Privacy Policy


Personal Data

Data relating to a living individual who can be identified from that information or from that data and other information in possession of the data controller, includes name, address, telephone number, identity number other identifying data such as a person’s DNA. Also includes expression of opinion about the individual, and of the intentions of the data controller in respect of that individual.

Sensitive Data

Different from ordinary personal data (such as name, address, telephone) and relates to racial or ethnic origin, political opinions, religious beliefs, trade union membership, health, sex life, criminal convictions. Sensitive data are subject to much stricter conditions of processing.

Data Controller

Any person (or organisation) that makes decisions with regard to particular personal data, including decisions regarding the purposes for which personal data are processed and the way in which the personal data are processed.

Data Subject

Any living individual who is the subject of personal data held by an organisation.


Any operation related to organisation, retrieval, disclosure and deletion of data and includes: Obtaining and recording data. Accessing, altering, adding to, merging, deleting data Retrieval, consultation or use of data Disclosure or otherwise making available of data.

Third Party

Any individual/organisation other than the data subject, the data controller (for example clients) or its agents.

Relevant Filing System

Any paper filing system or other manual filing system, which is structured so that information about an individual is readily accessible.
Please note that this is the definition of “Relevant Filing System”. Personal data as defined, and covered, by the Prevailing data protection legislation can be held in any format, electronic (including websites and emails), paper-based, photographic etc. from which the individual’s information can be readily extracted.


All processing of personal data must be done in accordance with the six data protection principles.

    1. Personal data shall be processed fairly, lawfully and transparently.

Data processing will not be lawful unless it satisfies at least one of the following processing conditions:

    • Consent – The data subject has provided valid consent for the processing.
    • Contract – The processing is necessary for the performance of a contract.
    • Legal obligation – The processing is necessary for compliance with a legal obligation to which the controller is subject.
    • Legitimate interest – The processing is necessary for the purposes of the legitimate pursued by the Data Controller, the client or The Lancer Group, except where such interests are overridden by the interests or fundamental rights of the data subject. Fraud prevention, cybersecurity and direct marketing are examples of the type of activities that might constitute legitimate interests.
    • Vital interest – The processing is necessary to protect the data subject’s vital interests, such as in a medical emergency.
    • Public interest – Processing is necessary for a task carried out in the public interest.
  1. Purpose limitation – Data processing must relate to a specific, explicit and legitimate purpose. Data must not be processed in a manner that is incompatible with the stated purpose/s. Generic purpose statements will not be compatible with the data protection legislation.
  2. Data minimisation – Data collected must be limited to what is necessary. It must be adequate, relevant and not excessive, having regard to the stated purpose for which data is being processed.
  3. Accuracy – Data must be kept accurate and up to date. Controllers must be able to correct personal data ‘without undue delay’.
  4. Storage limitation – Data should not be kept for any longer than is necessary. Data retention policies should establish time limits for erasure, although it is permissible to retain data for longer periods for archive or statistical purposes only.
  5. Integrity and confidentiality – Personal data must be processed in a manner that ensures appropriate security including protection against unauthorised or unlawful processing, loss, destruction or damage, using appropriate technical or organisational measures.