All Sorted Financial Planning Limited, we collect and process information about individuals
(i.e. ‘personal data’) for business purposes, including employment and HR administration,
provision of our services, marketing, and business administration. This includes personal
data relating to our staff, customers, suppliers and other third parties.
Compliance with data protection law is essential to ensure that personal data remains safe,
our business operations are secure and the rights of individuals are respected. All Sorted
Financial Planning Limited is a controller under data protection law, meaning it decides how
and why it uses personal data. This Policy explains our procedures for complying with data
protection law in relation to personal data. It also sets out your obligations whenever you are
processing any personal data in the course of your employment.
If you routinely handle individuals’ personal data, you will be given specific instructions
regarding data protection procedures in relation to your particular role and/or department.
These instructions will supplement your obligations as set out in this Policy.
There will also be other policies which will impact on how you deal with personal data and
data protection. The main ones are our Email & Internet Usage Policy and Social Media
Policy and we expect you to comply with these where relevant.
This Policy may be updated at any
Who does this Policy apply to?
This Policy applies to all All Sorted Financial Planning Limited employees, workers,
customers, contractors, agency workers, consultants, interns, volunteers, partners and directors,
(together referred to as ‘Employees’ or ‘you’).
Who is responsible for data protection at All Sorted Financial Planning Limited?
The Board is ultimately responsible for All Sorted Financial Planning Limited’s compliance
with applicable data protection law. All Sorted Financial Planning Limited has appointed a
Data Protection Lead Philip Walker, Managing Director on who is
responsible for overseeing advising All Sorted Financial Planning Limited on and
administering compliance with this Policy and data protection law.
If you are in any doubt about how you should handle personal data, or if you have any
concerns or questions in relation to the operation (or suspected breaches) of this Policy, you
should seek advice from the Data Protection Lead Philip Walker, Managing Director on
Why is data protection compliance important?
Data protection law in the UK is regulated and enforced by the Information Commissioner’s
Office (ICO). Failure to comply with data protection law may expose All Sorted Financial
Planning Limited and, in some cases, individual Employees to serious legal liabilities. These
can include criminal offences and fines of up to EUR20 million (approximately £18 million) or
4% of total worldwide annual turnover, whichever is higher. In addition, an individual may
seek damages from us in the courts if we breach their rights under data protection law.
Breaches of data protection law can also lead to serious damage to our brand and
In addition to the legal liabilities, failure to comply with your obligations under this Policy
could lead to disciplinary action and, in serious cases, it could result in the termination of
What is personal data?
Personal data means any information relating to any living individual (also known as a ‘data
subject’) who can be identified (directly or indirectly) in particular by reference to an identifier
(e.g. name, NI number, employee number, email address, physical features). Relevant
individuals can include your colleagues, consumers, members of the public, business
contacts, etc. Personal data can be factual (e.g. contact details or date of birth), an opinion
about a person’s actions or behaviour, or information that may otherwise impact on that
individual. It can be personal or business related.
Personal data may be automated (e.g. electronic records such as computer files or in
emails) or in manual records which are part of a filing system or are intended to form part of
a filing system (e.g. structured paper files and archives).
What does ‘processing’ personal data mean?
‘Processing’ personal data means any activity that involves the use of personal data (e.g.
obtaining, recording or holding the data, amending, retrieving, using, disclosing, sharing,
erasing or destroying). It also includes sending or transferring personal data to third parties.
Data Protection Obligations
All Sorted Financial Planning Limited is responsible for and must be able to demonstrate
compliance with data protection law. To ensure that All Sorted Financial Planning Limited
meets its responsibilities, it is essential that its Employees comply with data protection law
and any other All Sorted Financial Planning Limited policies, guidelines or instructions
relating to personal data when processing personal data in the course of their employment.
We have set out below the key obligations under data protection law and details of how All
Sorted Financial Planning Limited expects Employees to comply with these requirements.
