Data Protection Policy

1. Introduction

Vector Media Agency Limited ("we", "us", "our") is committed to protecting the privacy and security of personal data. This policy outlines our obligations and practices regarding the collection, processing, storage, and disposal of personal data, particularly that of our employees. We are dedicated to complying with all applicable data protection laws, including the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

2. Scope

This policy applies to all employees, contractors, consultants, and any other individuals who process personal data on behalf of Vector Media Agency Limited. It covers all personal data, whether stored electronically or in paper form.

3. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person ("data subject").

  • Data Subject: The natural person to whom personal data relates.

  • Processing: Any operation or set of operations performed on personal data, such as collection, recording, storage, alteration, retrieval, and deletion.

  • Data Controller: Vector Media Agency Limited, who determines the purposes and means of the processing of personal data.

  • Data Processor: Any person or organisation that processes personal data on behalf of the Data Controller.

  • Special Category Data: Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

4. Principles of Data Protection

We will adhere to the following principles when processing personal data:

  • Lawfulness, fairness, and transparency: Data will be processed lawfully, fairly, and in a transparent manner.

  • Purpose limitation: Data will be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.

  • Data minimisation: Data will be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.

  • Accuracy: Data will be accurate and, where necessary, kept up to date.

  • Storage limitation: Data will be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which they are processed.

  • Integrity and confidentiality: Data will be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage.

  • Accountability: We will be responsible for and be able to demonstrate compliance with these principles.

5. Processing of Employee Data

We process employee data for the following purposes:

  • Recruitment and onboarding.

  • Payroll and benefits administration.

  • Performance management.

  • Training and development.

  • Health and safety.

  • Communication and administration.

  • Legal compliance.

The data we collect may include:

  • Contact information (name, address, phone number, email).

  • Employment history.

  • Payroll details.

  • Performance records.

  • Absence records.

  • Training records.

  • Emergency contact information.

  • Identification documents.

6. Legal Basis for Processing

We will only process personal data when we have a legal basis to do so. This may include:

  • Contractual necessity.

  • Legal obligation.

  • Legitimate interests (where not overridden by the rights and freedoms of the data subject).

  • Consent (where applicable).

  • For Special Category Data, explicit consent, or another legal basis under Article 9 of the GDPR.

7. Data Security

We will implement appropriate technical and organisational measures to ensure the security of personal data, including:

  • Access controls and authorisation.

  • Data encryption.

  • Regular backups.

  • Security audits and assessments.

  • Employee training on data protection.

  • Physical security of data storage.

8. Data Subject Rights

Employees have the following rights regarding their personal data:

  • Right to access: The right to obtain confirmation as to whether or not personal data concerning them is being processed, and access to that data.

  • Right to rectification: The right to have inaccurate personal data rectified.

  • Right to erasure ("right to be forgotten"): The right to have personal data erased in certain circumstances.

  • Right to restriction of processing: The right to restrict the processing of personal data in certain circumstances.

  • Right to data portability: The right to receive personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

  • Right to object: The right to object to the processing of personal data in certain circumstances.

  • Right not to be subject to automated decision-making: The right not to be subject to a decision based solely on automated processing, including profiling.

9. Data Retention

We will retain personal data only for as long as necessary for the purposes for which it is processed, in accordance with our data retention schedule.

10. Data Transfers

We will only transfer personal data to third parties when necessary and with appropriate safeguards in place. This may include transfers to:

  • Payroll providers.

  • Benefits providers.

  • IT support providers.

  • Cloud storage providers.

If data is transferred outside of the UK or EEA, we will ensure that appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses.

11. Data Breaches

In the event of a data breach, we will notify the Information Commissioner's Office (ICO) and affected data subjects as required by law.

12. Responsibilities

  • The Designated Person is responsible for overseeing data protection compliance.

  • All employees are responsible for adhering to this policy and protecting personal data.

13. Policy Review

This policy will be reviewed and updated regularly to ensure its effectiveness and compliance with applicable laws.

14. Contact Information

For any questions or concerns regarding this policy or data protection practices, please contact hello@vectoragency.co.uk 

15. Complaints

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe that your personal data has been processed unlawfully.