DATA PROTECTION
Let us assist you in safeguarding your personal information with our comprehensive data protection solutions. We prioritize your privacy, ensuring that your data remains secure and fully compliant with all relevant regulations.
INTRODUCTION
[This Policy (“Policy”) sets out the Data Protection Principles which [WHARF NOTARIES with registered business number 14151425] (“Business”) commits to comply with when processing personal data in the course of its business of providing notarial services.]
- The Appendix contains a Glossary of defined terms.
COMPLIANCE WITH THIS POLICY
- The Business ensures personal data protection in accordance with this Policy by all Notaries, Personnel, and Suppliers.
- Breaches of data protection laws by any Notary, Personnel, or Supplier can lead to penalties, including monetary fines and reputational damage.
THE DATA PROTECTION PRINCIPLES
The Business commits to the following principles:
Principle | Description |
---|---|
1. Fairness and Transparency | The Business must process personal data fairly and inform individuals about the processing purpose and legal basis through a privacy notice provided in engagement letters, service agreements, or on the website. Notices should also indicate data recipients, retention period, rights to access and rectify data, and the presence of Automated Decisions. |
2. Lawful Processing | Personal data, including special categories, must be processed lawfully. Common bases include contract performance, legitimate interests, legal obligations, consent, and protection of vital interests. |
3. Purpose Limitation | Personal data should be collected for specific, explicit, and legitimate purposes related to client services, Personnel management, or compliance with legal obligations. Any further use must align with the original purpose or be legally permitted. |
4. Data Minimisation | Only data that is adequate, relevant, and necessary for processing purposes should be collected. The Business may return data to the client if it is deemed excessive. |
5. Data Accuracy | The Business takes reasonable steps to ensure the accuracy, completeness, and timeliness of personal data. Contracts with clients may include clauses to ensure accuracy in provided data. |
6. Individual Rights | Individuals have rights regarding their personal data, including access, erasure, rectification, and objection. The Business will respond to Individual Rights Requests appropriately. |
7. Storage Limitation | Data should only be retained as long as necessary for the original purpose, except for records subject to legal obligations, such as the Notaries Practice Rules. Personnel records, for example, are retained for a maximum of 12 months post-employment unless longer retention is legally required. |
8. Data Security | Physical, organisational, and technical security measures (e.g., locked offices, access restrictions, antivirus software) are implemented to protect data, including data processed by third parties. |
9. Accountability | Governance processes are implemented to ensure compliance with Data Protection Principles, including documentation of policies, assurance through training, and compliance checks. |
GOVERNANCE PROCESSES
Process | Description |
---|---|
Documented Policies | The Business will comply with this Policy and adopt other data protection policies as necessary to ensure compliance with data protection laws. |
Assurance | Personnel and Suppliers will receive access to this Policy and are obligated to follow it. Data protection obligations are included in Supplier service agreements, where applicable. |
Advice | When necessary, the Business will seek advice to ensure compliance with data protection laws. |
Third Parties | The Business follows the Policy: Appointing Suppliers when selecting third parties who may process personal data on behalf of the Business. |
Data Protection Impact Assessments | DPIAs are conducted for processing likely to result in high risks to individuals’ rights. These assessments identify potential risks and establish safeguards. DPIAs are documented and stored. |
Record-Keeping | A record of processing activities, including processing purposes, data categories, retention periods, and security measures, is maintained in a notary register or similar document. This record is updated as needed. |
Privacy by Design | New processing activities or tools that process personal data are designed to comply with Data Protection Principles. |
Complaint Handling | A process is implemented to handle enquiries and complaints from individuals and supervisory authorities. Complaints are addressed promptly and in accordance with statutory deadlines. |
APPENDIX: GLOSSARY
Term | Definition |
---|---|
Anonymous Data | Data that cannot be linked to an identifiable individual, or data that has been permanently anonymised. |
Automated Decision | A decision with legal or significant effects, based solely on automated processing, including profiling. |
Controller | A party that determines the purpose and means of data processing. |
Data Subject | The individual whose personal data is being processed. |
Individual Rights Request | A request by a data subject concerning their personal data, such as requests for access, erasure, or rectification. |
Personal Data | Information relating to an identified or identifiable natural person (e.g., name, address, job title, email, and more). |
Personnel | All employees and affiliates of the Business, including agency workers, contractors, and consultants. |
Processing | Operations performed on personal data, such as collection, storage, use, or disclosure. |
Processor | A party that processes personal data on behalf of a Controller. |
Pseudonymised Data | Personal data that can only be attributed to a specific individual with additional information kept separately to protect the individual’s identity. |
Special Categories of Personal Data | Data revealing racial or ethnic origin, political opinions, religious beliefs, or trade union membership, as well as biometric, genetic, health, or sexual orientation data. |
Supplier | Any third party providing services to the Business. |