Process personal data in a fair, lawful and transparent manner
Legal grounds for processing
Data protection law allows us to process personal data only where there are fair and legal
grounds which justify using the information.
Examples of legal grounds for processing personal data include the following (at least one of
these must be satisfied for each processing activity):
complying with a legal obligation (e.g. health and safety or tax laws);
entering into or performing a contract with the individual (e.g. an Employee’s terms and
conditions of employment, or a contract for services with an individual customer);
acting in All Sorted Financial Planning Limited’s or a third party’s legitimate interests (e.g.
maintaining records of business activities, monitoring business productivity); and
obtaining the consent of the individual (e.g. for sending direct marketing communications).
Where consent is relied upon, it must be freely given, specific, informed and unambiguous,
and All Sorted Financial Planning Limited must effectively demonstrate that consent has
In line with ICO guidance regarding the employer/Employee relationship, All Sorted Financial
Planning Limited does not use consent as a legal ground for processing Employee data
unless the data processing activities concerned are genuinely optional.
In most cases, consent is also not required for other standard business activities involving
use of customer or supplier data, but it may be needed for activities which are not required to
manage the main business relationship, such as direct marketing activities.
Data protection law also requires us to process personal data in a transparent manner by
providing individuals with appropriate, clear and concise information about how we process
their personal data.
We usually provide individuals with basic information about how we use their data on forms
which collect data (such as application forms or website forms), and in longer privacy notices
setting out details including: the types of personal data that we hold about them, how we use
it, our legal grounds for processing the information, who we might share it with and how long
we keep it for. For example, we provide information about our processing of Employees’
personal data in [the All Sorted Financial Planning Limited Employee Privacy Notice].
We supplement these notices, where appropriate, with reminders or additional information at
the time particular processing activities take place or become relevant for an individual (for
example when they sign up for a new service or event).
What you need to do:
By processing personal data only in accordance with your lawful job duties and All Sorted
Financial Planning Limited instructions, ordinarily, you will be processing personal data fairly
The standard privacy notices and statements that we issue, for example, to Employees,
customers and the public, should normally be sufficient to ensure that individuals have
appropriate information about how you are handling their personal data in the course of your
employment. However, you should consider whether reminders or additional information
may be appropriate at the time particular processing activities take place. This is particularly
important if you think that individuals may need further assistance to understand clearly how
their data will be used as part of such activities.
Any new forms which collect personal data and any proposed consent wording must be
approved in advance by the Data Protection Lead Philip Walker, Managing Director on
If you have any concerns about the legal grounds for processing personal data or if you are
unsure whether individuals have been provided with appropriate information (in particular in
relation to any new processing activities), please check with the Data Protection Lead Philip
Walker, Managing Director on
2. Take extra care when handling sensitive or special categories of personal data
Some categories of personal data are ‘special’ because they are particularly sensitive.
These include information that reveals details of an individual’s:
racial or ethnic origin;
religious or philosophical beliefs;
physical or mental health;
sexual life or sexual orientation;
Where special category personal data is concerned, data protection law requires us to have
(as well as one of the legal grounds described in section 1), an additional legal ground to
justify using this sensitive information. The appropriate legal ground will depend on the
Additional legal grounds for processing special category data include the following. Those
marked with an asterisk (*) would be particularly relevant to processing Employees’ special
category personal data:
complying with a legal obligation/exercising a legal right in the field of employment*;
assessing working capacity (based on expert medical opinion, and subject to obligations of
carrying out equalities monitoring in relation to racial or ethnic origin, religious beliefs, health
or sexual orientation*;
exercising, establishing or defending legal claims*;
preventing or detecting unlawful acts; or
explicit consent of the individual. (As well as the requirements for consent outlined in section
1 above, this requires an express statement from the individual that their special category of
data may be used for the intended purposes.)
