About data protection

The Data Protection Act 1998 controls how we use your personal information.

We follow strict rules called data protection principles. We must make sure information is:

  • used fairly and lawfully
  • used for limited, specifically stated purposes
  • adequate, relevant and not excessive
  • accurate
  • kept for no longer than is necessary
  • handled according to people’s data protection rights
  • kept safe and secure
  • not transferred outside the European Economic Area without adequate protection

You can have access to information that we hold about you by making a subject access request.