Sign in

Data Protection Policy

The Board of Directors and management of Lightfoot is fully committed to protecting the rights and privacy of individuals operating in accordance with the Data Protection Act 2018 (UK) (DPA) and the UK General Data Protection Regulations 2016 (GDPR).

Lightfoot is committed to preserving the confidentiality, integrity, and availability of all the physical, electronic and information assets throughout our organisation, to preserve our competitive edge, cash-flow, profitability, legal, regulatory, and contractual compliance, and commercial image.

Our Data Protection Policy sets out our commitment to protecting personal and sensitive data and how we implement that commitment with regards to the collection and use of this data.

We are committed to meeting our legal obligations as laid down by the DPA and GDPR, ensuring that we comply with the eight data protection principles, as listed below:

  • Lawfulness, fairness and transparency – we must have legitimate grounds for collecting personal data, & it must be used in ways that are reasonable
  • Purpose limitation – we must collect personal data for a specific, limited purpose
  • Data minimisation – we must only process personal data that is relevant to the purpose
  • Accuracy – we must take reasonable steps to ensure the accuracy of personal data
  • Storage limitation – we must only keep personal data for as long as necessary for the purpose
  • Integrity and confidentiality – we must keep personal data secure
  • Accountability – we must take responsibility for the personal data that we process
  • International transfers – we must only transfer data internationally to countries that offer the same level of protection as the UK

We also recognise the rights afforded to individuals under the DPA and GDPR, namely their:

  • Right to be informed about the collection and use of their data
  • Right of access, and to receive a copy of the personal data being processed
  • Right of rectification of inaccurate personal data
  • Right to erasure of personal data in certain circumstances
  • Right to restrict processing of personal data in certain circumstances
  • Right of data portability, to receive their personal data in a structured, machine-readable format
  • Right to object to the processing of personal data
  • Rights relating to automated decision making, where applicable

In order to deliver the principles, we are committed to safeguarding personal and sensitive information by:

  • ensuring that data subjects’ rights can be appropriately exercised
  • ensuring that data is collected and used fairly and lawfully
  • taking steps to ensure that personal data is up to date and accurate
  • processing personal data only to meet our operational needs or fulfil legal requirements
  • providing adequate security measures to protect personal data
  • ensuring that a nominated officer is responsible for data protection compliance and provides a point of contact for all data protection issues
  • ensuring that all staff are made aware of good practice in data protection
  • providing adequate training for all staff responsible for personal data
  • ensuring that everyone handling personal data knows where to find further guidance
  • ensuring that queries about data protection, internal and external to the organisation, is dealt with effectively and promptly
  • regularly reviewing data protection procedures and guidelines within the organisation.

Neil Warman, Chief Financial Officer

Date: 15 September 2025

P024 Data Protection Policy V10

Document Classification: Public