What you need to do:
If you are handling special category personal data in the course of your employment, you
need to take extra care regarding compliance with data protection law. In particular, try to
any processing activities are strictly in accordance with your lawful job duties and All Sorted
Financial Planning Limited instructions;
there are appropriate legal grounds for processing the data (both basic grounds under
section 1 and additional grounds under this section 2) which have been assessed for your
individuals have received adequate information regarding how their data is being handled. In
some cases an existing privacy notice may need to be supplemented with more specific
information regarding special category data (e.g. when All Sorted Financial Planning Limited
is managing sickness absence and/or making adjustments to job duties for Employees with
disabilities or serious illness, we may provide additional ad hoc privacy notices to
supplement the Employee Privacy Notice);
you apply additional security and confidentiality measures, taking into account that the
impact on individuals of loss or misuse of their special category data may be greater than
with other types of data. See also section 7 below; and
if you are relying on consent as a legal ground for processing, you obtain advance approval
of any consent wording from the Data Protection Lead Philip Walker, Managing Director on
If you are routinely handling special category data as part of the requirements of your role
and job duties, All Sorted Financial Planning Limited will ordinarily have put in place
procedures which ensure that your processing activities satisfy the requirements above.
However, if alternative circumstances apply (e.g. you are involved in a new project or
updating an existing system which involves new types of processing of special category
data), please contact the Data Protection Lead Philip Walker, Managing Director on
. to ensure that the correct compliance procedures are followed.
Similarly, if you have any concerns over the legal grounds that apply when you are
processing special category data or the appropriate information to be provided to individuals,
please get in touch with the Data Protection Lead Philip Walker, Managing Director on
3. Only process personal data for specified, explicit and legitimate purposes
All Sorted Financial Planning Limited will only process personal data in accordance with our
legitimate purposes to carry out our business operations and to administer employment and
other business relationships.
What you need to do:
You must only use the personal data that you process in the course of your duties for All
Sorted Financial Planning Limited’s legitimate and authorised purposes. You must not
process personal data for any purposes which are unrelated to your job duties.
Processing personal data for any incompatible or unauthorised purposes could result in a
breach of data protection law (e.g. using the company contacts database to find out a
colleague’s home address for private, non-work related purposes). This may have potentially
damaging consequences for all parties concerned, including disciplinary action.
If you find that you need to process personal data for a different purpose from that for which
it was originally collected, you must check whether the individuals have been informed and,
if not, consider whether the additional purpose is legitimate (in the context of All Sorted
Financial Planning Limited’s business activities) and compatible with the original purpose.
If you are unsure about whether the purposes for processing are legitimate, you should
contact the Data Protection Lead Philip Walker, Managing Director on
. before going ahead with processing the data for the additional
4. Make sure that personal data is adequate, relevant and limited to what is necessary
for your legitimate purposes
Data protection law requires us to ensure that, when we process personal data, it is
adequate, relevant to our purposes and limited to what is necessary for those purposes (also
known as ‘data minimisation’). In other words, we ask for the information we need for our
legitimate business purposes, but we won’t ask for more information than we need in order
to carry out our business operations.
What you need to do:
You should try to ensure that you only acquire and process the personal data that you
actually need for All Sorted Financial Planning Limited’s legitimate and authorised purposes
within the scope of your role.
You must ensure that you have sufficient personal data needed to be able to use it fairly and
to take into account all relevant details.
If you are creating forms that collect personal data, you should be able to justify why each
specific category of data is being requested.
You must also comply with All Sorted Financial Planning Limited’s instructions about data
retention and storage, ensuring that personal data is only kept for as long as it is needed for
any intended purpose.
5. Keep personal data accurate and (where necessary) up-to-date
All Sorted Financial Planning Limited must take steps to ensure that personal data is
accurate and (where necessary) kept up-to-date. For example, we request that Employees
provide us with any change in contact details or personal information via [insert details of
relevant forms or HR portals]. We also take care that decisions impacting individuals are
based on accurate and up-to-date information.
