Data Protection and Information Security. Presented by Emma Hawksworth Slater and Gordon

Size: px
Start display at page:

Download "Data Protection and Information Security. Presented by Emma Hawksworth Slater and Gordon"

Transcription

1 Data Protection and Information Security Webinar Presented by Emma Hawksworth Slater and Gordon 1

2 3 ways to participate Ask questions link below this presentation Answer the polls link below this presentation Comment and chat click on Say something nice (bottom-right) Good afternoon and welcome introduction Please join in and participate in this webinar. If you look below this video stream you ll see links for questions and polls. If you have any questions you d like me to answer please submit them and I ll do my best to answer as many as possible at the end. You also have a chat area to the right do say hello, and chat the other participants, although don t include questions for me there as I won t see them, remember to include these via the links below the video 2

3 What s it all about? Workplace reps may handle personal information about members, for example Member contact details Personal case correspondence and documents Membership lists As a union rep it s important that you take steps to protect that information and keep it secure GDPR is bringing in important changes to the rules from 25 May 2018 So what s today all about? As workplace reps you handle personal information about members all the time, for example.. Member contact details Personal case correspondence and documents Membership lists It s important that you protect that information, and keep it secure. There is some new law in this area, the General Data Protection Regulation or GDPR which is coming into force in around 8 weeks, on 25 May This has significant implications for organisations and individuals who handle personal data, including unions and union representatives. 3

4 What s changing? Overall, GDPR rules about protecting privacy are stricter There are some enhanced protections for individuals such as stronger subject access rights and some new rights, such as the right to be forgotten Your union will be making changes to comply with the GDPR, you may see: more detailed membership application forms or more information in privacy notices on the website So what s changing? Our current data protection laws date back to 1998 and these haven t kept pace with advances in technology and the way we use data now In 2016 the EU parliament approved new data protection rules contained in the GDPR. Overall, they are intended to provide people with better protection - There are some enhanced protections for individuals such as stronger subject access rights and some new rights for the digital age, such as the right to be forgotten. You may have read about a legal case brought by individuals who wanted Google to delete some very old results which came up when they searched their name, and which they argued didn t comply with their right to privacy. The right to be forgotten looks like forming an important part of individual privacy rights in our increasingly digital world. So with these new rules which the GDPR is bringing in, your union head office will be making changes, and you may see: More detailed membership application forms or more detailed privacy notices on the website. Your union may have appointed a Data Protection Oficer or DPO to oversee this. 4

5 Today s webinar Introduction: what do the data protection rules apply to? Preparing for the GDPR Keeping member information secure Respecting members rights In today s session, I m going to start with a brief introduction to explain when data protection rules apply. Then I ll highlight three topics: Some initial steps you can take to prepare for the GDPR How you keep member information secure And finally respecting members rights Its important to say this is an introduction only, this is a vast subject, and the intention today is to highlight some aspects for you to think about, take away and do some further work on. So lets get started first, when do data protection rules apply? What information is covered? 5

6 What information is covered? Any information about a living individual such as Name Job title Work department address Union membership number* personal data *Special categories of data have stricter rules and require extra care Special categories include information about an individual s: trade union membership or nonmembership health politics Well, the data protection rules apply to any information about a living individual, from which the individual can be identified. That includes obvious things like name, date of birth, address, as well as less obvious things like IP address or address. The GDPR refers to all of this as personal data In some cases the individual will be easily identifiable, for example if their name is included. But the rules still apply even if the individual is not identified by name, provided they are identifiable by some other feature, such as their union membership number. Some categories of data have stricter rules and are referred to as Special categories of data. This is also known as sensitive personal data. The special categories of data include information about an individuals TU membership, their health, their politics, their race or religion. You need to be particularly careful when handling special categories of data. 6

7 What activities are covered? What activities? Collecting and using data Disclosing it to others Storing and deleting data Processing Where? On a computer, or On paper in a filing system, or On paper intended to be put in a filing system So that explains what information is covered by data protection rules. Next, we need to look at what activities are covered. The GDPR refers to processing of data which sounds as if it might be describing some technical computing function, but in fact refers to pretty much any use of data, including copying documents, reading them, sending by and also storing information, or deleting it, all these count as processing and so the rules apply to those activities as well. And this covers work on a computer or other electronic device, like creating documents or sending s but also covers paper records in a filing system, like personal case files, and any paper documents waiting to go into a hard copy or electronic filing system. 7

8 Processing personal data: examples Membership database on computer Personal case files in a cabinet Grievance outcome ed to you by a member Handwritten notes from a meeting with a member If they are intended to go in the member s file Contact details on your mobile phone or laptop But probably not handwritten notes in your diary So here are some examples of when your handling of member information will count as processing personal data which means the rules will apply. Accessing or working on a membership database on computer, or Personal case files in a cabinet Reading a Grievance outcome ed to you by a member Taking Handwritten notes from a meeting with a member, provided they are intended to go in the member s file Looking through contact details on your mobile phone or laptop One type of information to which the rules may not apply handwritten notes in your diary where you re not going to copy them to a hard copy or electronic file. You ll see from this that the data protection rules are likely to apply to almost all information you handle as a workplace representative, especially member information In fact almost all personal information you handle as a workplace rep is likely to be special category data because it relates to trade union membership, and so the stricter rules will apply. This means you should take extra care when handling it. 8

9 Preparing for the GDPR Find out from your regional or full time officer what your union s data protection and information security policies are Be familiar with your union s policies, and make sure you follow them when you handle member information Be aware of the GDPR s data protection principles which set out the golden rules for handling personal information I m going to move on now to the three topics I want to cover today in a bit more detail. The first of these is what you can do to prepare for the GDPR. The first step is to find out from your regional or full time officer what your union s data protection and information security policies are, read and get familiar with them, and make sure you follow them when you handle member information. Also you should be aware of what the GDPR calls the data protection principles. These are really the golden rules for handling personal information and I m going to go through a short summary of those key principles now. 9

