Data Protection Statement
Ormonde Technologies (SurfBox) Ltd (‘the Company’) needs to collect ùser data (information) for limited purposes about users of its services in public libraries, shopping centres, and other public venues hosting its services. The purpose of processing user data is for the delivery of print and copy services at these venues. Data Protection is the safeguarding of the privacy rights of individuals in relation to the processing of user data. The Data Protection Act 1988 and the Data Protection (Amendment) Act 2003 confer rights on individuals as well as responsibilities on those persons processing user data.
Purpose of this Statement
This is a statement of the Company’s commitment to protect the rights and privacy of individuals in accordance with the Data Protection Act 1988 and the Data Protection (Amendment) Act 2003.
Principles of the Acts
The Company will administer its responsibilities under the legislation in accordance with the stated data protection principles outlined in the Act as follows:
- Obtain and process information fairly
The Company will obtain and process user data fairly and in accordance with the fulfilment of its functions. The user data obtained during the fulfilment of its functions are as follows:
- Printing: Individual’s documents submitted for print purposes. Additionally, the individual’s email address is required to be submitted for the purpose of submission of print jobs via email.
- Scanning / Copying: Individual’s documents obtained for scanning purposes. Additionally, individual’s email is required to be submitted for the purpose of scanning document to email.
- Keep it only for one or more specified, explicit and lawful purposes
The Company will keep data for purposes outlined in the previous section that are specific, lawful and clearly stated and the data will only be processed in a manner compatible with these purposes.
- Use and disclose it only in ways compatible with these purpose
The Company will only not disclose user data for any purpose other than for delivery of its services.
- Keep it safe and secure
The Company will take appropriate security measures against unauthorised access to, or alteration, disclosure or destruction of, the data and against their accidental loss or destruction. The Company is aware that high standards of security are essential for all personal information.
- Ensure that it is adequate, relevant and not excessive
User data held by the Company will be adequate, relevant and not excessive in relation to the purpose/s for which it is kept.
- Retain it for no longer than is necessary for the purpose or purposes
The Company will only retain data for the duration of its service delivery and for any support purposes relating to the services. Specifically, data is retained for the purposes outlined in Section 1 as follows:
- Print Jobs: Jobs submitted for printing are retained in electronic format for printing purposes up to a maximum of five days. Print jobs cannot be exported or duplicated for printing or viewing elsewhere. Physical print copies can only be obtained by the user by means of a one-time PIN code that has been returned to their email address.
- Scanned / Copied Documents: Documents obtained for scanning or copying purposes are stored in a temporary folder for the duration of the user’s session. They are permanently deleted at the end of the session.
- Give a copy of his/her user data to that individual, on request
The Company will have procedures in place to ensure that data subjects can exercise their rights under the Data Protection legislation.
The Company has overall responsibility for ensuring compliance with the Data Protection legislation. However, all employees of the Company who collect and/or control the contents and use of user data are also responsible for compliance with the Data Protection legislation. The Company will provide support, assistance, advice and training to all staff to ensure it is in a position to comply with the legislation. The Company has appointed a Data Protection Officer who will assist the Company and its staff in complying with the Data Protection legislation.
Procedures and Guidelines
This Statement supports the provision of a structure to assist in the Company’s compliance with the Data Protection legislation, including the provision of best practice guidelines and procedures in relation to all aspects of Data Protection.
This Statement will be reviewed regularly in light of any legislative or other relevant indications. Freedom of Information Office