Data Protection & Privacy Policy

Purpose and Scope

At Pentland Group we are committed to protecting the privacy of our employees’, business contacts’ and consumers’ personal information. This includes the personal information collected or processed by our subsidiaries and their personnel.

This Policy sets out the general principles that we expect to apply when Pentland Group and its subsidiaires collect and/or use personal information. These principles set out the rules on how we expect personal information to be handled.

This is a complex area of law and we expect Pentland Group subsidiaries to seek professional advice where appropriate. In particular, they should immediately seek legal advice and promptly inform Pentland Group if they become aware of a breach or potential breach of this Policy.

The Pentland Group Data Protection Principles

Pentland Group and any of its subsidiaries and personnel who come into contact with personal information must follow these principles:

Lawfulness, Fairness and Transparency: We will collect and use personal information “fairly” and “lawfully”. This means that we will be open and transparent with people about how we use their personal information and whether it is passed to a third party.

Purpose: We will only collect personal information that is relevant to, and necessary for, a particular and legitimate purpose and will only use personal information in a way that is compatible with the purpose for which it is collected. We will also ensure data protection and privacy is considered at the outset of any new project involving personal information and that an appropriate impact assessment is conducted where necessary.

Data Minimisation: We will only use personal information that is adequate, relevant and limited to what is necessary for the purpose for which it is used.

Accuracy: We will keep personal information accurate, and where necessary up-to-date. We will take every reasonable step to ensure that inaccurate personal information is erased or rectified without delay.

Retention: We will keep personal information in a form that allows people to be identified for no longer than necessary for the purpose for which the personal information is collected.

Security: We will implement appropriate technical and organisational measures to safeguard personal information, including where third parties (such us our service providers) are processing personal information for us.

Individual Rights: We will provide individuals with appropriate access to their personal information as well as the ability to have their personal information erased or corrected where it is factually incorrect. We will also allow individuals to object to their personal information being used for certain purposes.

Sharing and Cross-border Transfers: We will only share personal information in appropriate circumstances. Where necessary, we will implement appropriate measures to enable personal information to be transferred lawfully outside of the European Economic Area.

Accountability: We will implement appropriate training and measures so we can demonstrate that all material use of personal information is performed in compliance with this Policy. We will investigate and seek to resolve any complaints or disputes arising in connection with this Policy.

This Policy will be periodically reviewed and updated as necessary to ensure it is effective and meets Pentland Group’s requirements.

This Policy was last updated on 14 March 2018