10 Data protection principles: handle data fairly Follow the rules: you must only use data fairly and in line with the rules Only use member data in line with your union s policies and in particular don t share it with any third parties Take particular care with membership lists: if you have access to membership lists remember this is special category data, and take steps to protect this information First, the GDPR requires that you handle data fairly. This means you should only use member information in line with your union s policies. In particular don t share it with any third parties. Remember that membership lists are special category data so take extra care with this information. 10

11 Data protection principles: collect only what you need Explain why you need it: collect data for a specific purpose For example: if you ask a member for copies of their GP letters to use for their personal case, tell them why you need the letters, what you are going to do with them, who you will send them to, what you will do with them afterwards And don t take too much: collect only the data you need for that purpose For example: do you need to keep and share all the letters from the member s GP? Are they all relevant? The GDPR s golden rules also require you to be open and transparent when you collect information from a member. When a member gives you any information about themselves, whether that s an address or a bundle of documents, make sure they know why you need and what you will do with it. So that might mean which address you will use to communicate with them. Or take the example where you re assisting a member with a personal case about sickness absence. If you need copies of their GP letters, you need tell them why you need the letters, what you are going to do with them, who you will send them to, what you ll do with them afterwards. If you intend give copies to the employer, check that the member understands this and is happy for you to do it. Also, don t take more personal information than is needed for the purpose. The GDPR calls this data minimisation it really means, only take what you need. So if in example of the sickness absence case your member has a full copy of their GP record, but the latest letter has all the up to date information their employer has asked for, consider carefully whether you need the full file or whether just the latest letter is enough. 11

12 Data protection principles: update and retain data appropriately Keep it up to date: data must be accurate and up to date For example: correct contact details when asked. But don t keep it forever: data must be kept for no longer than necessary For example: what is your union s guidance about how long you should keep personal case files for and where should they be held? Do you need to keep everything? Finally on the data protection principles, the GDPR requires that you keep data up to date and that you don t keep it for longer than you need it. So, make sure you update your records when your members provide you with new information like new workplace, or home addresses, so you re not sending personal information to the wrong place. And make sure that you know your unions policy on how long you should keep information for. Some issues you might want to consider include how long you keep information about old members, and personal case files. 12

13 Information security Hacking: Carphone Warehouse was fined 400,000 when 3m customer records were put at risk by a cyberattack: the company s outdated software made it vulnerable Human error: a barrister was fined 1,000 when her files were uploaded to the internet by her husband while he updated software on their home computer Passwords/encryption: the ICO criticised a lawyer whose laptop was stolen; it contained confidential information about 8 individuals which contrary to ICO guidance was not password protected. So we ve covered the first of the topics I m going to deal with today, handling data fairly. I m going to look now at the second topic which is information security. This is a fundamental part of handling member information properly. Unions and their reps will handle all sorts of very sensitive information about their members, and its really important to keep it secure. The Information Commissioner, known as the ICO, is the regulatory body who considers complaints about breaches of data protection and information security. Here are some examples of the ICO s decisions on complaints of data breaches. Back in December Last year, Another lawyer was criticised when she had failed to password protect a laptop and it was stolen when she was having work done in her home. The ICO s guidance recommends that all mobile devices which contain confidential should have a password. in cases of loss or misuse of data that you become aware of you should immediately contact your regional or FT officer or your union's DPO so that they can advise you as to whether you need to take any other steps. 13

14 Keeping member information secure Some issues to consider about paperwork, for home, in the workplace and on the move: Clear desk policy Files kept under lock and key Take care when travelling, laptops are more secure than paper files as they can be password protected On public transport don t leave papers or a laptop unattended and don t discuss anyone s personal information with a colleague or on the phone Don t leave papers or a laptop in your car Your union s policies: it is important to read and apply the guidance your union provides about information security, and report any breaches Next I m going to highlight some areas you might want to consider about how you keep your members information secure. The starting point for all these security issues is to read your union s policies about keeping member information secure, and check that the way you work is in line with those policies. With paper files for example, do you have a clear desk policy when working on member s cases at home or in the workplace to prevent other people in your workplace or home from seeing personal information? Do you need to keep files in a locked cabinet? You need to take particular care when travelling. Don t leave papers or a laptop unattended and don t discuss personal details on public transport when others can hear. You shouldn t leave papers or a laptop in your car. Soft copies rather than papers copies are likely to be safer, because of the ability to password protect sensitive documents in digital form. 14

15 Keeping member information secure Some issues to consider about computer use, for home and in the workplace: Use remote access to union system or a case management system if available Shared computers: use password protected individual user accounts Back-up issues Consider password protection of laptops/mobiles, and individual documents on devices Your union s policies: it is important to read and apply the guidance your union provides about computer and mobile devices, and report any breaches Another important aspect to think about is your use of computers. Use remote access to union system or a case management system if available If that s not available and you are using a shared computer, make sure you set up a password protected individual user account which other users can t access. Loss of electronic documents can also cause members problems, so think about the arrangements you have for backing up your computers and other devices, and make sure these are safe too. Some 25% of complaints to the ICO relate to loss of data on mobile devices, so make sure your devices are password protected, and if you have particularly sensitive documents on a mobile device, consider adding a password to the individual document as well. 15

