How we look after your data.

Data protection law changed in May 2018 with the introduction of the UK General Data Protection Regulation (UK GDPR). This replaces the Data Protection Act.

Under UK GDPR, Penderels Trust is responsible for the personal data that we collect, process, and store from you as a customer. If you are an employer of PAs, you are also responsible for the personal data of your employees.

Our Privacy Policies

At the start of our service to you, we will provide you with a copy of our Privacy Policy which covers what data we collect and hold, how we store data, who we can and can't share your data with and how you can request to see your data.

If you are an employer of PAs, we will provide you with a template Privacy Policy that you can give to your staff to show them how you will keep their personal data safe.

If you are applying for a PA Job or to join our PA Finder service, you will be able to access our Privacy Policy via the application procedure.

Copies of these policies can be found and downloaded at the bottom of this page.

What is UK GDPR?

UK GDPR is the new data protection regulation. It applies to all individuals and organisations that collect, process and hold data on individuals.

The regulation contains 6 key principles:

Personal data should be processed fairly, lawfully and in a transparent way.
Data should be obtained for a specific and lawful reason and not used for any other reasons outside this.
Only data required for the purpose should be collected (i.e. not collecting extra information 'just in case')
Data should be accurate and kept up-to-date
Data should be kept secure
Data should not be kept for longer than necessary

When can you process information?

An organisation must have a 'lawful basis' for handling any data. As an organisation, Penderels Trust needs to process the data of our customers as it is 'necessary to enter in to or perform a contract'. This means we need to collect and process your data in order to provide a direct payment support service to you.

If you are an employer, your legal basis for processing the data of your staff is 'necessary to enter into or perform a contract.'

Your right to request your personal data

You have a right to ask to access any information we hold on you. If you want to do this, you should complete a 'Subject Access Request' form. All subject access requests require proof of your identity. Once this is verified, your request will be dealt with within the statutory 40 calendar day period. Please click here to access the form.

If you feel any data we hold on you is incorrect, you have the right to request that we correct it.

If you are an employer, your PA has a right to ask to access any information you hold on them. Unless you have good reason, you should provide your employee with the information they request quickly and without charge.

For more general information on UK GDPR, please go to the Information Commissioner's Office (ICO) website.

Downloads

Privacy Policy for PA Jobs and PA Finder Services

This policy details how we obtain, manage and store the data we hold on personal assistants, PA job applicants and direct payment employers using the PA Jobs and PA Finder services.

Privacy Policy - Template for Personal Assistants

This document is a template that can be used by employers to give to their employees explaining how they collect, process and store their data

Privacy Policy for our Direct Payment Customers

This policy details how we obtain, manage and store the data we hold on people who use our services.

Data Protection (UK GDPR)