4. Data Protection Principles
All Data Users who process personal data under this policy must comply (and be able to demonstrate compliance) with the principles of the Data Protection Laws. These principles provide that personal data must be:
- be used in a way that makes it clear to data subjects what is being done with their personal data, and is fair, reasonable and compliant with Data Protection Laws;
- only be used in line with how we told the data subject we would use it and not for any wider, incompatible purposes;
- adequate, relevant and limited just to what we need it for;
- accurate and, where necessary, kept up to date;
- not kept in a form which permits identification of data subjects for any longer than necessary for the purpose for which the personal data is processed; and
- kept secure.
16. Changes to this Policy
We reserve the right to change this policy at any time. Where appropriate, we shall notify Data Users of this policy of those changes by e-mail.