Data Protection Policy

Data Protection Policy

Eco Funding for Homes recognises that the lawful, fair, and correct handling of personal information is essential to maintaining trust and meeting our legal obligations. We are committed to ensuring all personal data is processed responsibly and in full compliance with UK Data Protection Legislation. To support this commitment, Eco Funding for Homes fully adheres to the data protection principles outlined in the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR).

Eco Funding for Homes is an ICO-registered data controller and data processor.

Data Protection Principles

In accordance with data protection law, personal information must:

1. Be processed fairly, lawfully, and transparently, and only where a lawful basis applies.
2. Be collected for specified, legitimate purposes, and not used in ways incompatible with those purposes.
3. Be adequate, relevant, and limited to what is necessary for the stated purposes.
4. Be accurate and, where required, kept up to date.
5. Be retained only for as long as necessary for its intended purpose.
6. Be processed in accordance with the rights of data subjects, including rights to access, rectification, restriction, objection, and erasure.
7. Be protected by appropriate technical and organisational security measures to prevent unauthorised access, loss, or damage.
8. Not be transferred outside the UK or EEA unless adequate safeguards are in place to ensure the protection of data subjects’ rights.

Eco Funding for Homes Will:

Through effective management and strict application of controls, Eco Funding for Homes will:

1. Fully observe legal requirements relating to the fair collection and use of personal information.
2. Define and communicate the specific purposes for which personal data is used.
3. Collect and process only the information necessary for operational needs or legal requirements.
4. Maintain the accuracy, relevance, and integrity of the information held.
5. Apply strict retention schedules to ensure data is not kept longer than necessary.
6. Ensure individuals can fully exercise their data protection rights, including:

• being informed of processing,
• accessing their personal data,
• preventing certain types of processing,
• requesting corrections, deletions, or restrictions.

7. Implement robust security measures to safeguard personal data.
8. Ensure international data transfers occur only with appropriate legal safeguards.
9. Treat individuals fairly and without discrimination when responding to information requests.
10. Maintain clear, accessible procedures for responding to data-related enquiries.

Eco Funding for Homes Also Ensures:

1. A designated Data Protection Officer (DPO) is responsible for overseeing compliance.
2. All staff who manage personal data understand their contractual duties regarding data protection.
3. Staff handling personal information receive appropriate training.
4. Staff are supervised and supported in following data protection best practice.
5. Anyone wishing to enquire about data handling knows how to do so and who to contact.
6. Data protection queries are handled promptly, professionally, and courteously.
7. All data-handling procedures are clearly documented.
8. Regular reviews and audits are conducted to ensure data is held, managed, and used appropriately.
9. Data protection processes are routinely evaluated and improved.
11. Staff performance in handling personal data is regularly assessed.
12. Any breach of this policy by staff may lead to disciplinary action.

Data Controller

The Data Controller responsible for compliance with UK GDPR and relevant data protection laws is: Paul Cowler

Policy Review

This policy will be reviewed regularly and updated to reflect best practice in data governance, security, and compliance with changes to UK Data Protection Legislation.