Data Protection

On this page, and the pages which it links to, we have used some words and phrases; these are explained below.

• “Data Protection Law” means the EU General Data Protection Regulation 2016/679 (GDPR) which came into force on the 25 May 2018, and it is supplemented by the Data Protection Act 2018. We refer to these as “data protection law”.
• “Personal data” means any information which relates to a living, identifiable person.  It can include names, addresses, telephone numbers, email addresses etc but it is wider than that and includes any other information relating to that person or a combination of information which, if put together, means that the person can be identified.
• “Special category data” means personal data about a person’s race, ethnic origin, politics, religion, trade union membership, genetics, biometrics (where used for ID purposes), health, sex life or sexual orientation.
• “Processing” covers all activities relating to the use of personal data by an organisation, from its collection through to its storage and disposal and everything in between.
• “Data subject” means the person whose personal data is being processed.
• “Data controller” means the organisation which is responsible for processing data and ensuring that personal data is processed in accordance with data protection law.
• “Data subject rights” means the right given to data subject under data protection law. These are clearly explained within our Data Subject Rights Page.
• “Privacy notice” means a notice provided to data subjects to inform them of information which ensures that the processing of their personal data is transparent and to ensure they are aware of their data subject rights in relations to that processing.