Data Protection Policy
Overview
We collect and process information about individuals (“personal data”) for business purposes, including employment and HR administration, provision of our services, marketing and business administration. This includes personal data relating to our staff, customers, suppliers and other third parties.
Compliance with data protection law is essential to ensure that personal data remains safe, our business operations are secure, and the rights of individuals are respected. Richard Hughes Racing Ltd is a controller under data protection law, meaning it decides how and why it uses personal data.
This policy explains our procedures for complying with data protection law in relation to personal data. It also sets out your obligations whenever you are processing personal data in the course of your employment.
For more information on how we handle personal data, please refer to our:
This policy does not give any contractual rights to employees and may be updated at any time.
Who Does This Policy Apply To?
This policy applies to all employees, workers, contractors, agency workers, consultants, volunteers, partners and directors (“Employees”).
Who Is Responsible for Data Protection?
The Director is responsible for compliance with data protection law.
Data Protection Lead: Rose Osborn
If you have any concerns or questions, contact:
office@richardhughesracing.co.uk
Why Data Protection Matters
Data protection law in the UK is enforced by the Information Commissioner’s Office (ICO). Failure to comply can lead to legal penalties, financial claims, and damage to our reputation.
Failure to follow this policy may also result in disciplinary action.
What Is Personal Data?
Personal data is any information relating to a living person who can be identified, directly or indirectly. This includes names, email addresses, contact details, identification numbers and more.
What Is Processing?
Processing means any action taken with personal data, including collecting, storing, using, sharing or deleting it.
Key Data Protection Principles
1. Fair, Lawful and Transparent Use
We only process personal data where there is a valid legal reason, such as fulfilling a contract, complying with law, or legitimate business interests.
2. Sensitive Data
Extra care is taken when handling sensitive data such as health or background information. Additional legal safeguards are applied.
3. Purpose Limitation
Personal data is only used for clear and legitimate purposes related to our business.
4. Data Minimisation
We only collect the data we need and nothing more.
5. Accuracy
We take steps to ensure personal data is accurate and kept up to date.
6. Retention
Personal data is only kept for as long as necessary.
7. Security
We use appropriate technical and organisational measures to protect personal data.
8. Sharing Data
We only share personal data where necessary and lawful, including with trusted service providers or authorities where required.
9. International Transfers
We do not currently transfer personal data outside the UK.
10. Data Breaches
All data breaches must be reported immediately. Serious breaches are reported to the ICO within 72 hours.
11. Automated Decisions
We do not generally use automated decision-making or profiling.
12. Data Protection by Design
We consider data protection at every stage of our processes and projects.
Your Rights
Individuals have rights under data protection law, including:
- Access to their data
- Correction of inaccurate data
- Deletion of data
- Restriction or objection to processing
- Data portability
To exercise your rights, contact:
office@richardhughesracing.co.uk
Related Policies
Record Keeping and Training
We maintain records of our data processing activities and provide staff training to ensure compliance.
Updates
This policy may be updated at any time.
Effective Date: 25 May 2018
