Data Protection Policy
| Last updated | 24/09/2025 |
Definitions
| GDPR | means the General Data Protection Regulation. |
| Register of Systems | means a register of all systems or contexts in which personal data is processed by Samuel Leeds Ltd. |
1. Our Commitment
Samuel Leeds Ltd is the Data Controller. We are committed to protecting personal data and handling it lawfully, fairly, securely, and transparently in line with the UK GDPR and Data Protection Act 2018.
2. Principles We Follow
We ensure that personal data is:
Lawful & Fair – processed on a valid legal basis (consent, contract, legal obligation, or legitimate interests).
Limited – we only collect what we need.
Accurate – kept up to date where possible.
Secure – protected against loss, misuse, or unauthorised access.
Retained Only As Needed – deleted or anonymised once no longer required.
3. People’s Rights
Anyone whose data we hold has the right to:
Access their data
Correct inaccurate data
Request deletion (“right to be forgotten”)
Object to certain uses (like marketing)
Restrict or limit processing
Receive a copy of their data in a portable format
Requests will be responded to within one month.
4. Security Measures
We protect data by using:
Passwords, encryption, and secure systems
Limited access for staff who need it
Antivirus, firewalls, and regular backups
Secure deletion when data is no longer needed
5. Sharing and Transfers
We may use trusted third-party service providers (e.g., cloud platforms, payment processors) under written agreements.
If data is transferred outside the UK, we ensure safeguards are in place (such as Standard Contractual Clauses).
6. Samuel Social
7. Data Breaches
All data breaches are logged.
Serious breaches will be reported to the ICO within 72 hours.
If individuals are affected, we will notify them promptly.
8. Staff Responsibility
All staff and contractors handling data must follow this policy and complete basic data protection training.