3.16.4 Unauthorised Software
               Only software, which has been licensed by the Company, may be used on the Company's computer systems and
               under no circumstances should copyrighted software be copied or shared. The Company’s regularly conducts
               audits of the network to check for unauthorised software.

               3.16.5 Personal Software
               You may not load any software or disk which has not been checked for electronic virus(es) by the Company. You
               are requested not to attach any equipment to your PC without the prior approval of the IT Service provider or a
               MANAGER.

               3.16.6 General PC Security
               You must also adhere to general IT security policy by using confidential passwords to access work files and
               individual document passwords on confidential files.


               3.17 PRIVACY AND DATA PROTECTION


                       Please refer to the Company Privacy and Data Protection Policy for full details. The information in
                       this section is intended to give you an indication of your duties and responsibilities with regard to
                       your own privacy and the privacy of individuals.

               3.17.1 Definitions
               ‘Data Protection Acts’ refers to the General Data Protection Regulation (GDPR). Those who keep data about
               individuals, including employers, must comply with data protection principles.

               ‘Data’ means information in a form which can be processed. It now includes both automated data and manual
               data.
               ‘Personal data’ means data relating to a living individual who is or can be identified either from the data or
               from the data in conjunction with other information that is in, or is likely to come into, the possession of the
               data controller

               ‘Data Subject’ is an individual who is the subject of personal data
               ‘Sensitive personal data’ relates to specific categories of data which are defined as data relating to a person’s
               racial origin; political opinions or religious or other beliefs; physical or mental health; sexual life; criminal
               convictions or the alleged commission of an offence; trade union membership
               ‘Subject Access Request’ is a right that individuals have to obtain from any company the information that is
               held about them by that company.
               ‘Automated data’ means, broadly speaking, any information on computers, or information recorded with the
               intention of putting it on computer.
               ‘Manual data’ means information that is kept as part of a relevant filing system, or with the intention that it
               should form part of a relevant filing system.
               ‘Relevant filing system’ means any set of information that, while not computerised, is structured by reference
               to individuals, or by reference to criteria relating to individuals, so that specific information relating to a
               particular individual is readily accessible.
               ‘Data Controller’ is a person who, either alone or with others, controls the contents and use of personal data

               ‘Data Processor’ is a person who processes personal information on behalf of a data controller but does not
               include an employee of a data controller who processes such data in the course of his/her employment.

               ‘Processing’ means performing any operation or set of operations on data, including:


                                                       Page 56 of 75
               ORC.MYC.DV1