Data Protection Policy

Exmoor Tree surgery recognises and accepts its responsibility as set out in the Data Protection Act 1998 the General
Data Protection Regulation (GDPR) 2018 and other applicable laws and sub-legislation contained therein. Exmoor Tree surgery will take all reasonable steps to meets its responsibility and promote good practice in handling and using
personal information.

Policy statement
This statement applies to all management, employees and individuals at Exmoor Tree surgery which processes
personal information, as well as clients and potential clients and other partners and companies with which Exmoor Tree surgery undertakes its business.

Exmoor Tree surgery needs to collect and use certain types of personal information about people in order to operate.
These include current, past and prospective employees, clients, suppliers and other to which we communicate. In
addition Exmoor Tree surgery may be required by law to collect and use certain types of information to comply with
government departments. This personal information must be dealt with properly when it is collected, recorded
and used whether on paper, on computer or other material.

Exmoor Tree surgery regards the lawful and correct treatment of personal information collected as very important in
order to secure the successful carrying out of operations and the delivery of our service, and to maintaining
confidence with those which we deal with. Exmoor Tree surgery wishes to ensure that it treats all personal information
lawfully, correctly and complies with the 1998 Act. The General Data Protection Regulation (GDPR) 2018 and
other applicable laws.

Exmoor Tree surgery will always obtain permission from you the (data subject) to hold personal data and to use that
data via email marketing to yourself or promoting on social media.

Data Protection Principles
The principles required that Personal Information:
1. Shall be processed fairly and lawfully and, in particular, shall not be processed unless specific
conditions as set out in the 1998 Act. The General Data Protection Regulation (GDPR) 2018 and other
applicable laws Act.
2. Shall be obtained only for one or more specified and lawful purpose, and shall not be further processed
in any manner incompatible with that purpose;
3. Shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are
4. Shall be accurate and, where necessary, kept up to date;
5. Shall not be kept for longer than necessary for that purpose or those purposes;
6. Shall be processed in accordance with the rights of the data subject under the 1998 Act. The General
Data Protection Regulation (GDPR) 2018 and other applicable laws; and that;
7. appropriate technical and organisational measures shall be taken again unauthorised or unlawful
processing of personal data and against accidental loss or destruction of, or damage to, personal date;
8. Shall not be transferred to a country or territory outside the European Union unless that country or
territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation
to the processing of personal data commitment.

Exmoor Tree surgery through appropriate management and application of criteria and control;

  • Observe fully conditions regarding the fair collection and use of information;
  • Meet its legal obligations to specify the purposes for which information is used
  • Collect and process appropriate information, and only to the extent that it is needed to fulfil operational
    needs or to comply with any legal requirements; Ensure the quality of information used, including its accuracy and relevancy for the purpose(s) specified;
  •  Apply strict checks to determine the length of time information is held;
  •  Ensure that the rights of people about whom information is held can be fully exercised under the 1998
    Act. The General Data Protection Regulation (GDPR) 2018 and other applicable laws (These include:
    the right to be informed that processing is being undertaken: the right of access to one's personal
    information; the right to prevent processing in certain circumstances; the right to correct, block or erase
    information which is regarded as erroneous);
  • Take appropriate technical and organisational security measures to safeguard personal information; and
  • Ensure that personal information is not transferred abroad without suitable safeguards.


In addition, Exmoor Tree surgery takes steps to ensure that:

  • there is someone with specific responsibility for data protection in the company;
  • everyone managing and handling personal information understands that they are contractually
    responsible for following good data protection practice;
  • everyone managing and handling personal information is appropriately trained to do so;
  • everyone managing and handling personal information is appropriately supervised;
  • anybody wanting to make enquires about handling personal information knows what to do;
  • queries about handling personal information are promptly and courteously dealt with;
  • methods of handling personal information are clearly described;
  • a regular review is made of way personal information is managed;
  • methods of handling personal information are regularly assessed and evaluated;
  • performance of handling personal information is regularly assessed and evaluated; and

it disseminates to employees, information on good practice in respect of handling, using and storing
personal information.

Response to Personal Data Breach Incidents

When the Company learns of a suspected or actual personal data breach of Information, Exmoor Tree surgery must
perform an internal investigation and take appropriate remedial measures in a timely manner. Where there is any
risk to the rights and freedoms of data subjects, the Company must notify the relevant data protection authorities
without undue delay and, when possible, within 72 hours