Future Legends Limited (“Future Legends”) Data Protection Policy 

KEY DETAILS

• Policy Prepared by: Future Legends Directors
• Approved by Management: 25 May 2018
• Policy became operational: 25 May 2018
• Data Protection Officer: Nigel Bruce

INTRODUCTION

Future Legends needs to gather and use certain information about organisations and individuals. These can include customers, suppliers, employees and other people Future Legends has a relationship with and/or needs to contact. This policy describes how this personal data must be collected, handled and stored to meet the company’s data protection standards, and to comply with the law and
GDPR standards.

This data protection policy ensures Future Legends:

• Complies with data protection law and follows good practice
• Protects the rights of staff, customers, suppliers and other partners
• Is open about how it stores and processes individual’s data
• Protects itself from the risk of a data breach

GDPR

The General Data Protection Regulations effective 25 May 2018, describes how organisations, such as Future Legends, must collect, handle and store personal information. All personal information must be collected and used fairly, stored safely, not disclosed unlawfully and only shared with approved partners and no other organisation or individual.

POLICY SCOPE

This Policy applies to

• Future Legends Registered offices
• All staff employed by Future Legends
• All contractors and suppliers working on behalf of Future Legends

This policy relates to all data that the company holds relating to identifiable individuals. This can include:

• Names of individuals
• Postal addresses
• Email addresses
• Telephone numbers

DATA PROTECTION RISKS

This policy helps to protect Future Legends from data security risks, including:

• Breaches of Confidentiality. Data will be kept securely and will not be shared with any organisation other than approved partners
• Failing to offer choice. All individuals are free to choose how the company uses date relating to them
• Reputational damage. Cyber security will be of a high standard and kept up to date by our approved IT Provider

RESPONSIBILITIES

The Data Protection Officer is responsible for:

• Reviewing all data protection procedures and policies
• Arranging data protection training
• Handling data protection questions from staff and anyone else covered by this policy
• Dealing with requests from individuals to see the data Future Legends holds about them, also called “Subject Access Requests”
• Checking and approving all contracts and agreements with approved partnering organisations that will handle the company’s data
• Approve data protection statements attached to communications such as letters and emails

The partnering IT Provider is responsible for:

• Ensuring all systems, services and equipment used for storing data meet security standards
• Performing regular checks and scans to ensure security hardware and software is functioning properly
• Evaluating any third party services the company is considering using to store or process data, such as cloud services

SUBJECT ACCESS REQUESTS

All individuals who are the subject of personal data held by Future Legends are entitled to:

• Ask what information the company holds about them and how to gain access to it
• Be informed how to keep it up to date
• Be informed how the company is meeting its data protection obligations

If an individual contacts the company requesting this information, this is called a “Subject Access Request”. These requests should be made in wiring either by email to nigel@futurelegends.cricket or by post to Future Legends Limited, 4 Pound Lane, Marlow, SL7 2AQ. The data protection officer will provide the relevant data within 14 days.