16 Keeping member information secure Some issues to consider about use, for home and in the workplace: Work systems Home s who has access? Double check addresses and attachments before sending Consider password protection of sensitive documents Your union s policies: it is important to read and apply the guidance your union provides about use Finally on this, some issues to consider about use of s. Again, check your union s policies as a starting point. With work s, practice may vary. In some workplaces reps won t use the work system for communications with members, others may have facilities agreements permitting use of work s. If you re unsure about the practice in your workplace, check with your union whether its OK to use your work , and if you are using it, be sure to include the words Private and Confidential in the subject line. If you are not able to use your work to correspond with members you could use your union address rather than a home address, especially if this is a shared family . If you don t have a union address, you may need to sign up for an address which is only accessible by you. Again if you are concerned, think about password protection, particularly of sensitive documents In summary - read and understand your union s policies, and check with your regional or full time officer if there is anything you are not sure about. Think about how you protect member data: both in the workplace and at home, on the move and when using mobile devices, computer and . Report any loss or unauthorised use of member data 16

17 Respecting members rights Do not try to respond to subject access requests yourself: immediately pass the request to your regional or full time officer as they have a limited time to respond to the request Assist: promptly provide any information requested by your union to assist it with responding to a request, for example copies of your correspondence with a member Read your union s policies: it is important to follow the guidance your union provides about members rights in relation to their data The focus so far has been on the data protection responsibilities of those who handle personal information. The third topic I want to highlight today is data protection rights of individuals. The best known of these is the right to make a subject access request. As I said earlier, the GDPR provides for stronger subject access rights. Individuals have the right to be given access to their personal information, generally without paying a fee, and in standard cases, information must be provided within a month. This applies to all organisations which handle data, including unions. Members have the right to request access to the personal data their union holds about them. There are two points to bear in mind about this. First of all, remember when making notes and corresponding about members that they have the right to ask for copies of what you have written about them. Secondly, if you receive a subject access request from a member, do not try to respond to it yourself: pass the request to your regional or full time officer. Do this immediately as they have a limited time to respond to the request. Also, if you are asked by the union to provide any information to assist with a response to a request, for example copies of your correspondence with a member, do so promptly. Finally, read your union s policies so you understand the rights members have to access the information you hold about them. 17

18 Key points to sum up Check: read and apply the guidance your union provides about data protection and information security Think: about your use of member data almost everything you deal with for members will be subject to the data protection rules Secure: keep all member information secure, at home, at work and on the move Report: if you receive a subject access request or in cases of loss or unauthorised use of member data, report immediately to your regional or full time officer or the union s Data Protection Officer That brings us to the end of this part of the webinar, which I ll sum up in these four points 1. Check your union s policies and make sure you are applying them 2. Think about your use of member data, especially since the data protection rules will apply to almost everything you deal with 3. Keep member information secure 4. Report any subject access requests you receive and any loss or unauthorised use of member data. Now we have around 20 minutes for your questions. 18

19 Next webinar The Gender Pay Gap Date to be confirmed. Subscribe to TUC Education on Crowdcast to be notified or check back on tuceducation.org.uk Before you go, here are some details of our next webinar when we ll be discussing the Gender Pay Gap. More information and a date to follow. Hope you can join us. 19

20 20

Ackworth Howard Church of England (VC) Junior and Infant School. Child-friendly GDPR privacy notice

Ackworth Howard Church of England (VC) Junior and Infant School. Child-friendly GDPR privacy notice Child-friendly GDPR privacy notice Child-friendly GDPR privacy notice What s this about? A new law has been made that keeps your information safe things like your address, date of birth and phone number.

More information

Frequently Asked Questions

Frequently Asked Questions Frequently Asked Questions After having undertaken a period of research within recreational cricket, this document is aimed at addressing the frequently asked questions from cricket Clubs, Leagues, Boards

More information

Creative Funding Solutions Limited Data Protection Policy

Creative Funding Solutions Limited Data Protection Policy Creative Funding Solutions Limited Data Protection Policy CONTENTS Section Title 1 Introduction 2 Why this Policy Exists 3 Data Protection Law 4 Responsibilities 5 6 7 8 9 10 Data Protection Impact Assessments

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Addressing the General Data Protection Regulation (GDPR) 2018 [EU] and the Data Protection Act (DPA) 2018 [UK] For information on this Policy or to request Subject Access please

More information

Element Finance Solutions Ltd Data Protection Policy

Element Finance Solutions Ltd Data Protection Policy Element Finance Solutions Ltd Data Protection Policy CONTENTS Section Title 1 Introduction 2 Why this Policy Exists 3 Data Protection Law 4 Responsibilities 5 6 7 8 9 10 Data Protection Impact Assessments

More information

Getting your ducks in a row

Getting your ducks in a row Guide 4 Getting your ducks in a row What campaigns can you send? In brief What s happening? The GDPR (General Data Protection Regulation) is a new data protection regulation, bringing greater protection

More information

PS Mailing Services Ltd Data Protection Policy May 2018

PS Mailing Services Ltd Data Protection Policy May 2018 PS Mailing Services Ltd Data Protection Policy May 2018 PS Mailing Services Limited is a registered data controller: ICO registration no. Z9106387 (www.ico.org.uk 1. Introduction 1.1. Background We collect

More information

This guide is for informational purposes only. Please do not treat it as a substitute of a professional legal

This guide is for informational purposes only. Please do not treat it as a substitute of a professional legal What is GDPR? GDPR (General Data Protection Regulation) is Europe s new privacy law. Adopted in April 2016, it replaces the 1995 Data Protection Directive and marks the biggest change in data protection

More information

Data Protection Policy

Data Protection Policy The Worshipful Company of Framework Knitters Data Protection Policy Addressing the General Data Protection Regulation (GDPR) 2018 [EU] and the Data Protection Act 1998 (DPA) [UK] For information on this

