This policy provides a framework for ensuring that Norsk meets its obligations under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 18). It applies to all the processing of personal data carried out by Norsk including processing carried out by joint controllers, contractors, and processors.
Norsk complies with data protection legislation guided by the six data protection principles.
In summary, they require that personal data is:
In addition, the accountability principle requires us to be able to evidence our compliance with the above six principles and make sure that we do not put individuals at risk because of processing their personal data.
Failure to do so, can result in breach of legislation, reputational damage, or financial implications due to fines. To meet our obligations, we put in place appropriate and effective measures to make sure we comply with data protection law.
The UK GDPR definition of "personal data" includes any information relating to an identified or identifiable natural living person.
Pseudonymised personal data is covered by the legislation, however anonymised data is not regulated by the UK GDPR or DPA 18, providing the anonymisation has not been done in a reversible way.
Some personal data is more sensitive and is afforded more protection, this is information related to:
Norsk is committed to transparent, lawful, and fair proportionate processing of personal data. This includes all personal data we process about customers, staff or those who work or interact with us.
We have an established Compliance team that ensures the risk to personal data across Norsk is identified and appropriately managed.
This team’s detailed roles and responsibilities comprises:
Compliance with this policy will be monitored via the DPO.
Personal data: any information relating to an identifiable living individual who can be identified from that data or from that data and other data.
This includes not just being identified by name but also by any other identifier such as ID number, location data or online identifier, or being singled out by any factors specific to the physical, physiological, genetic, mental, cultural, or social identity of the individual.
Processing: anything that is done with personal data, including collection, storage, use, disclosure, and deletion.
Special category personal data: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying an individual, data concerning health or data concerning an individual's sex life or sexual orientation.
Controller: the organisation (or individual) which, either alone or jointly with another organisation (or individual) decides why and how to process personal data. The Controller is responsible for compliance with the DPA and GDPR.
Personal Data Breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored, or otherwise processed.
Pseudonymisation: the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Name: Norsk European Wholesale Ltd
Address: 2 Willow Road, Colnbrook, Berkshire, SL3 0BS
Tel: +44 (0)1753 800 800
This is to reference that some information in this policy has been sourced from the Information Commissioner's Office Website, Data Protection Policy September 2021 v1.0, licensed under the Open Government Licence