Data Protection Statement

This is a statement outlining how Flying Colours meets its obligations under the Data Protection Act 1998 (“the Act”). The policy is subject to regular review to reflect, for example, changes to legislation or the structure or policies of Flying Colours. All staff are expected to comply with the policy.

Flying Colours needs to collect and use certain types of information about people with whom it deals in order to operate.

These include current, past and prospective customers, Flying Colours’ own employees, suppliers and others with whom Flying Colours conducts business. This personal information must be dealt with properly however it is collected, recorded and used – whether on paper, electronically, or other means – and there are safeguards to ensure this in the Data Protection Act 1998.

We regard the lawful and correct treatment of personal information by Flying Colours as important to the achievement of its objectives and to the success of its operations, and to maintaining confidence between those with whom we deal and ourselves. We therefore need to ensure that its organisation treats personal information lawfully and correctly.

To this end, we fully endorse and adhere to the Principles of data protection, as set out in the Data Protection Act 1998.

The eight Principles require that personal information:

  • shall be processed fairly and lawfully and, in particular, shall not be processed unless specific conditions are met;
  • shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes;
  • shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed;
  • shall be accurate and, where necessary, kept up to date;
  • shall not be kept for longer than is necessary for the specified purpose(s);
  • shall be processed in accordance with the rights of data subjects under the Act;
  • should be subject to appropriate technical and organisational measures to prevent the unauthorised or unlawful processing of personal data, or the accidental loss, destruction, or damage to personal data;
  • shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Flying Colours will, through appropriate management and strict application of criteria and controls:

  • observe fully conditions regarding the fair collection and use of information;
  • meet its legal obligations to specify the purposes for which information is used;
  • collect and process appropriate information only to the extent that it is needed to fulfil its operational needs or to comply with any legal requirements;
  • ensure the quality of information used;
  • ensure that the information is held for no longer than is necessary;
  • ensure that the rights of people about whom information is held can be fully exercised under the Act (i.e. the right to be informed that processing is being undertaken, to access one’s personal information; to prevent processing in certain circumstances, and to correct, rectify, block or erase information that is regarded as wrong information);
  • take appropriate technical and organisational security measures to safeguard personal information;
  • ensure that personal information is not transferred abroad without suitable safeguards.

To comply with the Act and its principles, Flying Colours has created and implemented various internal policies and procedures, available to all staff, outlining individual and organisational data protection responsibilities and providing detailed guidance on internal data protection procedures.