Data Protection Policy

Introduction

EliteTP Ltd (referred to as “the Company”) is committed to ensuring the protection, confidentiality, and security of all personal data collected, processed, and stored as part of its operations. This Data Protection Policy outlines the principles and procedures that the Company follows to comply with UK data protection laws and regulations, including the General Data Protection Regulation (GDPR).

Scope

This policy applies to all employees, contractors, and third-party service providers who handle personal data on behalf of EliteTP Ltd. It covers all personal data collected, processed, or stored by the Company in the course of providing tax rebate services to clients.

Principles of Data Protection

The Company adheres to the following principles of data protection:

  • Lawfulness, Fairness, and Transparency: Personal data is processed lawfully, fairly, and transparently, with appropriate legal bases for processing established.
  • Purpose Limitation: Personal data is collected and processed for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
  • Data Minimisation: Personal data is limited to what is necessary in relation to the purposes for which it is processed and is kept accurate and up to date where necessary.
  • Accuracy: Personal data is accurate, kept up to date, and rectified without delay when inaccuracies are identified.
  • Storage Limitation: Personal data is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
  • Integrity and Confidentiality: Personal data is processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

Data Collection and Processing

  • The Company collects and processes personal data only for specified and legitimate purposes related to providing tax rebate services to clients.
  • Personal data is collected directly from clients and is limited to what is necessary for the provision of services.
  • The Company ensures that all personal data collected is accurate, up to date, and relevant to the purposes for which it is processed.

Data Security

  • The Company implements appropriate technical and organisational measures to ensure the security of personal data against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
  • Access to personal data is restricted to authorised employees, contractors, and third-party service providers on a need-to-know basis.

Data Subject Rights

  • The Company respects the rights of data subjects under data protection laws, including the right to access, rectification, erasure, restriction of processing, data portability, and objection to processing.
  • Data subjects can exercise their rights by contacting the Company’s Data Protection Officer (DPO) using the contact details provided in this policy.

Data Breach Management

  • The Company has procedures in place to detect, report, and investigate personal data breaches in accordance with legal requirements.
  • In the event of a data breach, the Company will notify the relevant supervisory authority and affected data subjects without undue delay, as required by law.

Data Protection Officer

  • The Company has appointed a Data Protection Officer (DPO) responsible for overseeing compliance with data protection laws and regulations.
  • The DPO serves as the point of contact for data subjects and supervisory authorities regarding data protection matters.

Training and Awareness

  • The Company provides regular training and awareness programs for employees on data protection laws, policies, and procedures.
  • Employees receive training on their responsibilities for protecting personal data and handling data securely.

Review and Updates

  • This Data Protection Policy is reviewed regularly and updated as necessary to ensure compliance with changes in data protection laws, regulations, and best practices.
  • Employees are notified of any updates to the policy and provided with training and guidance on implementing changes.

Contact Information

For inquiries or concerns regarding data protection, including the exercise of data subject rights, employees, clients, and other stakeholders can contact the Data Protection Officer (DPO) David Long via email [email protected].

This Data Protection Policy is effective 7th October 2024 and supersedes any previous versions.