Data Protection

  • The Mystery Partnership may obtain and store data about its partnerss and clients or customers. To comply with the law, personal information will be stored safely and securely and will not be disclosed to any other person unlawfully. The Mystery Partnership will comply with the 1998 Data Protection Act as detailed below:
  • The Mystery Partnership shall process personal data fairly and lawfully
  • All personal data shall be obtained only for specified and lawful purposes, and shall not be processed in any manner incompatible with those purposes
  • Personal data shall be adequate, relevant and not excessive in relation to the purposes for which it is processed
  • Personal data shall be accurate and, where necessary, kept up to date
  • Personal data shall be kept for no longer than is necessary for the purposes for which it is processed
  • Personal data shall be processed in accordance with the rights of data subjects under the Act
  • Personal data shall be subject to appropriate technical and organisational measures to protect against unauthorised or unlawful processing and accidental loss, destruction or damage
  • Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of data protection
  • The 1998 Act introduces new restrictions on the holding and processing of what is termed ‘sensitive personal data’, such as racial or ethnic origin, political opinions, religious or other beliefs, whether a member of a trade union, physical or mental health, sexual life, and any court record, or allegations of such. In addition to being subject to the eight principles above at least one of the following conditions must be complied with – there are others, but most relevant in the context of employment are:
  • The worker has given his or her consent to the processing
  • The processing is necessary for the purposes of exercising or performing any right or obligation which is conferred or imposed by law on the employer in connection with employment
  • The processing is necessary in connection with any legal proceedings or for the purpose of obtaining legal advice
  • The processing is necessary for the administration of justice, for the exercise of functions conferred by statute, or for the exercise of any function of the Crown
  • That if the processing relates to sensitive data as to racial or ethnic origin it is necessary for the purpose of monitoring equality of opportunity or treatment between persons of different racial or ethnic origins with a view to enabling such equality to be promoted or maintained; and is carried out with appropriate safeguards for the rights and freedoms of data subjects
  • The Act also covers the use of computerised decision making packages, such as those used in recruitment and sifting of applications. The uses of such packages to complement, not replace, human judgement is not in contravention of the Act – it is when they are in sole use that restrictions apply


  • Misuse of information systems will be regarded as a disciplinary Offence and will be dealt with under the Disciplinary Procedures. If sufficiently flagrant, abuses of security may be regarded as gross misconduct and as such potentially grounds for dismissal in the case of staff. Misuse amounting to criminal conduct may be reported to the police.