What you need to do:
When you process individuals’ personal data in the course of your employment, you must
make reasonable efforts to be accurate and, where necessary, keep the relevant information
When collecting any personal data, try to confirm its accuracy at the outset. If you
subsequently discover any inaccuracies in the personal data that you are handling, these
need to be corrected or deleted without delay.
Personal data should be held in as few places as possible to avoid the risk that duplicate
copies are not updated and become out of sync. You should not create additional copies of
personal data, but should work from and update a single central copy where possible (in
accordance with standard All Sorted Financial Planning Limited procedures on retention and
storage of records).
6. Keep personal data for no longer than is necessary for the identified purposes
Records containing personal data should only be kept for as long as they are needed for the
identified purposes. All Sorted Financial Planning Limited has in place data retention,
storage and deletion policies and internal processes/guidelines regarding various types of
company records and information that contain personal data.
We take appropriate steps to retain personal data only for so long as is necessary, taking
into account the following criteria:
the amount, nature, and sensitivity of the personal data;
the risk of harm from unauthorised use or disclosure;
the purposes for which we process the personal data and how long we need the particular
data to achieve these purposes;
how long the personal data is likely to remain accurate and up-to-date;
for how long the personal data might be relevant to possible future legal claims; and
any applicable legal, accounting, reporting or regulatory requirements that specify how long
certain records must be kept.
What you need to do:
Please familiarise yourself with our retention policies, processes, guidelines and instructions
that are relevant to your job. Ensure that, where it falls within your responsibility, you destroy
or erase all information that you no longer require in accordance with these.
If you are not sure what retention guidelines/instructions apply to you in your role, or you are
unsure of how to apply them to a particular type or item of personal data, please contact the
Data Protection Lead Philip Walker, Managing Director on
7. Take appropriate steps to keep personal data secure
Keeping personal data safe and complying with All Sorted Financial Planning Limited’s
security procedures to protect the confidentiality, integrity, availability and resilience of
personal data is a key responsibility for All Sorted Financial Planning Limited and its
All Sorted Financial Planning Limited employs physical, technological and organisational
controls to ensure data security. These include locked filing cabinets, building security,
information subject to access controls and passwords, reliability checks on/confidentiality
obligations of Employees, encryption of hardware and software, pseudonymisation, anti-
virus and network protection, software updates, secure disposal of records and equipment,
backup and disaster recovery, remote working procedures, protocols on use of technology
and data storage and asset registers.
All Sorted Financial Planning Limited also has an Email & Internet Usage Policy and Social
Media Policy which set out protocols for Employees on use of technology and
communications systems, which also help to ensure appropriate security of personal data
stored or communicated using such systems.
We regularly evaluate and test the effectiveness of these measures to ensure the security of
our personal data processing activities.
What you need to do:
To assist All Sorted Financial Planning Limited in maintaining data security and protecting
the confidentiality and integrity of the personal data you handle in course of your
employment, we require you to comply with this Policy and our Email & Internet Usage
Policy and Social Media Policy and any All Sorted Financial Planning Limited instructions
regarding the processing and security of personal data. This is also inclusive of the specific
security protocols notified to you in your role for example the FCA.
Below is a reminder of our main security measures, although this list is not exhaustive:
save, store and communicate personal data only within or using All Sorted Financial
Planning Limited information and communications systems. Restrict storage of personal data
on personal devices or using personal communications facilities
use password-protected and encrypted software for the transmission and receipt of emails
lock files in a secure cabinet
never leave your laptop, other device or any hard copies of documents containing personal
data in a public place
take care when observing personal data in hard copy or on-screen that such information is
not viewed by anyone who does not have the right to that information, especially if you are
viewing the personal data in a public place
when storing data on portable devices such as laptops, smartphones, or USB drives, ensure
that the device is encrypted and password protected
ensure that information containing personal data is disposed of securely and permanently,
using confidential waste disposal or shredding where necessary
alert the Data Protection Lead Philip Walker Managing Director on .
to any personal data breaches immediately [and in accordance with All Sorted Financial
Planning Limited Breach Management Procedure] (see below for further details about
personal data breaches)
ensure that any sharing or disclosure of personal data is permitted on appropriate legal
grounds and, where necessary, safeguards are in place (see below for further details of
safeguards regarding overseas transfers or if sharing personal data with third party service
8. Take extra care when sharing or disclosing personal data
The sharing or disclosure of personal data is a type of processing, and therefore all the
principles described in this Policy need to be applied.
