The Gap Partnership will:
1.?Process personal data fairly and lawfully;?
2.?Process personal data only where this is strictly necessary for legal and regulatory purposes, or for legitimate organisational purposes;?
3.?Ensure that personal data is only used for the purposes that it was originally obtained, or for other compatible purposes;?
4.?Ensure that that personal data is relevant and not excessive in relation to the purpose or purposes for which it is processed;?
5.?Ensure that personal data is accurate and, where necessary, kept up to date;?
6.?Ensure that personal data is only retained for the time period required to meet the organisation's reasonable requirements;?
7.?Provide clear information to natural persons about how their personal data will be used and by whom;?
8.?Ensure that personal data is processed in accordance with the rights of data subjects -?
- access to personal data;
- right to erasure;
- right to restriction of processing of personal data;
- objecting to adverse automatic decisions;
- compensation for breaches of statutory obligations;
- right to data portability;
9. adopt appropriate technical and organisational measures against unauthorised or unlawful processing of personal data, and against accidental loss or destruction of, or damage to, personal data;?
10. ensure that personal data is only transferred outside the European Economic Area to countries that ensure an adequate level of protection.?