Data Protection Policy

1. Purpose

This policy outlines how EpicLife collects, uses, stores and protects personal data to ensure compliance with data protection laws and maintain the trust of employees and customers.


2. Scope

This policy applies to all employees, contractors, temporary staff, and third parties who have access to personal data controlled or processed by EpicLife.


3. Key Definitions

  • Personal Data: Any information relating to an identifiable individual, such as names, contact details, ID numbers, IP addresses, etc.
  • Processing: Any operations performed on personal data, including collection, storage, use, transfer and deletion.
  • Data Subject: The individual to whom the personal data belongs.
  • Data Controller: EpicLife, which determines how and why personal data is processed.
  • Data Procressor: A third party that processes personal data on behalf of the data controller.


4. Principles of Data Protection

EpicLife adheres to the following principles

  • Lawfulness, Fairness and Transparency: Data is processed lawfully and transparently.
  • Purpose Limitation: Data is collected for specified, legitimate purposes only.
  • Data Minimization: Only the necessary data is collected and used.
  • Accuracy: Data is kept accurate and up to date.
  • Storage Limitation: Data is retained only as long as necessary.
  • Integrity and Confidentiality: Data is processed securely to prevent unauthorized access or loss.
  • Accountability: EpicLife takes responsibility for complying with these principles.


5. Employee Responsibilities

  • Only access personal data necessary for your role.
  • Do not share personal data with unauthorized individuals.
  • Report any suspected data breach to Operations Manager or Managing Director immediately.
  • Use strong passwords and secure methods when storing or transmitting personal data.


6. Data subject rights

Individuals have the right to:

  • Access their personal data
  • Correct inaccurate or incomplete data
  • Request deletion (“right to be forgotten”)
  • Restrict or object to processing
  • Data portability (where applicable)

Epiclife will respond to such requests within the legally required timeframe (e.g. 30 days under GDPR)


7. Data Breaches

All data breaches must be reported immediately to the Operations Manager or Managing Director. Breaches will be assessed, and if required, reported to the relevant data protection authority and affected individuals within 72hours.


8. Third-Party Processors

EpicLife ensures that all third-party processors comply with data protection laws and sign appropriate agreements outlying their responsibilities.


9. Training & Awareness

All staff will receive training on data protection and this policy during their induction and periodically thereafter.


10. Policy Review

This policy will be reviewed at least annually or in response to significant changes in legislation, business practices, or data handling procedures.


11. Contact Information

For questions about this policy or to make a data request, please contact Operations Manager or Managing Director.

 

Written by: Julie Poole

Date of Evaluation: 14th May 2025

Update by: Julie Poole