Data Protection Policy

Data Protection Policy

This is a statement of data protection policy adopted by Biffa, working in partnership with Wakefield Council on the 4th September 2024.

We recognise that in order that we can operate and meet our legal obligations we need to collect and use personal data as defined by the Data Protection Act 2018 and the General Data Protection Regulation 2018/679 (the “GDPR”) . We also recognise that this personal information must be dealt with properly however it is collected, recorded and used - whether on paper, in a computer, or recorded on other material - and there are safeguards to ensure this is in the Data Protection Act 1998.

We regard the lawful and correct treatment of personal information as very important to our successful operation and recognise the need to maintain confidence with people who we deal with. We also recognise the need to ensure that we treat personal information lawfully and correctly

To this end we fully endorse the Principles of data protection, as set out in the Data Protection Act 1998. Specifically, the Principles require that personal data shall be:

“(a) processed lawfully, fairly and in a transparent manner in relation to individuals (‘lawfulness, fairness and transparency’);

(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes (‘purpose limitation’);

(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);

(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);

(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals (‘storage limitation’);

(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’)

Therefore, we will, through appropriate management, and strict application of criteria and controls:

• “(a) ensure that personal data is processed lawfully, fairly and in a transparent manner;
• (b) collect personal data only for the purposes of providing our services to Wakefield Council and will not further process it in a manner that is incompatible with this purpose;
• (c) ensure that our retention and use of personal data is adequate, relevant and limited to what is necessary in relation to the performance of our services for Wakefield Council;
• (d) ensure that the personal data we retain is accurate and, where necessary, kept up to date; and will take every reasonable step to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
• (e) keep personal data in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
• (f) process personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.

 

In addition, we will ensure that:

• there is someone with specific responsibility for data protection in the organisation. (Currently, the Nominated Person is Biffa’s Data Protection Officer);
• everyone managing and handling personal information understands that they are contractually responsible for following good data protection practice;
• everyone managing and handling personal information is appropriately trained to do so;
• everyone managing and handling personal information is appropriately supervised;
• anybody wanting to make enquiries about handling personal information knows what to do;
• queries about handling personal information are promptly and courteously dealt with;
• methods of handling personal information are clearly described;
• a regular review and audit is made of the way personal information is managed;
• methods of handling personal information are regularly assessed and evaluated;
• performance with handling personal information is regularly assessed and evaluated