1.1 One Auction Ltd is a registered company operating in the United Kingdom. Our company registration number is 14937240, and our registered office is located at 35-37 High Street, Barrow Upon Soar, Leicestershire, LE12 8PY. We collect, store, and use personal information (referred to as data) about various individuals for specific lawful purposes.
1.3 We strive to be concise, transparent, and clear in our data practices, ensuring the appropriate handling of personal information and its deletion when no longer required.
1.4 The Data Protection Officer (DPO) for One Auction Ltd. The DPO is responsible for advising and guiding our organisation and staff on data protection obligations, monitoring compliance with policies, and addressing any enquiries or concerns regarding this policy. For further information or queries, please contact us at: email@example.com
2.1 This policy applies to the personal information collected from and processed for job applicants, employees (current and former), temporary and agency workers, contractors, interns, volunteers, customers, clients, individuals interested in our business, and business associates.
2.2 We regularly review and update this policy to align with our data protection obligations. Please note that this policy does not form part of any employee’s contract of employment or any other contractual agreement, and we may amend, update, or supplement it as necessary.
Criminal records information: Refers to personal information related to criminal convictions, offences, allegations, proceedings, and related security measures.
Data breach: Refers to a breach of security resulting in accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access to personal information.
Data subject: Refers to the individual to whom the personal information relates.
Personal information: (also known as personal data) refers to information relating to an identifiable individual.
Processing information: Refers to activities such as obtaining, recording, organising, storing, amending, retrieving, disclosing, or destroying information or performing any action with it.
Sensitive personal information: (also known as special categories of personal data) refers to personal information about an individual’s race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership (or non-membership), genetic information, biometric information (used for identification), and information concerning an individual’s health, sex life, or sexual orientation.
- Data protection principles
4.1 One Auction Ltd will comply with the following data protection principles when processing personal information:
4.1.1 Personal information will be processed lawfully, fairly, and transparently.
4.1.2 Personal information will be collected for specified, explicit, and legitimate purposes and will not be processed in a manner incompatible with those purposes.
4.1.3 Only adequate, relevant, and necessary personal information will be processed for the intended purposes.
4.1.4 Personal information will be kept accurate, up-to-date, and reasonable steps will be taken to rectify or delete inaccurate information promptly.
4.1.5 Personal information will be retained only for the necessary duration required for the purposes for which it is processed.
4.1.6 Appropriate technical and organisational measures will be implemented to ensure the security and protection of personal information against unauthorised or unlawful processing, accidental loss, destruction, or damage.
- The basis for processing personal information
5.1 Before initiating any processing activity, we will review and determine the most appropriate lawful basis(es) for that processing, considering the following options:
(a) Consent of the data subject; (b) Performance of a contract; (c) Compliance with a legal obligation; (d) Protection of vital interests of the data subject; (e) Performance of a task carried out in the public interest or in the exercise of official authority; (f) Legitimate interests pursued by the data controller or a third party.
5.2 We will maintain records of the lawful bases identified for each processing activity and ensure that they are communicated to the individuals concerned through privacy notices or other appropriate means.
- Types of personal information
6.1 The types of personal information we may collect and process include:
- Personal identifiers (e.g., name, address, date of birth, ID numbers)
- Contact details (e.g., email address, phone number)
- Financial information (e.g., bank account details, payment card information)
- Employment-related information (e.g., CVs, employment history)
- Special categories of personal information (e.g., health information, ethnicity, religious beliefs) as required and permitted by applicable laws
- IP addresses and other online identifiers
- Sensitive personal information
7.1 One Auction Ltd recognises the importance of handling sensitive personal information with utmost care and will only process such information in accordance with applicable laws and regulations. We will ensure that:
- Processing is carried out on a lawful basis as per the applicable laws;
- Sensitive personal information is treated with strict confidentiality and appropriate security measures are in place;
- Individuals’ explicit consent or another legal basis is obtained prior to processing sensitive personal information unless an exemption under the law applies;
- The collection and processing of sensitive personal information are limited to the necessary extent for fulfilling the intended purpose;
- Sensitive personal information is not used for automated decision-making without suitable safeguards in place.
- Criminal records information
8.1 For the processing of criminal records information, we adhere to the wider One Auction Ltd’s Criminal Records Information Policy, which sets out specific guidelines for handling such data. Please refer to the separate policy for further information.
- Data protection impact assessments (DPIAs)
9.1 We will conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in a high risk to individuals’ data protection rights and freedoms. DPIAs will be performed to identify and mitigate any potential risks associated with the processing activities.
- Documentation and records
10.1 We will maintain appropriate documentation and records to demonstrate our compliance with data protection regulations, including but not limited to:
- Records of processing activities
- Privacy notices
- Consent forms
- Contracts with data processors
- Data breaches and related investigations
- Records relating to sensitive personal information and criminal records information
- Privacy notice
11.1 We will provide individuals with clear and concise privacy notices that contain relevant information about the processing of their personal information. These notices will be easily accessible and available at the point of data collection or through other appropriate means. The privacy notices will include details such as the purposes of the processing, lawful bases, retention periods, individuals’ rights, and contact information for inquiries or requests related to personal information.