The Gap Partnership will:
1. Process personal data fairly and lawfully;
2. Process personal data only where this is strictly necessary for legal and regulatory purposes, or for legitimate organisational purposes;
3. Ensure that personal data is only used for the purposes that it was originally obtained, or for other compatible purposes;
4. Ensure that that personal data is relevant and not excessive in relation to the purpose or purposes for which it is processed;
5. Ensure that personal data is accurate and, where necessary, kept up to date;
6. Ensure that personal data is only retained for the time period required to meet the organisation's reasonable requirements;
7. Provide clear information to natural persons about how their personal data will be used and by whom;
8. Ensure that personal data is processed in accordance with the rights of data subjects -
- access to personal data;
- right to erasure;
- right to restriction of processing of personal data;
- objecting to adverse automatic decisions;
- compensation for breaches of statutory obligations;
- right to data portability;
9. adopt appropriate technical and organisational measures against unauthorised or unlawful processing of personal data, and against accidental loss or destruction of, or damage to, personal data;
10. ensure that personal data is only transferred outside the European Economic Area to countries that ensure an adequate level of protection.