Privacy Policy

GDPR Policy Statement

Farr Finance needs, as a part of its business activities to gather, store and use information about individuals. These include but are not limited to clients, business contacts, potential customers and other people with whom Farr Finance has a relationship with or may need to contact. 

This policy is designed to outline the policies and procedures for the collection, handling and storage of this data in order to ensure that Farr Finance: 

• Complies with the relevant data protection law, including the General Data Protection Regulation (GDPR) and follows best practice; 

• Protects the rights of those whose data is held; 

• Is transparent about how data is stored and processed; 

• Protects against the risks of a data breach. 

Policy Scope 

This policy applies to: 

• All staff and other people conducting work on behalf of Farr Finance; 

• All suppliers and partners working with Farr Finance. 

It is the responsibility of everyone who works for or with Farr Finance to take data protection seriously and to make themselves aware of the correct procedures for processing data. This applies to all data held by Farr Finance which, within the definition of the act, relates to an identified or identifiable individual. This includes names, postal addresses, work or personal email addresses, telephone numbers, photos, bank details, posts on social networks, dietary requirements or any other information relating to an individual. 

The policy helps to protect Farr Finance from data security risks and bad practice including: 

• Breaches of confidentiality, e.g. information being given out inappropriately 

• Failure to offer choice, e.g. members should be free to choose preferred methods of contact 

• Reputational damage e.g. if it became known that a client’s data had been used inappropriately 

Responsibilities 

Farr Finance is responsible for ensuring that data is stored securely and used appropriately however the below have key areas of responsibility: 

The Director is ultimately responsible for ensuring Farr Finance’s legal compliance; 

• Checking and approving contracts or agreements with third parties that may process or handle data belonging to Farr Finance or clients; 

• Ensuring any marketing initiatives abide by data protection principles 

The Management is responsible for ensuring that: 

• All procedures and related policies are in line with the Farr Finance Data Management Policy and meet acceptable security standards; 

• We are aware of the policies/procedures and receive any necessary training; 

• An up-to-date record is maintained of datasets held or managed, including their source and who it is shared with; 

• Ensuring computers are locked if left unattended; 

• Procedures and privacy notices are reviewed on an annual basis to ensure they are up-to-date and incorporate any developments to best practice; 

• Dealing with subject access requests, i.e. requests from individuals to view the data held by Farr Finance. 

General Guidelines 

Data should be kept secure by taking sensible precautions in their day-to-day activities. These include but are not limited to: 

• using and securing strong passwords: at least 8 characters, including upper and lower case, numbers and/or symbols 

• never using personal information as a password 

• never sharing passwords and changing passwords immediately if they become compromised 

• manually locking computers when away from desks 

• be wary of unsolicited emails and if in doubt delete them 

• data must not be shared informally either within the company or with external parties 

• laptops, phones, and other items which may contain personal data should be kept securely and any loss reported promptly 

• Company-supplied mobile devices must be securely locked when not in use, e.g. via pin code, thumb print or face recognition 

• Data belonging to Farr Finance or its clients must never be stored or accessed on a personal device 

• Mobile devices must be securely stored when out of the office 

Consent 

Farr Finance acknowledges that in the large majority of cases it is working in the area of Business to Business and consent is obtained. However, if we secure consent at any time, then we will ensure that it is freely-given, specific, informed and unambiguous. Farr Finance will also ensure that there must be a positive opt-in, which Farr Finance will document, record and store securely. 

Data Storage 

Farr Financel undertakes to store all data in such a way as to ensure that personal information is secure and cannot be accessed by unauthorised individuals. 

Physical records 

• When not being used, physical records should be stored in the Farr Finance office where they can only be accessed by individuals with access through an appropriate security system 

• Farr Finance will ensure that records with personal data are placed in drawers/cupboards at the end of the working day so that they are not in immediate view 

• Sensitive data must be kept in locked draws/cupboards to which access is restricted to authorised personnel only 

• When no longer required, printed records should be disposed of by shredding or secure recycling 

Electronic Records 

Wherever possible records should be stored electronically on the designated drives and servers. 

• Data must be stored on the secure designated systems, drives and servers in order to protect it from unauthorised access and malicious hacking attempts 

• Data must be held in as few places as possible 

• If data is stored on removable media these must be kept securely 

• Computer should be kept securely and backed up regularly 

Data Use 

Farr Finance as a part of its business functions must collect and analyse data. The company fully acknowledges its responsibility to ensure that the data is used responsibly and that all appropriate precautions are taken to protect the subjects. 

The following rules apply to data use: 

• Data must never be transferred outside of the European Economic Area 

• Staff should wherever possible ensure that data is accurate and up-to-date, and any inaccuracies discovered are fixed within 24hrs 

• Farr Finance will make it as easy as possible for data subjects to amend or update the information the company holds on them 

Data Breaches 

Farr Finance will ensure that it has in place the right procedures to report and investigate any personal data breaches. Where necessary, the ICO or affected individuals will be notified of significant breaches. 

Individuals’ Rights and Subject Access Requests 

Any subject whose data is held by Farr Finance has the right to: 

• ask what information the company holds about them 

• ask how to gain access to it 

• data portability, enabling them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way 

• be informed about how to update/delete data 

• request information as to how Westbrook Industrial meets its data protection obligations 

Farr Finance will not charge for subject access requests and will aim to deal with all requests within 14 days. 

When a Subject Access Request is received it will be handled by the director who will: 

• Request that the subject make the request in writing 

• Take steps to verify the subject’s identity 

• Respond to the request within the legal time frames 

Disclosure 

Farr Finance, in compliance with Data protection laws, will disclose information to law enforcement agencies without the consent of the subject. Farr Finance will, however, take all reasonable steps to ensure that the request is genuine and will take legal advice where deemed necessary.