Company details
Company Name: Firefly Innovation Ltd
Address: 33 Crawhill Drive, Bargeddie, North Lanarkshire, G69 7FL
ICO Registration No.: ZA518221
Primary contact: Joanne Hagerty
Email: joanne@fireflyinniovates.com
Phone: +44 (0)7729289194
Version: Aug 22
Last Reviewed: Aug 24
This policy is based on ensuring that Firefly Innovation Ltd (FFI) meet the Eight principles of Data Protection.
The Data Protection Act sets out the eight principles with which Firefly Innovation and its employees, contractors and suppliers must comply whenever it processes personal data.
The Data Controller is Joanne Hagertty
All staff should undergo GDPR Training which can be gained through utilising training courses such as those available from Business Gateway or similar suppliers and by utilising the GDPR checklist (available from Joanne Hagerty), or from other training support that is available.
You should check any information you individually hold on personal computer drives or in paperwork and safely destroy anything that Firefly Innovation does not have a legal reason to retain. Make sure old information is destroyed.
KEY MESSAGE - Only use the minimum amount of data to get the job done
1. What is Personal Data?
When we say ‘personal data’ we mean identifiable information about you, like your name, email, address, telephone number, bank account details, payment information, support queries, community comments and so on. If you can’t be identified (for example, when personal data has been aggregated and anonymised) then this notice doesn’t apply.
These stipulate that the data must:
1) ‘Be collected and processed fairly and lawfully’
In order for us to process data ‘fairly’, we should:
ensure that we have a legitimate reason to obtain or process the data
the Data Subject must be made aware that their data is being used and their consent obtained. They must never be deceived or misled - they must have a clear understanding of the reasons for which it is proposed that their data be used
1. Financial Data
As part of the Engagement process completed with clients then GDPR guidelines will be included within this, this includes holding personal information for the purposes of the delivering our services to our clients. This may include financial data such as turnover and profit levels but will not include any data such as bank details.
Data Repository
We use DropBox as the final repository for all client information, reports, documents and personal information and this will be held within the guidelines and associated policy from DropBox.
Where client data is being held on laptops or other devices please see “section 7” for data security.
The main issues raised by this principle are;
All personal data which is processed by FFI must be covered by our Registration with the Information Commissioner. Most routine uses of personal data by staff will be covered by our Registration. However, if you are processing any data (for example, maintaining a database or running a research project involving the use of personal data) and think it may involve us handling new personal data for the first time or using personal data for a new purpose, please ensure you have contacted the client and gained there consent for obtaining the information. Initial engagement forms should meet this requirement.
To ensure compliance:
Personal data must not be inaccurate or misleading to any matter of fact. This applies to information from a third party. The source of information should always be included on records.
Failure to remove data when its purpose has been served is a breach of the Data Protection Act. As FFI needs to hold and process personal data for a variety of different legitimate reasons, it is not always possible to stipulate how long particular data should be retained. FFI will decide on a case-by-case basis when data should be destroyed.
FFI must ensure that all personal data is processed in accordance with the rights of Data Subjects, who can:
Access to personal data will only be granted to staff insofar as is necessary for legitimate operational purposes. The personal or private use of personal data held by the FFI is strictly forbidden.
All staff with access to personal data must be mindful that they play a role in ensuring that it is always kept securely. They must familiarise themselves with FFI’s Data Protection Policy and follow our guidance on data security.
Personal data must not be transferred to a country outside European Economic Area unless:
explicit consent has been obtained from the Data Subject(s)
Special care should be taken when travelling with a laptop or other mobile device which contains personal data.
SUMMARY
Processing Personal Data
At least one of these must apply whenever you process personal data.
There may be more than one. Select the one which is appropriate to the activity you are doing:
It is essential data breaches and near misses are reported immediately to your line manager
We should not be holding data on the following;
Special data is: Special categories of personal data that reveals:
Firefly Innovation @ 2024 - Innovation Training and Consultancy in Scotland
All Rights Reserved
Firefly Innovation Ltd is a registered business in Scotland SC588751