Data Protection Policy 

1. Introduction

The Score group of companies process and hold significant amounts of personal data, from information on employees, workers, suppliers, contractors’ and clients’ personnel. This information is collected from a variety of sources, including the individual themselves, either directly or through their use of our website including submission of e-forms. Third parties including our clients and suppliers may also provide us with details of their personnel.

This policy details the Score group of companies stance regarding how data must be collected, handled and stored to meet the company’s data protection standards and to comply with the law.

2. Scope

2.1 Territory

This policy applies to all companies which form part of the Score group of companies. As an organisation, our policy is based upon the General Data Protection Regulations (2016/679) (GDPR) and the UK’s Data Protection Act however; each entity must always comply with any applicable local legislation relating to personal data.

In countries where there is no law or the law does not meet the standards set out by the rules in this document, we will process personal information adhering to the rules in this document.

2.2 Definition of Personal Data

This shall mean all data that the company holds which is relatable to an identifiable individual.

3. Responsibilities

Everyone who works for the Score group of companies is responsible for ensuring that Personal Data is collected, stored and handled correctly.

The Managing Director of each company within the Score group of companies is ultimately responsible for ensuring Personal Data within their own entity is dealt with appropriately and in line with the applicable laws. It is the responsibility of the Managing Director to ensure the appropriate technical and organisational measures are in place to protect personal data from unauthorised and unlawful processing, and against loss, destruction, or damage.

Furthermore, privacy by design principles will be applied, so data protection functionality is considered and integrated into technology and business processes.

However, Score Group Ltd’s board of directors hold ultimate responsibility for ensuring that Score Group Ltd meets its legal obligations.

4. Principals

This policy is underpinned by 6 key principals which are shared in common with GDPR. These are that all Personal Data must be:

  • processed lawfully, fairly and in a transparent manner;
    The Score group of companies will tell individuals what processing will occur (transparency), and the processing will match the description given to the individual (fairness) and will be for a purpose specified in the applicable data protection law, where applicable, (lawful).
  • collected for specified, explicit and legitimate purposes
    The Score group of companies will not process Personal Data for a purpose other than has been specified.
  • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed,
    The Score group of companies will only process Personal Data where it is necessary for the specified purpose.
  • accurate and where necessary, kept up to date and where possible, erased or rectified without delay;
    The Score group of companies will make all individuals aware of their duty to keep the company up to date with regards their personal details. The Score group of companies will maintain accurate records and, where permitted by law, shall erase personal data when requested to do so by the relevant individual.
  • stored for no longer than is necessary;
    The Score group of companies has in place policies regarding the retention of Personal Data to ensure that data retention terms align with local laws.
  • processed in a manner that ensures appropriate security of personal data;
    The Score group of companies has policies in place which address the secure storage and transfer of Personal Data.

5. Data Collection

The Score group of companies will only collect Personal Data from an individual if one of the following apply:

  • The nature of the business purpose necessitates collection of the Personal Data from other persons or bodies.
  • The collection must be carried out under emergency circumstances in order to protect the vital interests of the individual or to prevent serious loss or injury to another person.

If it is determined that notification to an individual is required, notification should occur promptly.

6. Data Storage

The Score group of companies shall use appropriate measures to safely store all Personal Data, taking into account the nature of the data. Everyone who works for the Score group of companies must comply with any applicable policies.

7. Data Transfer

The Score group of companies shall use all appropriate measures to ensure that all transfers of personal data are carried out securely, taking into account the nature of the data. Where our service providers or customers have access to any Personal Data we control, we must impose contractual obligations dealing with the security of that information to ensure that 3rd parties provide the right level of protection.

Everyone who works for the Score group of companies must comply with any applicable policies.

8. Data Breach Management Policy

The Score group of companies has appropriate measures in place to ensure that any data breach is managed appropriately and where necessary reported to the relevant Authority.

An incident response process will be established how to deal with events that involve a personal data breach. Guidance on this can be obtained from the relevant local regulating body or bodies.

A record will be kept of any personal data breaches, this is retained by the HR Department, or where there is not a local HR Department, the Managing Director responsible for the location. Specific external notification periods will be identified and adhered to, as set out by the local regulating body or bodies, when reporting personal data breaches.

9. Data Retention Policy

The Score group of companies has appropriate measures in place to ensure Personal Data records are maintained for no longer than is necessary. Everyone who works for the Score group of companies must comply with any applicable policies.

10. Special Categories of Data

The Score group of companies has appropriate measures in place to ensure that special categories of data are handled appropriately. Everyone who works for the Score group of companies must comply with any applicable policies.

11. Subject Access Requests

The Score group of companies has appropriate measures in place to ensure that subject access requests are handled appropriately. Everyone who works for the Score group of companies must comply with any applicable policies.

Further details of the policies referred to within this document are available upon request from the Score Group’s Legal and Contracts Department.

Our advanced and specialist testing procedures and facilities ensure that all parts we overhaul and repair meet our exceedingly high level of quality.

Global coverage

We have offices and facilities all over the world, always ready when and where you need us.

Locations