More information

General Data Protection Regulation (GDPR) Policy

General Data Protection Regulation (GDPR) Policy General Data Protection Regulation (GDPR) Policy Original prepared on: 01 May 2018 Reviewed on: 01 May 2018 To be reviewed on: 31 March 2019 Prepared by: Ralph Elliott-King - Financial Controller Reviewed

More information

General Data Protection Regulation (GDPR) Key Facts & FAQ s

General Data Protection Regulation (GDPR) Key Facts & FAQ s General Data Protection Regulation (GDPR) Key Facts & FAQ s GDPR comes into force on 25 May 2018 GDPR replaces the Data Protection Act 1998. The main principles are much the same as those in the current

More information

GDPR- the new General Data Protection Regulations. Staff PDM- 2 nd May 2018

GDPR- the new General Data Protection Regulations. Staff PDM- 2 nd May 2018 GDPR- the new General Data Protection Regulations Staff PDM- 2 nd May 2018 What, when, how... It will supersede the Data Protection Act 1998. It sets out new regulations about the sharing of personal data

More information

Enviro Technology Services Ltd Data Protection Policy

Enviro Technology Services Ltd Data Protection Policy Enviro Technology Services Ltd Data Protection Policy 1. CONTEXT AND OVERVIEW 1.1 Key details Rev 1.0 Policy prepared by: Duncan Mounsor. Approved by board on: 23/03/2016 Policy became operational on:

More information

Data protection. 3 April 2018

Data protection. 3 April 2018 Data protection 3 April 2018 Policy prepared by: Ltd Approved by the Directors on: 3rd April 2018 Next review date: 31st March 2019 Data Protection Registration Number (ico.): Z2184271 Introduction Ltd

More information

It s still very important that you take some steps to help keep up security when you re online:

It s still very important that you take some steps to help keep up security when you re online: PRIVACY & SECURITY The protection and privacy of your personal information is a priority to us. Privacy & Security The protection and privacy of your personal information is a priority to us. This means

More information

In this Policy the following terms shall have the following meanings:

In this Policy the following terms shall have the following meanings: NJR TRADING LTD understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of everyone who visits this website, https://bar-tonic.

More information

Islam21c.com Data Protection and Privacy Policy

Islam21c.com Data Protection and Privacy Policy Islam21c.com Data Protection and Privacy Policy Purpose of this policy The purpose of this policy is to communicate to staff, volunteers, donors, non-donors, supporters and clients of Islam21c the approach

More information

Adkin s Privacy Information Notice for Clients, Contractors, Suppliers and Business Contacts

Adkin s Privacy Information Notice for Clients, Contractors, Suppliers and Business Contacts Adkin s Privacy Information Notice for Clients, Contractors, Suppliers and Business Contacts POLICY STATEMENT Adkin is committed to protecting and respecting the privacy of all of our clients. This Policy

More information

You will see lots of references in the Checklist to the GDPR Pack if you would like to purchase this, go to

You will see lots of references in the Checklist to the GDPR Pack if you would like to purchase this, go to Suzanne Dibble 2018. Copyright in this document belongs to Suzanne Dibble. You may not copy or use it for any purpose unless you have purchased this template document from Suzanne Dibble. You may not allow

More information

Privacy notice. Last updated: 25 May 2018

Privacy notice. Last updated: 25 May 2018 Privacy notice Last updated: 25 May 2018 www.courtprice.co.uk ('Website') is provided by Courtprice Limited ('we'/'us'/'our'). In doing so, we may be in a position to receive and process personal information

More information

The GDPR toolkit. How to guide for Executive Committees. Version March 2018

The GDPR toolkit. How to guide for Executive Committees. Version March 2018 The GDPR toolkit How to guide for Executive Committees Version 1.0 - March 2018 Contents Document Purpose... 3 What s included... 3 Step 1 - How to assess your data... 5 a) What is GDPR?... 5 b) Video

More information

Privacy Policy. Information about us. What personal data do we collect and how do we use it?

Privacy Policy. Information about us. What personal data do we collect and how do we use it? This privacy policy sets out the way in which your personal data is handled by Leeds Bradford Airport Limited (referred to as "we", "us" and "our") whether collected through one of the websites we operate,

More information

Introduction to Personal Data Protection DCU Risk & Compliance Office October 2015

Introduction to Personal Data Protection DCU Risk & Compliance Office October 2015 Personal Data Protection Introduction to Personal Data Protection DCU Risk & Compliance Office October 2015 Personal Data Protection - Aims Aims of this presentation 1) Basic definitions 2) 8 principles

More information

PRIVACY POLICY. 1. Introduction

PRIVACY POLICY. 1. Introduction PRIVACY POLICY 1. Introduction 1.1. The Pinewood Studios Group is committed to protecting and respecting your privacy. This privacy policy (together with our Website Terms of Use and Cookies Policy) (Privacy

More information

BELLISSIMA BEAUTY SALON PRIVACY NOTICE

BELLISSIMA BEAUTY SALON PRIVACY NOTICE BELLISSIMA BEAUTY SALON PRIVACY NOTICE Bellissima Beauty Salon( Bellissima, we or us ) are committed to protecting your privacy, including online, and in the transparent use of any information you give

More information

Subject: Kier Group plc Data Protection Policy

Subject: Kier Group plc Data Protection Policy Kier Group plc Data Protection Policy Subject: Kier Group plc Data Protection Policy Author: Compliance Document type: Policy Authorised by: Kier General Counsel & Company Secretary Version 3 Effective

More information

Data Protection Policy

Data Protection Policy Introduction In order to; provide education, training, assessment and qualifications to its customers and clients, promote its services, maintain its own accounts and records and support and manage its

More information

General Data Protection Regulation (GDPR) The impact of doing business in Asia

General Data Protection Regulation (GDPR) The impact of doing business in Asia SESSION ID: GPS-R09 General Data Protection Regulation (GDPR) The impact of doing business in Asia Ilias Chantzos Senior Director EMEA & APJ Government Affairs Symantec Corporation @ichantzos Typical Customer

More information

Polemic is a business involved in the collection of personal data in the course of its business activities and on behalf of its clients.

