Data Policy
Introduction
Aicura needs to gather and use certain information about individuals. This includes customers, suppliers, business contacts, employees, and others the organisation has a relationship with or may need to contact.
This policy outlines how personal data is collected, handled, and stored to meet the company’s data protection standards and comply with legal obligations.
Why This Policy Exists
This data protection policy ensures that Aicura:
- Complies with GDPR and follows good practice
- Protects the rights of staff, customers, and partners
- Is transparent about how it stores and processes individuals’ data
- Protects itself from the risks of a data breach, with mitigating processes in place
General Data Protection Regulation (GDPR)
The GDPR requires organisations, including Aicura, to transparently collect, process, and store personal data. These rules apply to data stored electronically, on paper, or any other format, and affect both data controllers and processors within the EU.
Policy Scope
This policy applies to:
- Accipio Ltd, trading as Aicura, and its subsidiaries (Accipio Digital Ltd and Accipio Leadership Ltd)
- All staff and volunteers of Accipio Ltd
- All contractors, suppliers, and others working on behalf of Accipio Ltd
It applies to all data held by the company relating to identifiable individuals, including:
- Names
- Postal addresses
- Email addresses
- Telephone numbers
- Any other relevant personal data required for service delivery
Data Protection Risks
This policy protects Aicura against key risks, including:
- Breaches of confidentiality – e.g., information being disclosed inappropriately
- Lack of choice – e.g., individuals being unaware of how their data is used
- Reputational damage – e.g., as a result of a data breach or hack
Responsibilities
Everyone at Aicura has a responsibility to ensure data is collected, stored, and handled properly. Key responsibilities include:
Board of Directors
Ultimately responsible for ensuring legal compliance with data protection legislation.
Data Protection Officer – Edward McLaughlin
- Advises and informs the board on data protection obligations
- Reviews all related policies and procedures
- Arranges training for staff
- Handles data protection queries and subject access requests
- Approves contracts with third parties handling sensitive data
IT Manager / Director – Digital – Edward McLaughlin
- Ensures all systems meet security standards
- Conducts regular security checks and scans
- Evaluates third-party services used to store/process data
- Supports marketing compliance with data principles
General Staff Guidelines
- Access to personal data is restricted to those who need it
- Data must not be shared informally; formal requests should be made through line managers
- Training is provided on handling data appropriately
- Strong, secure passwords must be used and kept private
- Outdated data must be updated or securely deleted
- Uncertainty should be escalated to a line manager or the DPO
Data Collection
Personal data must only be collected for legitimate purposes, with user consent. Consent is obtained at the point of sign-up, with access to a clear privacy notice explaining how data will be used.
Data Storage
Paper-Based Data
- Stored securely in locked cabinets or drawers
- Not left unattended or visible in public areas
- Shredded when no longer needed
Electronic Data
- Protected with strong, regularly updated passwords
- Stored only on designated drives, servers, or approved cloud services
- Backed up frequently and tested regularly
- Protected with up-to-date security software and firewalls
Data Processing
- Workstations must be locked when unattended
- Personal data must not be shared informally or by unencrypted email
- Encryption is required when transferring data electronically
- Personal data must not be transferred outside the EEA
Data Accuracy
Aicura must ensure personal data is accurate and up to date. Responsibility lies with all staff to:
- Limit data duplication
- Update data during customer interactions
- Make it easy for users to update their information
- Remove inaccurate or obsolete records
The Marketing Manager must ensure marketing databases are validated against suppression files every six months.
Data Requests
Access
Users have the right to request access to their personal data. Responses will be made within one month of the request.
Rectification
Users may request corrections to inaccurate data, which must be actioned within one month.
Erasure
Users may request deletion of their data. Aicura systems support complete data removal, which will be actioned within one month of request.
Objection
Users may object to data processing under conditions outlined in the privacy policy.
Data Portability
Users may request to receive their data in a machine-readable format in applicable circumstances.
Subject Access Requests
Individuals may ask what information the company holds, how it’s used, and how to access or update it. Requests should be made by email to privacy@aicura.com. The data controller may require proof of identity before providing any information.
Disclosing Data for Legal Reasons
In certain legal circumstances, data may be disclosed without user consent. The data controller will validate the legitimacy of such requests and consult the board or legal advisers where necessary.
Providing Information
Aicura aims to ensure individuals are fully informed about how their data is processed and their rights. This is supported through our privacy statement, which outlines our data usage and protection commitments.
Email Disclaimer
The content of this email is confidential and intended for the recipient specified only. It is strictly forbidden to share any part of this message with any third party, without a written consent of the sender. If you received this message by mistake, please reply to this message and follow with its deletion, so that we can ensure such a mistake does not occur in the future. Aicura considers customer security a high priority. Therefore, we have put efforts into ensuring that this message is error and virus-free. Unfortunately, full security of the email cannot be ensured as, despite our efforts, the data included in emails could be infected, intercepted, or corrupted. Therefore, the recipient should check the email for threats with proper software, as the sender does not accept liability for any damage inflicted by viewing the content of this email. If you no longer wish to receive emails from us, please respond stating “unsubscribe” and we will remove your contact details from our database. For further information on how we process your information, please review our Privacy Policy, which can be found on our website here.