State what data you collect, e.g.
Name and job title
Contact information including email address
Demographic information such as postcode, preferences and interests, transactional data
Explain what you do with personal data – and what you do NOT do.
State the physical address of the Data Controller.
List out your group companies, where applicable.
Explain how the personal data you hold is handled and processed.
Your policy on transfer of data overseas (i.e if you don’t do it, then state this).
Subject access arrangements – how can a customer/contact gain access to the personal data you hold on them.
Data security guarantees – ie the physical, electronic and business procedures in place to safeguard and secure the information you collect.
Personal data is defined as information about a living, identifiable individual – identifiable either from that data, or from other information which is likely to come into the possession of the Data Controller. It includes an expression of opinion about the individual and any indication of intention in respect of the individual.
The Data Controller is a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.
Personal data classified under the Act as 'sensitive personal data'
• Racial or ethnic origin
• Religious or other beliefs of a similar nature
• Physical or mental health or condition
• Sexual life
• Offences ( including alleged offences)