Polemic is a business involved in the collection of personal data in the course of its business activities and on behalf of its clients. Privacy policy 1 Background This document sets out the policy of Polemic Forensic ABN 60 392 752 759 ( Polemic ) relating to the protection of the privacy of personal information. Polemic is a business

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Status: Released Page 2 of 7 Introduction Our Data Protection policy indicates that we are dedicated to and responsible of processing the information of our employees, customers,

More information

INCLUDE-ED PRIVACY POLICY

INCLUDE-ED PRIVACY POLICY INCLUDE-ED PRIVACY POLICY BACKGROUND: Include-ed Limited understands that your privacy is important to you and that you care about how your personal data is used and shared. We respect and value the privacy

More information

CAREER SERVICES MANAGER, Powered by Symplicity STUDENT AND ALUMNI INSTRUCTION MANUAL

CAREER SERVICES MANAGER, Powered by Symplicity STUDENT AND ALUMNI INSTRUCTION MANUAL CAREER SERVICES MANAGER, Powered by Symplicity STUDENT AND ALUMNI INSTRUCTION MANUAL HOME TAB Log in at https://law-hamline-csm.symplicity.com/students/. Students For students, your login is your email

More information

MBNL Landlord Privacy Notice. This notice sets out how we handle landlord personal data as part of our General Data Protection policies (GDPR).

MBNL Landlord Privacy Notice. This notice sets out how we handle landlord personal data as part of our General Data Protection policies (GDPR). MBNL Landlord Privacy Notice This notice sets out how we handle landlord personal data as part of our General Data Protection policies (GDPR). SUMMARY This Privacy Notice applies to: users of our website

More information

The Provincial Grand Lodge and Chapter of East Lancashire. Data Protection Act 1998

The Provincial Grand Lodge and Chapter of East Lancashire. Data Protection Act 1998 The Provincial Grand Lodge and Chapter of East Lancashire Data Protection Act 1998 Why do I need to read this? If you have access to the systems and records that the Province holds about our members, or

More information

Privacy Notice. Lonsdale & Marsh Privacy Notice Version July

Privacy Notice. Lonsdale & Marsh Privacy Notice Version July Privacy Notice Lonsdale & Marsh understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of all of our clients and will

More information

Outpatient Quality Reporting Program

Outpatient Quality Reporting Program CMS Abstraction & Reporting Tool (CART): Knowing the Basics Presentation Transcript Moderator: Karen VanBourgondien, BSN, RN Education Coordinator, Hospital Outpatient Quality Reporting (OQR) Program Speaker(s):

More information

The information we collect

The information we collect Phone: (02) 8035 8000 Web: www.carnextdoor.com.au Email: info@carnextdoor.com.au Address: Level 3, 55 Pyrmont Bridge Rd, Pyrmont, NSW, 2009 CAR NEXT DOOR PRIVACY POLICY AND CREDIT REPORTING POLICY Last

More information

The West End Community Trust Privacy Policy

The West End Community Trust Privacy Policy The West End Community Trust Privacy Policy We are committed to protecting your personal information and being transparent about what we do with it, however you interact with us. We are therefore committed

More information

INNOVENT LEASING LIMITED. Privacy Notice

INNOVENT LEASING LIMITED. Privacy Notice INNOVENT LEASING LIMITED Privacy Notice Table of Contents Topic Page number KEY SUMMARY 2 ABOUT US AND THIS NOTICE 3 USEFUL WORDS AND PHRASES 4 WHAT INFORMATION DO WE COLLECT? 4 WHY DO WE PROCESS YOUR

More information

This article will explain how your club can lawfully process personal data and show steps you can take to ensure that your club is GDPR compliant.

This article will explain how your club can lawfully process personal data and show steps you can take to ensure that your club is GDPR compliant. GDPR and BMC Clubs Lawful basis for Processing Personal Data This article will explain how your club can lawfully process personal data and show steps you can take to ensure that your club is GDPR compliant.

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY 1 Your Data Protection Responsibilities DATA PROTECTION POLICY 1.1 Everyone has rights with regard to how their personal data is handled. Personal data is any information that a person can be identified

More information

Good afternoon, everyone. Thanks for joining us today. My name is Paloma Costa and I m the Program Manager of Outreach for the Rural Health Care

Good afternoon, everyone. Thanks for joining us today. My name is Paloma Costa and I m the Program Manager of Outreach for the Rural Health Care Good afternoon, everyone. Thanks for joining us today. My name is Paloma Costa and I m the Program Manager of Outreach for the Rural Health Care program. And I m joined by Carolyn McCornac, also Program

More information

About the information we collect We collect and process personal data including but not limited to:-

About the information we collect We collect and process personal data including but not limited to:- Privacy Policy About us TP Supported Accommodation is responsible for collecting, processing, storing and safe keeping of personal information as part of our business activities. We manage information

More information

Beam Suntory Privacy Policy WEBSITE PRIVACY NOTICE

Beam Suntory Privacy Policy WEBSITE PRIVACY NOTICE Beam Suntory Privacy Policy WEBSITE PRIVACY NOTICE Beam Suntory ("we"; "us"; "our") respects your privacy and is committed to protecting your personal information at all times in everything we do. We are

