Data Protection Policy
Buena Vista Entertainments Ltd, the owners of this website, shall be called “the company”.
The company needs to gather and use certain information about individuals.
These can include customers, suppliers, business contacts, and other people the organisation has a relationship with or may need to contact.
This policy describes how this personal data must be collected, handled and stored to meet the company’s data protection standards — and to comply with the law.
This web site uses SSL certificates, to ensure that any data sent to / from the web site is encrypted.
Why this policy exists
This data protection policy ensures that the company complies with:
Data protection law
The GDPR describes how organisations — including the company — must collect, handle and store personal information.
These rules apply regardless of whether data is stored electronically, on paper or on other materials. To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully.
The GDPR is underpinned by eight important principles. These say that personal data must:
People, risks and responsibilities
This policy applies to:
It applies to all data that the company holds relating to identifiable individuals, even if that information technically falls outside of the GDPR. This can include:
Data protection risks
This policy helps to protect the company from some very real data security risks, including:
Everyone who works for or with the company has some responsibility for ensuring data is collected, stored and handled appropriately. Whomever at the company handles personal data must ensure that it is handled and processed in line with this policy and data protection principles.
However, these people have key areas of responsibility:
Dougie Robertson (who shall be called “the data protection officer”) is ultimately responsible for ensuring that the company meets its legal obligations.
The data protection officer is responsible for IT used at the company, including computers, laptops, mobile phones and other devices that can store personal data.
The data protection officer is responsible for any marketing related activities at the company. The data protection officer is responsible for: