Data Protection Policy
Keeping your data safe and private
The Company has enforced several Data Protection policies to demonstrate that the personal data that people provide to us are safeguarded in line with the Data Protection Act 2017 (DPA).
The Data Protection Act 2017 (DPA) is a significant piece of legislation designed to protect individuals’ personal data. It introduces new rights for individuals and imposes new obligations on organisations that handle personal data.
Ducray Lenoir Ltd(the Company) has enforced several Data Protection policies to demonstrate that the personal data that people provide to us are safeguarded in line with the DPA 2017.
For the purpose of the present document, the following words and/or expressions are understood to have the following meaning:
For this Policy, the relevant controllers are:
| Personal Data |
Any information that can identify a living person, such as a name, account number, IP address, username, or GPS coordinates. |
| Data Subject | The person to whom the personal data relates. |
| Special categories of personal data | It is a subset of personal data and is defined as information that directly or indirectly a person’s race, ethnicity, political or philosophical views, religious beliefs, union affiliation, criminal record, any data related to their health or sexual life or genetic data or biometric data uniquely identifying him/her. |
| Controller | The person who or the public body, alone or jointly with others, determines the purposes and means of the processing of personal data and has decision-making power concerning the processing. |
| Processor | A processor is a person who, or a public body which, processes personal data on behalf of a controller. |
The DPA is based on six key principles:
- Lawfulness, fairness, and transparency
Personal data must be processed lawfully, fairly, and transparently.
- Purpose limitation
Personal data must be collected for specified, explicit, and legitimate purposes and not processed further in a manner incompatible with those purposes.
- Data minimization
Personal data must be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
- Accuracy
Personal data must be accurate and, where necessary, kept up to date.
- Storage limitation
Personal data must not be kept for longer than is necessary for the purposes for which they are processed.
- Integrity and confidentiality
Personal data must be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage.
Under the DPA, data subjects have several rights, including:
a. Right to be informed
The right to be informed about the processing of personal data.
b. Right of access
The right to access personal data and obtain a copy.
c. Right to rectification
The right to have inaccurate personal data rectified.
d. Right to erasure
The right to have personal data erased under certain circumstances.
e. Right to restrict processing
The right to restrict the processing of personal data under certain circumstances.
f. Right to object
The right to object to the processing of personal data.
g. Rights related to automated decision-making
The right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects or significantly affects the individual.
To ensure compliance with the DPA and its principles, the company has implemented the following policies:
5.1 General Data Protection Policy
This policy is dedicated to standardising the use, monitoring, and management of personal data by the Company. The main purpose of this policy is to protect and secure all data consumed, managed, and stored by the Company and ensure that all guidelines of the DPA 2017 are being adhered to.
5.2General Privacy Policy
This policy is made available to all users who provide their personal data to the Company and defines the responsibilities of the Company in the collection and safeguarding of that personal data.
5.3 Information Security Policy
This policy was set up to preserve the confidentiality, integrity and availability of all the physical and electronic information including personal data collected by the Company. It stipulates the IT organisational and technical measures that the Company has adopted to ensure the safeguarding of personal data.
5.4 Employment Privacy Policy
The policy has been developed by the Company to let their employees know how their personal data will be collected, processed, stored, and shared during their employment period.
5.6 Recruitment Policy
The purpose of this privacy notice is to make you aware of how and why the Company will collect and use your personal information during the recruitment process.
5.7 Training Policy
This policy was set up to ensure that all security requirements related to data protection are demonstrated and communicated to employees when the latter provide their personal data for training purposes.
5.8 Consent Procedure Notice
Consent must be clearly expressed, freely given, specific, informed, and unambiguous. This means that data subjects should actively agree to the processing of their personal data, understanding the purpose, scope, and potential consequences of such processing. The company has established procedures to ensure that consent is obtained appropriately, especially when collecting sensitive personal data (special categories of data), and to allow individuals to withdraw their consent at any time.
The Company has an established Data Breach Response Procedure.
An employee should immediately contact the Data Protection Officer for any breach he/she becomes aware of.
The Controller (the Company) shall notify the breach to the Data Protection Commissioner without undue delay, and where feasible, not later than 72 hours after having become aware of it.
Any person who does not comply or contravenes the DPA 2017 shall, on conviction, be liable to a fine not exceeding 200,000 rupees and to imprisonment for a term not exceeding 5 years.
By signing below, you acknowledge that you have read and understood the above-mentioned policies. You also agree to comply with these policies in your role at the company.