More information

PRIVACY POLICY. 1. Definitions and Interpretation In this Policy the following terms shall have the following meanings:

PRIVACY POLICY. 1. Definitions and Interpretation In this Policy the following terms shall have the following meanings: PRIVACY POLICY BACKGROUND: Entod Research Cell UK Ltd understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of everyone

More information

Terms and conditions of use for the Online and Mobile Banking Service

Terms and conditions of use for the Online and Mobile Banking Service Terms and conditions of use for the Online and Mobile Banking Service Effective from July 2016 Please read these terms and conditions carefully. They re also available on our website and our Mobile Banking

More information

About Us. Privacy Policy v1.3 Released 11/08/2017

About Us. Privacy Policy v1.3 Released 11/08/2017 Privacy Policy v1.3 Released 11/08/2017 About Us THIS PRIVACY POLICY, OUR VIEWER TERMS (hellopupil.com/viewerterms) AND HEALTH & SAFETY GUIDANCE (hellopupil.com/advice) COLLECTIVELY FORM THE TERMS GOVERNING

More information

Keep Track of Your Passwords Easily

Keep Track of Your Passwords Easily Keep Track of Your Passwords Easily K 100 / 1 The Useful Free Program that Means You ll Never Forget a Password Again These days, everything you do seems to involve a username, a password or a reference

More information

Access Rights and Responsibilities. A guide for Individuals and Organisations

Access Rights and Responsibilities. A guide for Individuals and Organisations Access Rights and Responsibilities A guide for Individuals and Organisations This guide is aimed at both individuals and organisations. It is designed to bring individuals through the process of making

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY Introduction The purpose of this document is to provide a concise policy regarding the data protection obligations of Youth Work Ireland. Youth Work Ireland is a data controller

More information

Privacy & Cookie Statement

Privacy & Cookie Statement Privacy & Cookie Statement Version: 8 May 2018 Since day 1, WeTransfer has cared a great deal about privacy and respecting our users. We have always had a lean data policy: no sign up, no install, no retargeting.

More information

A Homeopath Registered Homeopath

A Homeopath Registered Homeopath A Homeopath Registered Homeopath DATA PROTECTION POLICY Scope of the policy This policy applies to the work of homeopath A Homeopath (hereafter referred to as AH ). The policy sets out the requirements

More information

DATA PROTECTION POLICY THE HOLST GROUP

DATA PROTECTION POLICY THE HOLST GROUP DATA PROTECTION POLICY THE HOLST GROUP INTRODUCTION The purpose of this document is to provide a concise policy regarding the data protection obligations of The Holst Group. The Holst Group is a data controller

More information

In this policy, whenever you see the words we, us, our, it refers to Ashby Concert Band Registered Charity Number

In this policy, whenever you see the words we, us, our, it refers to Ashby Concert Band Registered Charity Number ASHBY CONCERT BAND PRIVACY POLICY The privacy and security of your personal information is extremely important to us. This privacy policy explains how and why we use your personal data. We will keep this

More information

Date Approved: Board of Directors on 7 July 2016

Date Approved: Board of Directors on 7 July 2016 Policy: Bring Your Own Device Person(s) responsible for updating the policy: Chief Executive Officer Date Approved: Board of Directors on 7 July 2016 Date of Review: Status: Every 3 years Non statutory

More information

Advocacy Service Guide

Advocacy Service Guide Advocacy Service Guide Advocacy is a means of empowering people by supporting them to assert their views and claim their entitlements and where necessary representing and negotiating on their behalf. Advocacy

More information

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ). PRIVACY POLICY Data Protection Policy 1. Introduction This Data Protection Policy (this Policy ) sets out how Brital Foods Limited ( we, us, our ) handle the Personal Data we Process in the course of our

More information

UWTSD Group Data Protection Policy

UWTSD Group Data Protection Policy UWTSD Group Data Protection Policy Contents Clause Page 1. Policy statement... 1 2. About this policy... 1 3. Definition of data protection terms... 1 4. Data protection principles..3 5. Fair and lawful

More information

Privacy Notice. General Information Protection Regulation ( GDPR )

Privacy Notice. General Information Protection Regulation ( GDPR ) Privacy Notice General Information Protection Regulation ( GDPR ) Please read the following information carefully. This privacy notice contains information about the information collected, stored and otherwise

More information

GDPR - Are you ready?

GDPR - Are you ready? GDPR - Are you ready? Anne-Marie Bohan and Michael Finn 24 March 2018 Matheson Ranked Ireland s Most Innovative Law Firm Financial Times 2017 International Firm in the Americas International Tax Review

More information

Privacy Information - Privacy and Cookies Policy In Full

Privacy Information - Privacy and Cookies Policy In Full Privacy Information - Privacy and Cookies Policy In Full Contents 1. Introduction & General Terms 2. Who are we? 3. What information will Gaucho collect about me? 4. How will Gaucho use the information

More information

UUEAS Privacy policy - Members

UUEAS Privacy policy - Members UUEAS Privacy policy - Members The Union of UEA Students (The Union) is an independent charity, whose primary goal is to represent the students at the University of East Anglia. Every student at UEA is

More information

Spectrum Wellness Privacy Statement

Spectrum Wellness Privacy Statement Spectrum Wellness Privacy Statement This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully

More information

BISHOP GROSSETESTE UNIVERSITY. Document Administration. This policy applies to staff, students, and relevant data subjects

BISHOP GROSSETESTE UNIVERSITY. Document Administration. This policy applies to staff, students, and relevant data subjects BISHOP GROSSETESTE UNIVERSITY Document Administration Document Title: Document Category: Privacy Policy Policy Version Number: 1.0 Status: Reason for development: Scope: Author / developer: Owner Approved

More information

Privacy Notice For Ghana International Bank Plc customers

Privacy Notice For Ghana International Bank Plc customers Privacy Notice For Ghana International Bank Plc customers You may be aware of the European Union s General Data Protection Regulation (GDPR), effective as from 25th May 2018. Ghana International Bank Plc

More information

Mobile Computing Policy

Mobile Computing Policy Mobile Computing Policy Overview and Scope 1. The purpose of this policy is to ensure that effective measures are in place to protect against the risks of using mobile computing and communication facilities..

