Clement Hughes & Co is required to maintain certain personal data about individuals for the purposes of satisfying operational and legal obligations.  Clement Hughes & Co recognises the importance of the correct and lawful treatment of personal data;

It maintains confidence in the organisation and provides for successful operations.

The types of personal data Clement Hughes & Co may requires information about current, past and prospective employees, clients, suppliers and others with whom it communicates.  This personal data, whether it is held on paper, on computer or other media will be subject to the appropriate legal safeguards as specified in the Data Protection Act 1998.

Clement Hughes & Co endorses and adheres to the eight principles of the Data Protection Act.  These principles specify the legal conditions must be satisfied in relation to obtaining, handling, processing, transportation and storage of personal data.  Employees and any others who obtain, handle, process, transport and store personal data for Clement Hughes & Co must adhere to these principles.


The Principles require that personal data shall:-

  1. Be processed fairly and lawfully and should not be processed unless certain conditions are met;
  2. Be obtained for a specified and lawful purpose and shall not be processed in any matter incompatible with that purpose;
  3. Be adequate, relevant and excessive for those purposes;
  4. Be accurate and where necessary kept up to date;
  5. Not to be kept for longer than necessary for that purpose;
  6. Be processed in accordance with the data subjects rights;
  7. Be kept secure from unauthorized or unlawful processing and protection against accident or loss, destruction or damage by using the appropriate technical and organizational measures.
  8. Not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the process of personal data.

Satisfaction of Principles

In order to meet the requirements of the principles Clement Hughes & Co will:-

  1. Observe fully the conditions regarding the fair collection and use of personal data;
  2. Meet its obligations to specify the purposes for which personal data is used;
  3. Collect and process appropriate personal data only to the extent that it is needed to fulfil operational and legal requirements;
  4. Make sure the quality of personal data used.
  5. Apply strict checks to determine the length of time personal data is held;
  6. Ensure that the rights of individuals about whom the personal data is held, can be fully exercised under this Act;
  7. Take the appropriate technical and organizational security measures to safeguard personal data;
  8. Ensure that personal data is not transferred abroad without suitable safeguards.

Clement Hughes & Co.’s Designated Data Controller is responsible for ensuring compliance with the Data Protection Act and implementation of this policy on behalf of the partners.  The Data Controller may be contacted at:

Data Controller 4 Maes y Groes Prestatyn LL19 9DB

01745 852121

Any questions or interpretation or operation of this policy should be taken up in the first instance with the Data Controller.

Status of the Policy

This policy has been approved by the partners and that any breach will be taken seriously and may result in formal action.

Subject Access

All individuals who on the subject of personal data held by the society are entitled to:

  1. Ask what information Clement Hughes & Co holds about them and why;
  2. Ask how to gain access to it;
  3. Be informed how to keep it up to date;
  4. What Clement Hughes & Co is doing to comply with its obligations under the 1998 Data Protection Act.