Privacy Policy

1.0 Introduction

This document sets out the obligations of FT Ductile Ltd. (“the Company”) with regard to Privacy, Data Protection, the rights of Data Subjects and the people with whom it works in respect of their personal data under the European Union General Data Protection Regulation (“the Act”).

This Policy shall set out the principles and procedures which are to be followed when dealing with personal data. The procedures set out herein must be followed by the Company, its employees, contractors, agents, consultants, partners or other parties working on behalf of the Company.

The Company views the correct and lawful handling of personal data as key to its success and dealings with third parties. The Company shall ensure that it handles all personal data correctly and lawfully.
This Policy sets out our overall approach to the collection, storage and management of personal data. Our Privacy Notices describe the specifics of our data management for each aspect of our business.

2.0 The Data Protection Principles

This Policy aims to ensure compliance with the Act.  The Act sets out the principles with which any party handling personal data must comply.

All personal data must be: –

We aim to ensure all personal data is protected against unauthorised or unlawful processing, accidental loss, destruction or damage through appropriate technical and organisational measures; and

Will not be transferred to a country or territory outside of the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

3.0 Rights of Data Subjects

Under the Act, data subjects have the following rights: –

We will adopt the principle of “data protection by design” as a standard approach to the collection, recording, processing, sharing, and controlled destruction of personal data and ensure that the rights of individuals are paramount at all times.

4.0 Personal Data

Personal data is defined by the Act as: –

Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

4.1 Sensitive personal data

The Act also defines “sensitive personal data” as personal data relating to

The Company only holds personal data which is directly relevant to its dealings with a given data subject. That data will be held and processed in accordance with the data protection principles.

5.0 Processing Personal Data

All personal data held and processed by the Company is collected to ensure that the Company can facilitate efficient transactions with third parties including, but not limited to, its customers, partners, associates and affiliates and efficiently manage its employees, contractors, suppliers, agents and consultants. Personal data shall also be used by the Company in meeting any and all relevant obligations imposed by law.

Personal data may be disclosed to other personnel within the Company. Personal data may be passed from one department to another in accordance with the data protection principles and this Policy. Under no circumstances will personal data be passed to any department or any individual within the Company that does not reasonably require access to that personal data with respect to the purpose(s) for which it was collected and is being processed.

The Company shall ensure that: –

6.0 Legal basis for processing personal data

Records will be kept of all personal data processed by The Company. The legal basis for processing that personal data will be identified as one of the categories as specified in the Act. Processing will only be legal if one of the following conditions is met: –

7.0  Data Protection Procedures

The Company shall ensure that all of its employees, contractors, agents, consultants, partners or other parties working on behalf of the Company comply with the following when processing and / or transmitting personal data: –

8.0  Organisational Measures

The Company shall ensure that the following measures are taken with respect to the collection, holding and processing of personal data: –

9.0  Access by Data Subjects

A data subject may make a subject access request (“SAR”) at any time to request a copy information which the Company holds about them, specifically: –

Individuals have the right to access their personal data and supplementary information. The right of access allows individuals to be aware of and verify the accuracy of the data and lawfulness of the processing.

9.1  Subject Access Request (SAR)

Upon receipt of a SAR the Company shall have a maximum period of one month within which to respond. The following information will be provided to the data subject: –

10.0 Retention of Data

It is our intent to retain personal data for no longer than is absolutely necessary, at which time it will be safely deleted and/or destroyed.

All companies are obliged by law to retain certain information for specified minimum periods e.g. financial records must be kept for 7 years. We will comply with prescribed legislation.

If we have received consent from you we will continue to hold your data for the term of validity of that consent.

For all other personal data our standard retention period is 2 years.

11.0 Notification to the Information Commissioner’s Office

As a data controller, the Company is required to notify the Information Commissioner’s Office that it is processing personal data. The Company is registered in the register of data controllers.

Data controllers must renew their notification with the Information Commissioner’s Office on an annual basis. Failure to notify constitutes a criminal offence.

Any changes to the register must be notified to the Information Commissioner’s Office within 28 days of taking place.

The Designated Officer shall be responsible for notifying and updating the Information Commissioner’s Office.

12.0 Contacting FT Ductile Ltd.

If you have any questions about how we use your personal data that are not answered here, or if you want to exercise your rights regarding your personal data, please contact us by any of the following means:

You have the right to lodge a complaint with the Information Commissioner’s Office. Further information, including contact details, is available at https://ico.org.uk.

13.0 FT Ductile Ltd. Pledge

FT Ductile Ltd is committed to complying with data protection legislation and good practice including: –