More information

IAE Professional s (02)

IAE Professional  s (02) IAE Professional Emails (02) TASK ONE: There are three different styles of writing when it comes to communication via email: Formal This is the style of an old-fashioned letter. Ideas are presented politely

More information

Data protection policy

Data protection policy Data protection policy Context and overview Introduction The ASHA Centre needs to gather and use certain information about individuals. These can include customers, suppliers, business contacts, employees

More information

It applies to personal information for individuals that are external to us such as donors, clients and suppliers (you, your).

It applies to personal information for individuals that are external to us such as donors, clients and suppliers (you, your). Our Privacy Policy 1 Purpose Mission Australia is required by law to comply with the Privacy Act 1988 (Cth) (the Act), including the Australian Privacy Principles (APPs). We take our privacy obligations

More information

Privacy Notice Q-UK-PO02

Privacy Notice Q-UK-PO02 1. Scope 1.1. This informs users about the nature, extent, and purpose of the collection and use of personal data by Colt Group Limited and Colt International Limited ( Colt or the Company ). This governs

More information

1 Privacy Statement INDEX

1 Privacy Statement INDEX INDEX 1 Privacy Statement Mphasis is committed to protecting the personal information of its customers, employees, suppliers, contractors and business associates. Personal information includes data related

More information

New Graduate Guide to the Online Application Process

New Graduate Guide to the Online Application Process New Graduate Guide to the Online Application Process April 2018 Before Getting Started This guide is intended to help recent graduates navigate the online portion of the application process and it is not

More information

Privacy Notice - General Data Protection Regulation ( GDPR )

Privacy Notice - General Data Protection Regulation ( GDPR ) THIS PRIVACY NOTICE APPLIES TO ANY PERSON WHO INSTRUCTS AN INDIVIDUAL BARRISTER AT 12 OLD SQUARE CHAMBERS EITHER DIRECTLY OR THROUGH A SOLICITOR OR WHO ASKS THE INDIVIDUAL BARRISTER FOR A REFERENCE Privacy

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Introduction Stewart Watt & Co. is law firm and provides legal advice and assistance to its clients. It is regulated by the Law Society of Scotland. The personal data that Stewart

More information

PRIVACY POLICY BACKGROUND:

PRIVACY POLICY BACKGROUND: PRIVACY POLICY BACKGROUND: SA Designer Parfums Limited understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of everyone

More information

The isalon GDPR Guide Helping you understand and prepare for the legislation

The isalon GDPR Guide Helping you understand and prepare for the legislation The isalon GDPR Guide Helping you understand and prepare for the legislation 01522 887200 isalonsoftware.co.uk Read our guide today to help you plan for the new legislation.. The General Data Protection

More information

Website Acecore Technologies JL B.V.:

Website Acecore Technologies JL B.V.: Privacy policy Acecore Technologies JL B.V. B.V. Acecore Technologies JL B.V. (hereafter: Acecore technologies JL B.V.) focusses on the development and shipping of drones in the creative, industrial and

More information

FIRST TIER COMPLAINTS HANDLING GUIDANCE

FIRST TIER COMPLAINTS HANDLING GUIDANCE FIRST TIER COMPLAINTS HANDLING GUIDANCE 1. This guidance applies to all, CILEx Practitioners and CILEx Authorised Entities. If you are a member working in a regulated by another regulator, you will need

More information

BRIDGEWATER SURGERIES. Privacy Notice

BRIDGEWATER SURGERIES. Privacy Notice BRIDGEWATER SURGERIES Privacy Notice We understand how important it is to keep your personal information safe and secure and we take this very seriously. We have taken steps to make sure your personal

More information

Privacy Policy. Revisions to this Policy. What Information we collect. How do we collect Information?

Privacy Policy. Revisions to this Policy. What Information we collect. How do we collect Information? Privacy Policy Construction Supply & Service Last Updated May 2014. Construction Supply & Service ABN 16 010 489 326 ("CSS/us/we/our") respects the privacy of individuals. This Policy sets out the way

More information

PRIVACY POLICY. 1. Definitions and Interpretation In this Policy the following terms shall have the following meanings:

PRIVACY POLICY. 1. Definitions and Interpretation In this Policy the following terms shall have the following meanings: PRIVACY POLICY BACKGROUND: Leaman Mattei Limited (LM) understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of everyone

More information

South Hams Motor Club Our Privacy Policy. How do we collect information from you? What type of information is collected from you?

