Data Protection Principles
LSSE adheres to the following data protection principles:
Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and transparently. Data subjects are informed about the purposes of data processing and their rights.
Purpose Limitation: We collect and process personal data for specific, explicit, and legitimate purposes. Data is not processed for incompatible purposes.
Data Minimization: LSSE ensures that personal data processed is adequate, relevant, and limited to what is necessary for the intended purpose.
Accuracy: Personal data is accurate and, where necessary, kept up to date. LSSE takes reasonable steps to rectify or erase inaccurate data.
Storage Limitation: Personal data is kept in a form that permits identification for no longer than is necessary for the intended purpose.
Integrity and Confidentiality: LSSE processes personal data securely, maintaining its confidentiality, integrity, and availability. Appropriate measures are in place to protect data from unauthorized access, disclosure, alteration, or destruction.
Data Protection Officer (DPO):
LSSE appoints a Data Protection Officer who is responsible for overseeing data protection activities, ensuring compliance with data protection laws, and serving as a point of contact for data subjects and supervisory authorities.
Data Collection and Consent:
LSSE collects personal data only when necessary for specified purposes and with the data subject’s informed and unambiguous consent. Data subjects are informed about the purposes of data collection and their rights.
LSSE implements technical and organizational measures to protect personal data from security breaches and unauthorized access. Data is securely stored, and access is restricted to authorized personnel.
Data Subject Rights:
LSSE recognizes and respects data subject rights, including the right to access, rectification, erasure, and restriction of data processing. Data subjects have the right to object to processing and the right to data portability.
LSSE ensures that international data transfers comply with applicable data protection laws. Adequate safeguards are in place when transferring data outside the European Economic Area (EEA).
Data Breach Response:
In the event of a data breach, LSSE follows a structured response procedure. The Information Commissioner’s Office (ICO) and affected data subjects are notified when required by law.
Data Privacy Impact Assessments (DPIAs):
LSSE conducts DPIAs for high-risk data processing activities to assess and mitigate potential data protection risks.
Training and Awareness:
LSSE provides data protection training and awareness programs to personnel to ensure a comprehensive understanding of data protection principles and compliance requirements.
Policy Review and Updates:
This Data Protection Policy is reviewed and updated regularly to ensure compliance with evolving data protection regulations and best practices.
For inquiries or concerns related to data protection at LSSE, please contact our Data Protection Officer at [[email protected]]
This Data Protection Policy reflects LSSE’s commitment to safeguarding personal data while ensuring transparency, integrity, and compliance with data protection laws. Data subjects can request further information or exercise their rights by contacting our Data Protection Officer.