Internal data sharing
All Sorted Financial Planning Limited ensures that personal data is only shared internally on
a ‘need to know’ basis.
External data sharing
We will only share personal data with other third parties where we have a legitimate
purpose, and an appropriate legal ground under data protection law which permits us to do
so. Commonly, this could include situations where we are legally obliged to provide the
information (e.g. to HMRC for tax purposes) or where necessary to perform our contractual
duties to individuals (e.g. provision of information to our occupational pension providers).
We may appoint third party service providers (known as processors) who will handle
information on our behalf, for example to provide payroll, data storage or other technology
All Sorted Financial Planning Limited remains responsible for ensuring that its processors
comply with data protection law and this Policy in their handling of personal data. We must
assess and apply data protection and information security measures prior to and during the
appointment of a processor. The extent of these measures will vary depending on the nature
of the activities, but will include appropriate risk assessments and reviews, and contractual
Details of the recipients or categories of recipients of personal data (including processors
and other third parties) should be set out in privacy notices as described in section 1 above.
What you need to do:
You may only share or disclose the personal data we hold internally with an Employee,
agent or representative of All Sorted Financial Planning Limited if the recipient has a job-
related need to know the information.
You may only disclose the personal data we hold to service providers or other third parties
(including group entities) where:
there is a legitimate purpose and an appropriate legal ground for doing so (e.g. it is
necessary for them to process the personal data in order to provide a service to us such as
payroll, or if we are legally obliged to do so);
the individuals whose personal data is being shared have been properly informed (e.g. in an
appropriate privacy notice);
if the disclosure is to a service provider, All Sorted Financial Planning Limited has checked
that adequate security and data protection measures are in place to protect the personal
the service provider or third party has signed up to a written contract that contains the
provisions required by data protection law (unless the Data Protection Lead Philip Walker,
Managing Director on . has determined that this is not required in
the transfer complies with any overseas transfer restrictions, if applicable.
Routine disclosures of personal data to established recipients (e.g. payroll providers) which
form a normal and regular part of your role and job duties will ordinarily satisfy the above
requirements. You should always ensure you comply with any particular All Sorted Financial
Planning Limited instructions you are given. However, if you are in any doubt as to whether
you can share personal data with anyone else, first contact the Data Protection Lead Philip
Walker, Managing Director on
9. Do not transfer personal data to another country unless there are appropriate
safeguards in place
An overseas transfer of personal data takes place when the data is transmitted or sent to,
viewed, accessed or otherwise processed in, a different country. European Union data
protection law restricts, in particular, personal data transfers to countries outside of the
European Economic Area (EEA – this is the European Union plus Norway, Liechtenstein and
Iceland), to ensure that the level of data protection afforded to individuals is not
compromised (as the laws of such countries may not provide the same level of protection for
personal data as within the EEA).
To ensure that data protection is not compromised when personal data is transferred to
another country, All Sorted Financial Planning Limited assesses the risks of any transfer of
personal data outside of the UK (taking into account the principles in this Policy, as well as
the restrictions on transfers outside the EEA) and puts in place additional appropriate
safeguards where required.
We currently transfer data within the EEA to our suppliers.
What you need to do:
If you are required to transfer individuals’ personal data outside of the UK or EEA in the
course of your employment, adequate safeguards will need to be in place. Where these
overseas transfers are a normal part of your role and job duties, All Sorted Financial
Planning Limited’s current safeguards are likely to provide the required levels of data
However, if you are transferring personal data overseas in alternative circumstances (e.g. for
new types of processing activities which haven’t previously formed part of your job scope
and activities, or to countries with which you haven’t previously dealt) you should contact the
Data Protection Lead Philip Walker, Managing Director on . for
further guidance before going ahead with the transfer.
