The Purpose of Data Protection
Nordic Products & Services is committed to safeguarding personal information in compliance with data protection regulations. As a registered Data Controller with the Information Commissioner's Office (ICO), we adhere to the lawful storage, handling, and processing of personal data. We regularly review and monitor our data management practices to ensure full compliance with the latest legislation. Any inaccuracies identified in stored data will be promptly corrected or securely disposed of. We collect and process personal data from individuals who interact with us, including learners, current and prospective employees, suppliers, and other business contacts. This data may include, but is not limited to, names, addresses, email addresses, dates of birth, as well as confidential or sensitive information. In some cases, we may be legally required to collect and process specific types of personal information. Whether stored electronically or on paper, all personal data is managed in accordance with the Data Protection Act 2018. At Nordic Products & Services, the lawful and responsible handling of personal information is crucial to our business integrity and maintaining the trust of our clients, employees, and partners.
Data Protection Principles
Nordic Products & Services is fully committed to upholding the key principles of data protection as outlined in the Data Protection Act 2018. These principles guide how we handle personal data to ensure it is processed responsibly and lawfully. The principles are summarized as follows:
Fair and Lawful Processing - Personal data will be processed in a fair, transparent, and lawful manner.
Purpose Limitation - Data will be collected and processed only for specific, legitimate purposes.
Data Minimization - The personal data we hold will be adequate, relevant, and not excessive for the intended purposes.
Accuracy - We will ensure personal data is accurate and, where necessary, kept up to date.
Storage Limitation - Data will not be retained for longer than necessary in relation to the purposes for which it is processed.
Rights of Data Subjects - Personal data will be processed in line with the rights of individuals, including access and correction rights.
Data Security - We will take appropriate technical and organizational measures to keep personal data secure.
International Transfers - Personal data will not be transferred outside the European Economic Area (EEA) unless there is sufficient protection in place to safeguard the data.
By adhering to these principles, Nordic Products & Services ensures the lawful and secure processing of personal information.
Company Responsibilities
Nordic Products & Services is dedicated to using the personal data it holds to ensure compliance with current legislation, particularly in the areas of equal opportunities and non-discrimination. For employee data, the company conducts regular reviews to verify the accuracy of the information held. This involves periodically contacting employees to confirm their personal details are up to date.
Employees are responsible for informing the Corporate Services Department of any material changes to their personal information, such as changes to names, addresses, next of kin, or contact details, as soon as possible.
In addition to employee data, the company may collect and store information related to individuals associated with its business operations, recruitment, or training programs. All collected information is verified where possible and regularly audited to ensure accuracy.
Data Security, Confidentiality, and Privacy
All data stored, processed, or transmitted within or from Nordic Products & Services, including via email and voicemail, is the property of the company and may be accessed or monitored as necessary. Employees with access to company IT resources are required to maintain confidentiality and ensure proper use of accessible data, including securing devices and protecting access rights such as passwords. Employees must respect the privacy rights of colleagues concerning personal data, and any unauthorized disclosure or use of confidential information is strictly prohibited. Unauthorized access to restricted areas of the network or confidential data will result in disciplinary action.
Data Breach or Data Loss
Employees who handle personal data are responsible for ensuring the security of that data at all times. This includes implementing necessary protections, such as antivirus software, passwords on devices, and securing physical storage like filing cabinets. Employees should also take steps to prevent the physical loss of data, such as avoiding leaving laptops or paperwork in insecure locations.
In the event of a data loss or suspected data loss, employees are required to report the incident to a company director immediately.
Privacy
Users of Nordic Products & Services' IT resources should be aware of the open nature of electronic communications and not assume privacy or restricted access. Although the company takes steps to ensure the secure transmission of data, it cannot guarantee that security measures will not be bypassed or compromised by unauthorized parties. While it is not the company’s policy to continuously monitor internet usage, email communications, or data files, it reserves the right to do so if necessary. Employees should understand that they have no right to privacy regarding company-owned or leased equipment. The company may access or delete any data stored on its systems.In most cases, the company will seek an employee’s permission before accessing personal data or communications. However, in cases of disciplinary investigations, requests from government agencies, or legal proceedings, the company reserves the right to access and secure data without prior notice or permission.
Your Right To Access Your Personal Data
Nordic Products & Services recognizes your right to access your personal data under the Data Protection Act 2018. Individuals can submit a request for this information, known as a "Subject Access Request" (SAR).
All SARs should be directed to the Director of Operations.
To process a request, Nordic Products & Services requires:
1. A written request
2. Proof of identity
Once both requirements are received, we will begin processing your request as soon as possible and get back to you with a maximum response window of 1 month. If additional information is needed to fulfil your request, the timeline will be paused and will resume once the necessary details are provided.