Data Protection Policy


Platinum Pools and Spas Ltd (hereinafter referred to as “the Company”) is committed to protecting the privacy and personal data of our customers, employees, and other stakeholders. This Data Protection Policy outlines our approach to data protection and our responsibilities under the Data Protection (Jersey) Law 2018 (DPJL) and the European General Data Protection Regulation (GDPR).


This policy applies to all personal data processed by the Company, whether collected from customers, employees, suppliers, or other individuals.

Principles of Data Protection

The Company adheres to the following data protection principles:

3.1. Lawfulness, Fairness, and Transparency

  • We process personal data lawfully, fairly, and transparently.
  • We inform individuals about the purposes of data processing and their rights.

3.2. Purpose Limitation

  • We collect and process personal data only for specified, explicit, and legitimate purposes.
  • We do not use data for purposes incompatible with the original purpose.

3.3. Data Minimisation

  • We collect only the necessary data required for the intended purpose.
  • We regularly review data retention periods and delete data when no longer needed.

3.4. Accuracy

  • We ensure that personal data is accurate, up-to-date, and relevant.
  • Individuals have the right to request corrections to their data.

3.5. Security

  • We implement appropriate technical and organisational measures to protect personal data.
  • We train employees on data protection practices and confidentiality.

3.6. Accountability

  • We maintain records of data processing activities.
  • We appoint a Data Protection Officer (DPO) responsible for compliance.

Data Subjects’ Rights

Individuals have the following rights under the DPJL and GDPR:

  • Right to access their personal data.
  • Right to rectify inaccurate data.
  • Right to erasure (right to be forgotten).
  • Right to restrict processing.
  • Right to data portability.
  • Right to object to processing.

Data Breach Response

In the event of a data breach, the Company will:

  • Investigate the breach promptly.
  • Notify the Jersey Office of the Information Commissioner (JOIC) within 72 hours.
  • Inform affected individuals if the breach poses a high risk to their rights and freedoms.

International Transfers

When transferring personal data outside Jersey, we ensure adequate safeguards are in place, such as Standard Contractual Clauses or Binding Corporate Rules.

Training and Awareness

We provide regular data protection training to employees and raise awareness of their responsibilities.

Contact Information

For any data protection inquiries or to exercise your rights, please contact our Data Protection Officer:

  • Name: [John Nicholson]
  • Email: []
  • Phone: [07829933200]