10. Report any data protection breaches without delay
All Sorted Financial Planning Limited takes any data protection breaches very seriously.
These can include lost or mislaid equipment or data, use of inaccurate or excessive data,
failure to address an individual’s rights, accidental sending of data to the wrong person,
unauthorised access to, use of or disclosure of data, deliberate attacks on All Sorted
Financial Planning Limited’s systems or theft of records, and any equivalent breaches by All
Sorted Financial Planning Limited’s service providers.
Where there has been a breach of security leading to the accidental or unlawful destruction,
loss, alteration, unauthorised disclosure of or access to individuals’ personal data, All Sorted
Financial Planning Limited will take immediate steps to identify, assess and address it,
including containing the risks, remedying the breach, and notifying appropriate parties (see
If All Sorted Financial Planning Limited discovers that there has been a personal data
security breach that poses a risk to the rights and freedoms of individuals, we will report it to
the ICO within 72 hours of discovery.
We also keep an internal record of all personal data breaches regardless of their effect and
whether or not we report them to the ICO.
If a personal data breach is likely to result in a high risk to the rights and freedoms of
individuals, we will tell affected individuals that there has been a breach and provide them
with information about its likely consequences and the mitigation measures we have taken.
What you need to do:
If you become aware of any breach (or suspected breach) of this Policy (including, in
particular any security breach), you must report it to the Data Protection Lead Philip Walker,
Managing Director on . immediately and also inform your immediate
line manager who will take any other required steps in accordance with our Breach
Management Procedure to ensure that the breach is effectively assessed and addressed,
and that we comply with All Sorted Financial Planning Limited’s data breach reporting
11. Do not use profiling or automated decision-making unless you are authorised to
Profiling, or automated decision-making, occurs where an individual’s personal data is
processed and evaluated by automated means resulting in an important decision being
taken in relation to that individual. This poses particular risks for individuals where a decision
is based solely on that profiling or other automated processing.
One example of solely automated decision-making would be using an online psychometric
test to automatically reject job applicants who do not meet a minimum pass mark (without
any human oversight such as a review of the test results by a recruiting manager).
Data protection law prohibits decision-making based solely on profiling or other automated
processing, except in very limited circumstances. In addition, where profiling or other
automated decision-making is permitted, safeguards must be put in place and we must give
individuals the opportunity to express their point of view and challenge the decision. We do
not generally conduct profiling or other automated decision-making in respect of Employees’
or customers’ personal data.
What you need to do:
If you are proposing to undertake any new automated decision-making or profiling activities
in the course of your employment, please contact the Data Protection Lead Philip Walker,
Managing Director on , who will advise you whether it is permitted
and about the safeguards you need to put in place.
12. Integrate data protection into operations
Data protection law requires All Sorted Financial Planning Limited to build data protection
considerations and security measures into all of our operations that involve the processing of
personal data, particularly at the start of a new project or activity which may impact on the
privacy of individuals. This involves taking into account various factors including:
the risks (and their likelihood and severity) posed by the processing for the rights and
freedoms of individuals;
the cost of implementation; and
the nature, scope, context and purposes of the processing of personal data.
We also seek to assess data protection risks regularly throughout the lifecycle of any project
or activity which involves the use of personal data.
What you need to do:
If you are involved in the design or implementation of a new project or activity that involves
processing personal data, you must give due consideration to all the principles of data
protection set out in this policy.
You should supply the Data Protection Lead Philip Walker, Managing Director with regular
reviews of projects or activities to ensure data protection risks continue to be addressed.
A useful tool for assessing data protection and privacy considerations is a Data Protection
Impact Assessment or ‘DPIA’. A DPIA will consider the necessity and proportionality of a
processing operation, and assess the risks to individuals and the measures that can be put
in place to mitigate those risks. A DPIA must be carried out if a data processing operation is
likely to give rise to a high risk to individual rights and freedoms.
