Privacy Policy

We are committed to:

Ensuring that we comply with the eight data protection principles, as listed below
Meeting our legal obligations as laid down by the Data Protection Act 1998
Ensuring that data is collected and used fairly and lawfully
Processing personal data only in order to meet our operational needs or fulfil legal requirements
Taking steps to ensure that personal data is up to date and accurate
Establishing appropriate retention periods for personal data
Ensuring that data subjects’ rights can be appropriately exercised
Providing adequate security measures to protect personal data
Ensuring that a nominated officer is responsible for data protection compliance and provides a point of contact for all data protection issues
Ensuring that all staff are made aware of good practice in data protection
Providing adequate training for all staff responsible for personal data
Ensuring that everyone handling personal data knows where to find further guidance
Ensuring that queries about data protection, internal and external to the organisation, is dealt with effectively and promptly
Regularly reviewing data protection procedures and guidelines within the organisation.

Data Protection Principles

Personal data shall be processed fairly and lawfully.

Personal data shall be obtained for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.

Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

Personal data shall be accurate and, where necessary, kept up to date.

Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

Personal data shall be processed in accordance with the rights of data subjects under the Data Protection Act 1998.

Appropriate technical and organisational measures shall be taken against unauthorised and unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Information Disclosure

Replay Maintenance Ltd requires all staff to be vigilant and exercise caution when asked to provide personal data held on another individual. In particular, they must ensure that requests for personal information which they are concerned about being improper should be directed to the Data Protection Representative and under no circumstances should personal information be disclosed either orally or in writing to any external person, which includes family members and friends without the express prior consent of the relevant individual or the Data Protection Representative.

Rights of Individuals

Under the Act, an individual has the following rights:

To request access to information held about them, the purpose for which the information is being used and those to whom it is, has or can be disclosed to;

To prevent data processing that is likely to cause distress or damage;

To prevent data processing for direct marketing reasons;

To be informed about the reasons behind any automatic decision made;

To seek compensation if they suffer damage as a result of any breach of the Act by the Data Controller;

To take action to stop the use of, rectify, erase, or dispose of inaccurate information;

To ask the Information Commissioner to assess if any Personal Data processing has not been followed in accordance with the Act.

Access to Personal Data

Subject to exemptions, the Act gives any individual who has personal data kept about them by the Company the right to request in writing a copy of the information held relating to the individual in electronic format and also in some manual filling systems. Any person who wants to exercise this right should in the first instance make a written request to the Company. The Company will make an administrative charge of £10 each time that a request is made.

After receipt of a written request, the fee and any information needed as proof of identity of the person making the request, the Company will ensure that the individual receives access within 40 calendar days, unless there is a valid reason for delay or an exemption is applicable.

The Act does not prevent an individual making a subject access request via a third party, including by a solicitor acting on behalf of a client. In these cases and prior to the disclosure of any personal information, the Company would need to be satisfied that the third party making the request is entitled to act on behalf of the individual and would require evidence of this entitlement.

Whilst the Act does not limit the number of subject access requests an individual can make to any organisation, the Company is not obliged to comply with an identical or similar request to one already dealt with, unless a reasonable interval has elapsed between the first request and any subsequent ones.

Retention and Disposal of Data

Your rights

You have the right to request a copy of the information that we hold about you.

You have the right to withdraw consent at any time.

You have the right to request the deletion of some or all of your personal information.

To exercise any of these rights please contact us by

Email: info@replaymaintenance.com

Phone: 01636 640506

Post: Replay Sports Equipment, Lancaster House, 21 Roseland Business Park, Long Bennington, England, NG23 5FF