Data Protection Policy

Personal data is any information identifying a living, identified or identifiable individual (“Data Subject) or information relating to a Data Subject that the Company can identify (directly or indirectly) from that data alone or in combination with other identifiers it possesses or can reasonably access.

This Policy applies to all Personal Data the Company processes regardless of the media on which that data is stored or whether it relates to past or present employees, workers, customers, clients or supplier contacts, shareholders, website users or any other Data Subject.

You must read, understand, and comply with this Policy when Processing Personal Data on Comfort Frame’s behalf. Your compliance with this Policy is mandatory. Any breach of this Policy may result in disciplinary action.

You must:

  • Attend any mandatory training as requested by the Company on Data Protection.
  • Keep Personal Data confidential.
  • Only collect, process, access and use Personal Data as required to carry out your job duties.
  • Get authorisation from the Data Protection Officer before collecting, processing, accessing, and using Personal Data for new or different purposes.
  • Ensure any Personal Data collected is adequate and relevant for the intended purposes.
  • Ensure that the Personal Data we use, and hold is accurate, complete, kept up to date and relevant to the purpose for which we collected it.
  • Keep and maintain accurate records containing Personal Data.
  • Only collect necessary Personal data. Do not collect information which is excessive.
  • Ensure that you comply with the Company’s Retention Policy.
  • Only share personal data with other staff members who have a job related need to know and are authorised to access/use the Personal Data.
  • Follow all procedures and technologies the Company puts in place to maintain the security of all Personal Data from the point of collection to the point of destruction. This includes the Company’s Electronic Information and Communications Systems Policy, our Hard Copy Information security policy and other security measures adopted and notified to you from time to time.
  • Not attempt to circumvent the administrative, physical, and technical safeguards the Company implements and maintains to protect Personal Data.
  • Contact the Data Protection Officer immediately if you know or suspect that a Personal Data Breach has occurred. You should not attempt to investigate the matter yourself. You should preserve all evidence relating to the potential Personal Data Breach.
  • Only share the Personal Data we hold with third parties, such as our service providers if:

(a) Authorised by the Company to do so.

(b) they have a need to know the information for the purposes of providing the contracted services.

(c) sharing the Personal Data complies with the Privacy Notice provided to the Data Subject and, if required, the Data Subject’s Consent has been obtained.

(d) the third party has agreed to comply with the required data security standards, policies and procedures and put adequate security measures in place.

(e) the transfer complies with any applicable cross border transfer restrictions; and

(f) a fully executed written contract that contains General Data Protection Regulation approved third party clauses has been obtained.

  • Promptly honour requests from a customer to opt out of direct marketing. You need to obtain enough information to ensure that marketing preferences are respected in the future.
  • Immediately forward to the Data Protection Officer any written request from an individual to:

(a) Access their personal information.

(b) Correct their personal information.

(c) Erase their personal information.

(d) Object to the processing of their person information.

(e) Restrict the processing of their personal information.

(f) Transfer their personal information to another party.

(g) Withdraw consent.

Please contact the Data Protection Officer with any questions about the operation of this Policy or if you have any concerns that this Policy is not being or has not been followed. The Company’s Data Protection Officer is Andy Gouldson, email address

Scroll to Top