If you are involved in the design or implementation of a new project that involves processing
personal data, you must check whether it is necessary to conduct a DPIA or similar risk or
compliance assessment by contacting the Data Protection Lead Philip Walker, Managing
Director on . They will also be able to advise you on how we expect
you to conduct, or otherwise contribute to, a DPIA or similar risk assessment.
Individual Rights and Requests
Under data protection law, individuals have certain rights when it comes to how we handle
their personal data. For example, an individual has the following rights:
The right to make a ‘subject access request’. This entitles an individual to receive a copy
of the personal data we hold about them, together with information about how and why we
process it and other rights which they have (as outlined below). This enables them, for
example, to check we are lawfully processing their data and to correct any inaccuracies.
The right to request that we correct incomplete or inaccurate personal data that we hold
The right to withdraw any consent which they have given.
The right to request that we delete or remove. personal data that we hold about them
where there is no good reason for us continuing to process it. Individuals also have the right
to ask us to delete or remove their personal data where they have exercised their right to
object to processing (see below).
The right to object to our processing of their personal data for direct marketing purposes,
or where we are relying on our legitimate interest (or those of a third party), where we cannot
show a compelling reason to continue the processing.
The right to request that we restrict our processing of their personal data. This enables
individuals to ask us to suspend the processing of personal data about them, for example if
they want us to establish its accuracy or the reason for processing it.
The right to request that we transfer to them or another party, in a structured format, their
personal data which they have provided to us (also known as the right to ‘data portability’).
The applicability of this right depends on the legal grounds on which we process it.
The right to challenge a decision based solely on profiling/automated processing, to
obtain human intervention, and to express their point of view.
We are required to comply with these rights without undue delay and, in respect of certain
rights, within a one month timeframe.
Individuals also have rights to complain to the ICO about, and to take action in court to
enforce their rights and seek compensation for damage suffered from, any breaches.
What you need to do:
If you receive a request from an individual seeking to exercise a right in relation to their
personal data, or making an enquiry or complaint about our use of their personal data, you
must forward the request, enquiry or complaint to the Data Protection Lead Philip Walker,
Managing Director on . immediately so that it can be dealt with
appropriately and within the applicable time limit. Your assistance may be needed to address
and respond to the request, enquiry or complaint.
In order to comply, and demonstrate our compliance, with data protection law, All Sorted
Financial Planning Limited keeps various records of our data processing activities. These
include a Record of Processing which must contain, as a minimum: the purposes of
processing; categories of data subjects and personal data; categories of recipients of
disclosures of data; information about international data transfers; envisaged retention
periods; general descriptions of security measures applied; and certain additional details for
special category data.
What you need to do:
You must also comply with our applicable processes/guidelines and any specific instructions
you are given concerning the keeping of records about our processing of personal data.
If you are processing individuals’ personal data in the course of your employment and you
collect any new types of personal data or undertake any new types of processing activities,
either through the introduction of new systems or technology or by amending existing ones,
please inform the Data Protection Lead Philip Walker, Managing Director on
. so that we are able to keep our records up-to-date.
We require all Employees to undergo some basic training to enable them to comply with
data protection law and this policy. Additional training may be required for specific roles and
activities involving the use of personal data.
To this end, we provide training as part of our induction process for new joiners to All Sorted
Financial Planning Limited and operate an ongoing training programme to make sure that
Employees’ knowledge and understanding of what is necessary for compliance in the
context of their role is up-to-date. Attendance at such training is mandatory and will be
Departures from this Policy
There are some very limited exemptions from data protection law, which may permit
departure from aspects of this Policy in certain circumstances.
You will be given specific instructions if any exemptions are relevant to your role.
If you think you should be able to depart from this Policy in any circumstances, you must
contact the Data Protection Lead Philip Walker, Managing Director on
. before taking any action.