Privacy policy.

Data Protection Policy

Policy Statement

The AI Detective Ltd is committed to processing personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We ensure that data is collected, stored, and processed lawfully, transparently, and securely.

Principles

We adhere to the following principles when handling personal data:

·         Lawfulness, fairness, and transparency: Data is processed lawfully, fairly, and in a transparent manner.

·         Purpose limitation: Data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.

·         Data minimisation: Only the data necessary for the intended purpose is collected.

·         Accuracy: Data is kept accurate and up to date.

·         Storage limitation: Data is retained only as long as necessary.

·         Integrity and confidentiality: Data is processed securely to protect against unauthorised access, loss, or destruction.

·         Accountability: We take responsibility for compliance and maintain evidence of our data protection practices.

Responsibilities and Duties

All staff, contractors, and consultants must:

·         Ensure any personal data they handle is accurate, updated, and securely stored.

·         Report any suspected data breaches to the Data Protection Officer (DPO) immediately.

·         Follow company policies and procedures regarding data protection.

The DPO is responsible for:

·         Overseeing compliance with this policy and data protection laws.

·         Acting as the point of contact for individuals and the Information Commissioner’s Office (ICO).

Data Security

We implement appropriate technical and organisational measures to safeguard personal data, including:

·         Password-protected systems and encrypted data storage.

·         Secure handling of physical documents (e.g., locked filing cabinets).

·         Regular training for staff on data protection responsibilities.

Rights of Data Subjects

Individuals have the following rights regarding their personal data:

·         Access: To obtain confirmation of data processing and access their data.

·         Rectification: To have inaccurate data corrected.

·         Erasure: To have data erased in certain circumstances (“right to be forgotten”).

·         Restriction: To restrict processing in specific situations.

·         Data portability: To obtain and reuse their data for their own purposes.

·         Objection: To object to data processing under certain conditions.

Requests can be made in writing to the DPO at [insert contact information], and we will respond within one month.

Consent

Where processing relies on consent, this will be obtained through clear and affirmative action. Sensitive data will only be processed with explicit consent or when legally required.

Data Breaches

In the event of a data breach, we will:

·         Contain the breach immediately.

·         Assess the risk to individuals.

·         Notify the ICO within 72 hours, if required.

·         Inform affected individuals where there is a high risk to their rights and freedoms.

Data Retention

Data will be retained only for as long as necessary to fulfil its purpose and comply with legal or contractual obligations. Specific retention periods are outlined in our Data Retention Policy.

Monitoring and Review

This policy will be reviewed annually or when significant changes in legislation occur.

Policy Version

Version: 1.0

Effective Date: 27/11/2024

Reviewed By: Sharon Brown, Director

Next Review Date: 26/11/2025