Data Protection Policy

Definitions

Premier Legal Assist Is a company which is registered in accordance with the Data Protection Act 2018 with registration number ZA116686
GDPR Means the General Data Protection Regulation 2016
DPA Means the Data Protection Act 2018
FCA Means the Financial Conduct Authority who is the regulator of claims management companies
Responsible Person Means Rob Thompson who is responsible for data protection within the Company

1. Data Protection Principles

Premier Legal Assist is committed to processing data in accordance with its responsibilities under the GDPR and DPA. We also strive to treat customers and their data fairly in order to comply with FCA requirements and ensure the best service.

Article 5 of the GDPR requires that personal data shall be:

a. Processed lawfully, fairly and in a transparent manner in relation to individuals;

b. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;

c. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

d. Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;

e. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and

f. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.


2. General Provisions

a. This Policy applies to all personal data processed by Premier Legal Assist Limited.

b. The Responsible Person shall take responsibility for Premier Legal Assist Limited's ongoing compliance with this Policy.

c. This Policy shall be reviewed at least annually.

d. Premier Legal Assist Limited is registered with the Information Commissioner's Office as an organisation that processes personal data with registration number ZA116686.


3. Lawful, Fair and Transparent Processing

a. Individuals have the right to access their personal data and any such requests made to Premier Legal Assist Limited shall be dealt within 30 days and free of charge.


4. Lawful Purposes

a. All data processed by Premier Legal Assist Limited must be on one of the following lawful basis: Consent, Contract, Legal Obligation, Vital Interests, Public Task or Legitimate Interests.

b. Premier Legal Assist Limited shall note the appropriate lawful basis for the personal data collected.

c. Where Consent is relied upon as a lawful basis for processing data, evidence of opt-in consent shall be kept with the personal data.

d. Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent should be clearly available and systems should be in place to ensure such revocation is reflected accurately in Premier Legal Assist Limited's systems.


5. Data Minimisation

a. Premier Legal Assist Limited shall ensure that personal data is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed in accordance with our Data Retention Policy.


6. Accuracy

a. Premier Legal Assist Limited shall take reasonable steps to ensure personal data is accurate.

b. Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that personal data is kept up to date.


7. Security

The following technical measures are in place within Premier Legal Assist Limited to protect the security of personal data:

a) All emails containing personal data must be encrypted;

b) All personal data transferred physically should be transferred in a suitable container marked "confidential";

c) No personal data may be shared informally and if access is required to any personal data, such access should be formally requested.

d) No personal data may be transferred to any employees, agents, contractors, or other parties, whether such parties are working on behalf of the Company or not, without authorisation;

e) Personal data must be handled with care at all times and should not be left unattended or on view;

f) Computers used to view personal data must always be locked before being left unattended;

g) No personal data should be transferred to any device personally belonging to an employee and personal data may only be transferred to devices belonging to agents, contractors, or other parties working on behalf of the Company where the party in question has agreed to comply fully with the this Data Protection Policy, the GDPR and the Data Protection Act 2018.

h) All personal data stored electronically should be backed up daily with backups stored in a suitable secure location for resilience and security. All backups should be encrypted using passwords or hashing algorithms (such as SHA-256);

i) All electronic copies of personal data should be stored securely using passwords and encryption;

j) All passwords used to protect personal data should be changed regularly and should must be secure;

k) Under no circumstances should any passwords be written down or shared. If a password is forgotten, it must be reset using the applicable method;

l) All software should be kept up-to-date. Security-related updates should be installed as soon as reasonably possible after becoming available;

m) No software may be installed on any Company-owned computer or device without approval; and

n) Where personal data held by the Company is used for marketing purposes, it shall be the responsibility of the company to ensure that the appropriate consent is obtained and that no data subjects have opted out, whether directly or via a third-party service such as the TPS.

The following organisational measures are in place within the Company to protect the security of personal data:

a) Individuals working on behalf of the Company shall be made fully aware of the Company’s responsibilities under the GDPR

b) Only employees and other parties working on behalf of the Company that need access to, and use of, personal data in order to perform their work shall have access to personal data held by the Company;

c) All employees and other parties working on behalf of the Company handling personal data will be appropriately trained to do so;

d) All employees and other parties working on behalf of the Company handling personal data should exercise care and caution when discussing any work relating to personal data at all times;

e) Methods of collecting, holding, and processing personal data shall be regularly evaluated and reviewed;


8. Breach

In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, Premier Legal Assist Limited shall promptly assess the risk to people's rights and freedoms and, if appropriate, report this breach to the ICO within the 72 hour statutory time limit using the form annexed to this policy.