South Hams Motor Club Our Privacy Policy. How do we collect information from you? What type of information is collected from you? South Hams Motor Club Our Privacy Policy At South Hams Motor Club (SHMC) we are committed to protecting and preserving the privacy of our customers when attending our events, visiting our website or communicating

More information

General Data. Protection Regulations MAY Martin Chapman Head of Ops & Sales Microminder. Presentation Micro Minder Ltd 2017

General Data. Protection Regulations MAY Martin Chapman Head of Ops & Sales Microminder. Presentation Micro Minder Ltd 2017 General Data Please note: - This legislation is untested and open to interpretation. - I am not a Privacy or Data Protection Solicitor. - Should you have any concerns or queries please seek legal advice

More information

Recruitment Guide for External Applicants

Recruitment Guide for External Applicants Directorate General Human Resources, Budget and Organisation ECB-PUBLIC Recruitment Guide for External Applicants 19 June 2012 Page 1 Table of Contents 1. Getting Started with SAP e-recruiting 3 1.1 Searching

More information

General Data Protection Regulations (GDPR)

General Data Protection Regulations (GDPR) Wrekinsport CC General Data Protection Regulations (GDPR) The GDPR legislation comes in to force across the EU from the 25 th May 2018. From this time, organisations across the EU need to be working towards

More information

Data Subject Access Request

Data Subject Access Request Data Subject Access Request DATA PROTECTION ACT 1998 Version: 10.0 Approval Status: Approved Document Owner: Graham Feek Classification: Internal Review Date: 03/07/2017 Effective from: 1 July 2015 Table

More information

Privacy Policy. Full name and contact details (including your contact number, and postal address).

Privacy Policy. Full name and contact details (including your contact number,  and postal address). 01326 270212 sales@htiddy.co.uk www.htiddy.co.uk Privacy Policy This privacy notice sets out how we will process personal data we collect from or about you, or which you provide to us. Please read this

More information

GDPR Compliance. Clauses

GDPR Compliance. Clauses 1 Clauses GDPR The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a privacy and data protection regulation in the European Union (EU). It became enforceable from May 25 2018. The

More information

De Montfort Students Union Student Data Privacy Statement

De Montfort Students Union Student Data Privacy Statement De Montfort Students Union Student Data Privacy Statement Introduction De Montfort Students Union (DSU) promises to respect any personal data you share with us, or that we get from other organisations

More information

Privacy and Data Protection Policy

Privacy and Data Protection Policy Privacy and Data Protection Policy Introduction 1. The Ripple Pond is committed to ensuring the secure and safe management of personal data held by the Charity in relation to Beneficiaries, Staff, Trustees,

More information

Privacy Notices under #GDPR: Have you noticed my notice?

Privacy Notices under #GDPR: Have you noticed my notice? Privacy Notices under #GDPR: Have you noticed my notice? As you all know by now the General Data Protection Regulation (GDPR) is here and it is (as predicted) starting to get various people fired up ready

More information

Terms & Conditions. Privacy, Health & Copyright Policy

Terms & Conditions. Privacy, Health & Copyright Policy 1. PRIVACY Introduction Terms & Conditions Privacy, Health & Copyright Policy When you access our internet web site you agree to these terms and conditions. Bupa Wellness Pty Ltd ABN 67 145 612 951 ("Bupa

More information

Toucan Telemarketing Ltd.

Toucan Telemarketing Ltd. Toucan Telemarketing Ltd. GDPR Data Protection Policy Introduction Toucan Telemarketing is committed to protecting the rights and freedoms of data subjects and safely and securely processing their data

More information

Privacy Notice for firstdirect.com

Privacy Notice for firstdirect.com Privacy Notice for firstdirect.com Your privacy Your privacy is important to us. This notice (Privacy Notice) applies to personal information we collect from you when you use this site. If you re an HSBC

More information

Badminton England - Data protection Guidance for clubs and counties.

Badminton England - Data protection Guidance for clubs and counties. Badminton England - Data protection Guidance for clubs and counties. This leaflet is intended to provide general guidance for clubs and counties with respect to data protection. It does not however capture

More information

NHS Education for Scotland Portal https://www.portal.scot.nhs.uk Dental Audit: A user guide from application to completion

NHS Education for Scotland Portal https://www.portal.scot.nhs.uk Dental Audit: A user guide from application to completion Dental Audit: A user guide from application to completion 1. Audit Guidance 2. New Application: Getting Started 3. New Application: The Audit Application Form 4. New Application: Submitting Your Application

More information

The GDPR: what it is and what it means for Freelance Dietitians

The GDPR: what it is and what it means for Freelance Dietitians The GDPR: what it is and what it means for Freelance Dietitians Nan Millette, MEd, RD Panellists: Mariette Abrahams Rebecca McManamon Tracey Clarke Overview Disclaimer What is GDPR? BDA Data Protection

More information

Privacy Policy Inhouse Manager Ltd

Privacy Policy Inhouse Manager Ltd Privacy Policy Inhouse Manager Ltd April 2018 This privacy statement is designed to tell you about our practices regarding the collection, use and disclosure of information held by Inhouse Manager Ltd.

More information

GDPR AND WHAT IT MEANS FOR CRM AND CUSTOMER ENGAGEMENT MAY. A 7-step practical guide to achieving and maintaining GDPR compliance by 25 May 2018

GDPR AND WHAT IT MEANS FOR CRM AND CUSTOMER ENGAGEMENT MAY. A 7-step practical guide to achieving and maintaining GDPR compliance by 25 May 2018 GDPR AND WHAT IT MEANS FOR CRM AND CUSTOMER ENGAGEMENT MAY 25 2018 A 7-step practical guide to achieving and maintaining GDPR compliance by 25 May 2018 A 7-step practical guide to achieving and maintaining

More information

Cognizant Careers Portal Privacy Policy ( Policy )

Cognizant Careers Portal Privacy Policy ( Policy ) Cognizant Careers Portal Privacy Policy ( Policy ) Date: 22 March 2017 Introduction This Careers Portal Privacy Policy ("Policy") applies to the Careers portal on the Cognizant website accessed via www.cognizant.com/careers

More information