top of page

Aceline’s Data Protection Policy sets out our commitment to protecting personal data and how we implement that commitment with regards to the collection and use of personal data.



Aceline: means the organisation Aceline Resourcing Limited which this policy refers to DPA 1998: means the Data Protection Act of 1998
GDPR 2018: means the General Data Protection Regulation 2018
Personal data: means any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier Sensitive data: means any information that is of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation
Data protection officer: means the Data Protection Office that Aceline has appointed

Our Commitment

We are committed to:

  • ensuring that we comply with the data protection principles

  • meeting our legal obligations as laid down by the Data Protection Act 1998 and the General Data Protection Regulations 2018

  • ensuring that data is collected and used fairly, lawfully and in a transparent manner

  • processing personal data only in order to meet our operational needs or fulfil legal requirements, no data is passed on for commercial gain

  • taking steps to ensure that personal data is up to date and accurate

  • establishing appropriate retention periods for personal data

  • ensuring that data subjects' rights can be appropriately exercised

  • providing adequate security measures to protect personal data

  • ensuring that a nominated officer is responsible for data protection compliance and provides a point of contact for all data protection issues

  • ensuring that all staff are made aware of good practice in data protection

  • providing adequate training for all staff responsible for personal data

  • ensuring that everyone handling personal data knows where to find further guidance

  • ensuring that queries about data protection, internal and external to Aceline, are dealt with effectively and promptly

  • regularly reviewing data protection procedures and guidelines within Aceline.


Data Protection Principles

  1. Personal data shall be processed fairly and lawfully

  2. Personal data shall be obtained for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes

  3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed

  4. Personal data shall be accurate and, where necessary, kept up to date

  5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes

  6. Personal data shall be processed in accordance with the rights of data subjects under the DPA 1998 and GDPR 2018

  7. Appropriate technical and organisational measures shall be taken against unauthorised and unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data

  8. Personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data..


Where Data is Stored

Aceline stores and process data across different platforms:

  • Email: Microsoft Office 365

  • Files and Documents: Office 365

  • Accounts: Xero Accounting

  • Signed Contracts: DocuSign


Legal Basis

The basis for which Aceline processes data depends on the business ‘activity’. For each activity, Aceline has assessed and agreed on the following legal basis:

  • Consultancy process: legitimate interest

  • Marketing: consent

  • Payment and accounts: legal obligation

  • HR/employee files: legal obligation


Subject Access Rights

For an individual to gain access to the data that Aceline holds on them, the individual must complete the Aceline Subject Access Request Form which can be obtained by calling, emailing or writing to us. Aceline will respond positively to subject access requests, replying as quickly as possible, and in any event within the 30-day time limit.

  • Right to be informed: Aceline will notify the individual when their data is to be stored on their CRM system (Profile); or their CV is sent to a Client.

  • Right of access: Individuals can request their data after completing Aceline Subject Access Request Form.

  • Right to correct data: Individuals can request changes after completing the Aceline Subject Access Request Form.

  • Right to erasure: Individuals can request their data is removed or deleted by completing the Aceline Subject Access Request Form

  • Right to data portability: Individuals can request their data be sent to them in either CSV file format or zip file (attachments) after completing the Aceline Subject Access Request Form.

All requests made will be recorded on a restricted list indefinitely. This will be restricted to Aceline’s CEO and DPO.


Fair Obtaining and Processing

Aceline will ensure that as far as practicable, all individuals whose details are processed by Aceline are aware of the way in which that information will be obtained, held, used and disclosed. Whenever possible, individuals will be informed of the potential recipients of the information. Processing of personal information by Aceline will be fair and lawful and, in addition, it is Aceline’s Policy that individuals will not be misled regarding the purposes to which Aceline will process the information.



Aceline will not use or process personal information in any way that contravenes its notified purposes, or in any way that would constitute a breach of the DPA or GDPR. When appropriate, Aceline will notify the Information Commissioner of any amendments to the existing Aceline’s notified purposes or of new purposes to be added to the Notification Register entry.


Information Quality and Integrity

Aceline will endeavour to process personal information, which is accurate, current and is of good quality. Information that is obtained by Aceline will be adequate and not excessive for the purpose for which it is processed. In addition, information will be kept by Aceline for no longer than is necessary for the purpose or purposes for which it was obtained.


Technical and Organisational Security

Aceline has in place appropriate security measures as required by the DPA and GDPR. Information systems are installed with adequate security controls and company employees who use these systems will be properly authorised to use them for company business.


Controlling Access

Aceline has tightened physical access to data by restricting access to data by restricting this to employees needing to access specific data in order to carry out their jobs. Aceline takes steps to prevent accidental loss or theft of personal data by using server backup processes and increased security at our offices.

Safeguarding Data

Aceline relies on computers to store data, so it was necessary to introduce the following electronic safeguards:

  • We have up-to-date antivirus software to protect against viruses damaging our data and computers

  • We protect our computer network from hackers with a firewall

  • We have introduced housekeeping measures by regular backups and disabling people’s accounts as they leave the business

  • We have introduced a clear strategy for managing all our computer security tools


Additional Compliance Obligations

Although not legal required for Aceline, it has appointed a Data Protection Officer: Merenna Sugunasingha as the Independent Data Protection Officer. Sensitive data will not be handled by Aceline for the a for the normal provision of its service. Aceline must be informed if sensitive Personal Data is required to be processed.


Cookie Policy

​By continuing to use this site you are considered as understanding and agreeing to the contents of this statement.

We use Google Analytics cookies to collect information about how visitors use this site and if issues are encountered (such as broken links). Google analytics stores information about what pages you visit, how long you were on the site, how you got here and what you click on. We do not store your personal information so this information cannot be used to identify who you are. We do not allow Google to use or share our data.

We use Google Analytics to make sure our website is meeting our users' needs and to help prioritise improvements. Google provides more details on the Google privacy and cookie policy page. Google also provides a browser add-on which allows you to opt out of Google Analytics across all websites.

bottom of page