Skip to content

Data Protection Policy

Protecting personal data is very important. FooEngine Limited ("the Company") takes this responsibility seriously and works to ensure that personal data relating to employees, clients, partners and suppliers is handled lawfully, fairly and securely.

All employees share responsibility for protecting personal data held by the Company.

Data Protection Officer

The Company's Chief Technology Officer (CTO) acts as the Data Protection Officer (DPO).

Questions or concerns about data protection should be raised with the CTO or senior management.

Our Principles for Processing Personal Data

FooEngine follows the UK GDPR principles. Personal data must be:

  • Processed lawfully, fairly and transparently
  • Collected for specified, explicit and legitimate purposes
  • Adequate, relevant and limited to what is necessary
  • Accurate and kept up to date
  • Not kept longer than necessary
  • Processed securely
  • Not transferred outside the UK or EEA without appropriate safeguards

Lawful Bases for Processing

We process personal data where necessary:

  • With the individual's consent
  • To perform an employment or commercial contract
  • To meet legal obligations
  • To protect vital interests
  • For legitimate business interests, provided these do not override individual rights

Where special category data is processed (for example health information), additional legal conditions are met.

Further details of what data we hold and why are provided in the Company Privacy Notice.

We will obtain explicit consent or meet additional legal requirements when processing:

  • Health data to monitor sickness absence or fitness for work
  • Equal opportunities monitoring
  • Pension, insurance or statutory reporting
  • Transfers of personal data outside the UK or EEA
  • Sharing data with medical or occupational health professionals

Employee Responsibilities

All employees must:

  • Only access personal data needed for their role
  • Keep personal data secure and confidential
  • Avoid storing personal data unnecessarily
  • Use Company systems for storing personal data
  • Encrypt or anonymise data where appropriate
  • Follow Company security and incident reporting procedures
  • Immediately report any suspected data breach

Failure to follow this policy may result in disciplinary action.

Data Subject Rights

Employees and other individuals whose data we hold have the right to:

  • Request access to their personal data
  • Request correction of inaccurate data
  • Request deletion where data is no longer required
  • Object to certain processing
  • Request restriction of processing in certain circumstances

Requests should be made to senior management or the CTO.

We will respond within one calendar month, or sooner where possible.

Data Breaches

A data breach includes accidental or unlawful destruction, loss, alteration or unauthorised disclosure of personal data. Examples include:

  • Sending personal data to the wrong recipient
  • Loss of devices containing personal data
  • Careless handling of passwords
  • Unauthorised sharing of data

If you become aware of a data breach, you must notify the CTO or senior management immediately.

Third Parties

Where third parties process personal data on behalf of FooEngine, we ensure they:

  • Have appropriate security measures in place
  • Comply with UK GDPR requirements
  • Only process data under written agreement

Retention

Personal data is retained only for as long as necessary for the purpose collected and in line with legal and business requirements. Once no longer required, it is securely deleted.

Monitoring

The Company may monitor use of its IT systems where reasonably necessary to:

  • Protect Company systems
  • Investigate suspected misuse
  • Ensure compliance with policies

Monitoring is carried out proportionately and lawfully.

Policy Changes

This policy may be updated from time to time to reflect changes in law or Company practice. Employees will be notified of material changes.