Skip to main content

Data Protection & Privacy Policy

Data Protection & Privacy Policy

October 2022
Middleton Engineering Ltd

Ashcott Road




Note: The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (UK GDPR).


Middleton Engineering Ltd has a business need to gather certain information about individuals, this can include clients, suppliers, employees, and others that Middleton Engineering Ltd have a relationship with or whom Middleton Engineering Ltd may need to contact. Our Data Protection Policy describes how Middleton Engineering Ltd collects and handles this personal data and how it is stored so that data protection standards are maintained and that the law is complied with.


Everyone responsible for using personal data has to follow strict rules called ‘data protection principles. They must make sure the information is:

Used fairly, lawfully, and transparently.

Used for specified, explicit purposes.

Used in a way that is adequate, relevant, and limited to only what is necessary.

Accurate and, where necessary, kept up to date.

Kept for no longer than is necessary.

Handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction, or damage.

The act also adds more robust legal protection for sensitive information, such as:

Ethnic background.

Political opinions.

Religious beliefs.

Trade union membership.


Biometrics (where used for identification).


Sex life or orientation.

There are separate safeguards for personal data relating to criminal convictions and offences.

Personal Data Rights

Under the Data Protection Act 2018, persons have the right to find out what information Middleton Engineering Ltd store about them.

These include the right to:
Be informed about how the data is being used.

Access their own personal data.

Have any incorrect data updated or where relevant have data erased.

Stop or restrict the processing of their data.

Data portability (allowing persons to get and reuse their data for different services).

Object to how their data is processed in certain circumstances.

Persons also have rights when an organisation is using your personal data for automated decisionmaking processes (without human involvement) profiling, for example to predict their behaviour or interests.

Policy Aim
The aim of this policy is to ensure that Middleton Engineering Ltd:

Complies with data protection act and follows best practice.

Protects the rights of all persons affected.

Is open about how Middleton Engineering Ltd stores and processes individual’s data.

Protects itself from the risks of data breach.

To comply with this act personal information must be collected and used fairly, stored securely and not disclosed unlawfully.

Policy Scope
This policy applies to all staff and all persons working for or on behalf of Middleton Engineering Ltd.

This policy applies to all data Middleton Engineering Ltd holds relating to identifiable individuals, even if that information technically falls outside of the Data Protection act 2018. This can include:

Names of individuals.

Postal addresses.

Email addresses.

Telephone numbers.

Any other information relating to individuals.

All persons who handle any data for or on behalf of Middleton Engineering Ltd have the responsibility to ensure the data is collected, stored, and handled appropriately, however, the Commercial Manager has the ultimate responsibility as the data protection officer.

The Responsibilities include:

Ensuring Middleton Engineering Ltd meets its legal obligations.

Reviewing data protection procedures to ensure they are effective.

Handling data protection questions from any persons covered by this policy.

Dealing with requests from individuals to view the data held by Middleton Engineering Ltd about them.

Ensuring any third part that may handle company data complies with this policy.

Data Storage

Electronic data will be stored on our secure server protected with a suitable password and from malicious or accidental deletion or hacking.

Paper copy data will be securely stored in company filling cabinets accessed only by authorised persons. Any disposal of data will be by secure means.

Middleton Engineering Ltd will maintain reasonable steps to ensure all data kept is accurate and up to date.

Subject Access Requests

All persons who are the subjects of personal data held by Middleton Engineering Ltd are entitled to:

Enquire what information Middleton Engineering Ltd holds about them and why.

Enquire how to get access to it.

Be informed how to keep it up to date.

Be informed how Middleton Engineering Ltd is meeting its data protection obligations.

If any individual contacts Middleton Engineering Ltd requesting this information this is a “subject access request.”

Such requests should be made by email, addressed to one of the directors, individuals will not be charged an initial fee for a subject access request.

A “reasonable fee” for the administrative costs of complying with a request may be required if the request is manifestly unfounded or excessive. Or an individual requests further copies of their data following a request. Alternatively, Middleton Engineering Ltd may refuse to comply with a manifestly unfounded or excessive request.

Middleton Engineering Ltd will provide the relevant data without undue delay and at the latest within one month of receipt of the request once the validity and verification of the identification of anyone making a subject access request is established.

Disclosing Data for other reasons

In certain circumstances Middleton Engineering Ltd may be obliged to provide information to law enforcement agencies without the consent of the data subject, under these circumstances, Middleton Engineering Ltd will disclose the requested data whilst complying with current legislation.

Providing Information
Middleton Engineering Ltd aims to ensure that all individuals are aware that their data is being processed and that they understand how this data is used and how to exercise their rights.

Our named data controller is Sam Loxton