights.
  7. Kept securely.
  8. Not transferred to countries outside the European Economic Area without adequate protection.

“Personal data” means data, which relates to a living individual who can be identified from the data or from the data together with other information, which is in the possession of, or is likely to come into possession of the Company.

“Processing” means obtaining, recording or holding the data or carrying out any operation or set of operations on the data. It includes organising, adapting and amending the data, retrieval, consultation and use of the data, disclosing and erasure or destruction of the data. It is difficult to envisage any activity involving data, which does not amount to processing. It applies to any processing that is carried out on computer including any type of computer however described, main frame, desktop, laptop, iPad, Blackberry ® or other mobile device.

Personal data should be reviewed on a regular basis to ensure that it is accurate, relevant and up to date and those people listed in the Appendix shall be responsible for doing this.

Personal data may only be processed with the consent of the person whose data is held. Therefore if they have not consented to their personal details being passed to a third party this may constitute a breach of the Data Protection Act 1998. By instructing the Company to discuss and engage in any learning and development activity and by providing us with personal data contained learning documents i.e. training delegate lists it is assumed that consent has been given to process personal details for learning and development purposes.

Sensitive personal data:

Personal data in respect of the following is “sensitive personal data” and will not be gathered by the company unless in specific circumstances and not without prior consent. Any information held on any of these matters WILL NOT be passed on to any third party.

  • Any offence committed or alleged to be committed by them.
  • Proceedings in relation to any offence and any sentence passed.
  • Physical or mental health or condition.
  • Racial or ethnic origins.
  • Sexual life.
  • Political opinions.
  • Religious beliefs or beliefs of a similar nature.
  • Whether someone is a member of a trade union.

Information security:

From a security point of view, only those staff listed in the Appendix are permitted to add, amend or delete personal data from the Company’s database(s) (“database” includes paper records or records stored electronically). However all staff are responsible for notifying those listed where information is known to be old, inaccurate or out of date. In addition all employees should ensure that adequate security measures are in place. For example:

  • Computer screens should not be left open by individuals who have access to personal data.
  • Passwords should not be disclosed.
  • Email should be used with care.
  • Personnel files and other personal data should be stored in a place in which any unauthorised attempts to access them will be noticed. They should not be removed from their usual place of storage without good reason.
  • Personnel files should always be locked away when not in use and when in use should not be left unattended.
  • Any breaches of security should be treated as a disciplinary issue.
  • Care should be taken when sending personal data in internal or external mail.
  • Destroying or disposing of personal data counts as processing. Therefore care should be taken in the disposal of any personal data to ensure that it is appropriate. Such material should be shredded or stored as confidential waste awaiting safe destruction.

It should be remembered that the incorrect processing of personal data e.g. sending an individual’s details to the wrong person, allowing unauthorised persons access to personal data, or sending information out for purposes for which the individual did not give their consent, may give rise to a breach of contract and/or negligence leading to a claim against the Company for damages from an employee, work-seeker or client contact. A failure to observe the contents of this policy will be treated as a disciplinary offence.

Subject access requests:

Data subjects are entitled to obtain access to their data on request and after payment of a £10 fee. All requests to access personal data by data subjects should be referred to Andrew Carr whose details are listed in the Appendix to this policy.


The following person is responsible for adding, amending or deleting data.
Andrew J Carr
Managing Director

Acet (People Development) Ltd
12 Glendale Drive
M: 0777 3394583

The following person is responsible for responding to subject access requests.
Andrew J Carr
Managing Director

Acet (People Development) Ltd
12 Glendale Drive
M: 0777 3394583

Acet (People Development) Ltd is registered for VAT in the United Kingdom: 240280543