Data Protection Policy

Last updated: 11/09/2025

1. Purpose

This policy sets out how Wildera Ltd manages personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Its purpose is to ensure we handle personal data lawfully, fairly, securely, and transparently.

2. Scope

This policy applies to:

  • All employees, contractors, and freelancers working for Wildera Ltd

  • All personal data processed by Wildera Ltd relating to clients, suppliers, and staff.

3. Data Protection Principles

Wildera Ltd complies with the following principles:

  • Lawfulness, fairness, transparency – Data will be processed lawfully, fairly, and openly.

  • Purpose limitation – Data will only be used for specified, explicit purposes.

  • Data minimisation – Only data that is necessary for the intended purpose will be collected.

  • Accuracy – Data will be kept accurate and up to date.

  • Storage limitation – Data will be retained only as long as necessary.

  • Integrity and confidentiality – Data will be kept secure and protected against unauthorised access or loss.

4. Roles & Responsibilities

  • Directors/Management are responsible for ensuring this policy is implemented and followed.

  • All staff and contractors must comply with this policy and complete any required training.

  • The appointed Data Protection Lead Laurie Ley is responsible for monitoring compliance and acting as the point of contact for data protection matters.

5. Lawful Basis for Processing

Personal data will only be processed under a lawful basis, including:

  • Performance of a contract

  • Legal obligations

  • Legitimate interests of the business

  • Consent (for marketing or optional communications)

6. Data Security

  • Personal data must be stored securely (password-protected devices, encrypted storage where appropriate).

  • Paper records must be kept in locked storage.

  • Access to personal data is limited to those who need it.

  • Staff must not share client or employee data with unauthorised parties.

7. Data Subject Rights

All individuals have the right to:

  • Access their personal data

  • Request correction or deletion

  • Restrict or object to processing

  • Request portability of their data

  • Withdraw consent (where applicable)

Any requests must be forwarded immediately to the Data Protection Lead, who will respond within one month.

8. Data Retention

  • Client project data: retained for 5 years after contract completion, unless otherwise agreed.

  • Employee/contractor data: retained in line with legal and HR requirements.

  • Marketing data: retained until consent is withdrawn.

9. Data Breaches

  • Any suspected data breach must be reported immediately to the Data Protection Lead.

  • Breaches will be investigated and, where required, reported to the Information Commissioner’s Office (ICO) within 72 hours.

  • Affected individuals will be notified where required by law.

10. Training & Review

  • All staff will receive training on data protection obligations.

  • This policy will be reviewed annually or when legislation changes.