In certain circumstances, it is permitted that personal data be shared without the knowledge or consent of a data subject. This is the case where the disclosure of the personal data is necessary for any of the following purposes:
- The prevention or detection of crime.
- The apprehension or prosecution of offenders.
- By the order of a court or by any rule of law
If any employee receives a request from a court or any regulatory or law enforcement authority for information relating to a data subject, they must immediately notify the Data Protection Officer who will provide comprehensive guidance.
Data Protection Training
- All employees who have access to personal data will have their responsibilities under this policy outlined to them as part of their staff induction training.
- In addition, we will provide regular Data Protection training and procedural guidance for our staff.
- We may transfer personal data to internal or third-party recipients located in another country where that country is recognised as having an adequate level of legal protection for the rights and freedoms of the relevant data subjects.
- We may only transfer personal data where one of the transfer scenarios listed below applies:
- The transfer is necessary for the performance of a contract between the Data Controller and the data subject
- The transfer is necessary for the conclusion or performance of a contract concluded with a third party in the interest of the Data Controller or data subject.
- The transfer is legally required on important public interest grounds.
- The transfer is necessary for the establishment, exercise or defence of legal claims.
- Complaints in relation to the processing of personal data must be put forward in writing by the Data Controller to the designated Data Protection Officer.
- An investigation of the complaint will be carried out to the extent that is appropriate based on the merits of the specific case.
- The Data Protection Officer will inform the Data Controller of the progress and the outcome of the complaint.
- Any data breach that is detected will be automatically notified to the Data Controller. The notification will identify the nature of the breach and the scale of the breach.
- If a personal data breach is confirmed, the Data Protection Officer will follow the relevant authorised procedure based on the criticality and quantity of the personal data involved.
- For severe personal data breaches, our Executive Team will initiate and chair an emergency response team to coordinate and manage the personal data breach response.