Guardian Electrical Compliance Ltd DATA PROTECTION GDPR REGULATIONS POLICY

Similar documents
DATA PROTECTION POLICY THE HOLST GROUP

Subject: Kier Group plc Data Protection Policy

UWTSD Group Data Protection Policy

ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION

Data Protection Policy

Islam21c.com Data Protection and Privacy Policy

HOW WE USE YOUR INFORMATION

PS Mailing Services Ltd Data Protection Policy May 2018

Data Protection Policy

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

General Legal Requirements under the Act and Relevant Subsidiary Legislations. Personal data shall only be processed for purpose of the followings:

Motorola Mobility Binding Corporate Rules (BCRs)

Data Protection Policy

DATA PROTECTION POLICY

UWC International Data Protection Policy

Data Protection Policy

Made In Hackney Data Protection Policy Last Updated:

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

Brasenose College ICT Systems Privacy Notice (v1.2)

DEPARTMENT OF JUSTICE AND EQUALITY. Data Protection Policy

PRIVACY POLICY. 3.1 This policy does not apply to the collection, holding, use or disclosure of personal information that is an employee record.

Staff and Recruitment Privacy Notice Your personal information

Rights of Individuals under the General Data Protection Regulation

Data Protection Policy

Privacy Notice. General Information Protection Regulation ( GDPR )

DATA PROTECTION POLICY

INNOVENT LEASING LIMITED. Privacy Notice

DATA PROTECTION IN RESEARCH

Introductory guide to data sharing. lewissilkin.com

Adkin s Privacy Information Notice for Clients, Contractors, Suppliers and Business Contacts

Creative Funding Solutions Limited Data Protection Policy

This policy also applies to personal information about you that the Federation collects from any other third party.

The British Museum. Data Protection Code of Practise. 1 Introduction

MBNL Landlord Privacy Notice. This notice sets out how we handle landlord personal data as part of our General Data Protection policies (GDPR).

Privacy Policy Inhouse Manager Ltd

Cognizant Careers Portal Privacy Policy ( Policy )

Cognizant Careers Portal Terms of Use and Privacy Policy ( Policy )

About the information we collect We collect and process personal data including but not limited to:-

General Data Protection Regulation (GDPR) Key Facts & FAQ s

The Data Protection Act 1998 and the Use of Personal Data for IT Administration

Privacy notice. Last updated: 25 May 2018

NWQ Capital Management Pty Ltd. Privacy Policy. March 2017 v2

Xpress Super may collect and hold the following personal information about you: contact details including addresses and phone numbers;

Catalent Inc. Privacy Policy v.1 Effective Date: May 25, 2018 Page 1

Requirements for a Managed System

Element Finance Solutions Ltd Data Protection Policy

Privacy Notice - General Data Protection Regulation ( GDPR )

Ambition Training. Privacy Policy

Privacy and Data Protection Policy

Little Blue Studio. Data Protection and Security Policy. Updated May 2018

This article will explain how your club can lawfully process personal data and show steps you can take to ensure that your club is GDPR compliant.

Privacy Shield Policy

UUEAS Privacy policy - Members

Polemic is a business involved in the collection of personal data in the course of its business activities and on behalf of its clients.

What personal data or information do we collect? The personal information we collect may include:

PRIVACY NOTICE VOLUNTEER INFORMATION. Liverpool Women s NHS Foundation Trust

PRIVACY STATEMENT. The Island with Bear Grylls (the Programme ) Introduction and main purposes

TINOPOLIS PRIVACY NOTICE

Cayman Islands Data Protection Law Guide Book

Privacy Policy Wealth Elements Pty Ltd

Privacy Policy GENERAL

NCG Carlisle College Privacy Statement

ADMA Briefing Summary March

A Homeopath Registered Homeopath

Privacy Policy Statement Last update 25 th May 2018.

Plus500UK Limited. Website and Platform Privacy Policy

INFORMATION TO BE GIVEN 2

Wesley House data protection statement and privacy notice (short-course delegates)

Data Protection Policy

1 Privacy Statement INDEX

Down Under Centre Employment Hub - Privacy Policy Introduction

Contract Services Europe

THE DATA PROTECTION ACT (1998) AND YOUR CLUB/COUNTY ASSOCIATION

Data Protection Policy

Data Protection policy

WEBSITE PRIVACY POLICY

Data protection legal jungle or common sense Susan Healy. Religious Archives Group 22 Mar 2010

DATA PROTECTION ISACA MALTA CHAPTER BIENNIAL CONFERENCE Saviour Cachia Commissioner for Information and Data Protection

General Data Protection Regulation (GDPR) Policy

Privacy and Spam Policy Ten Tigers Grain Marketing Pty Ltd

Beam Suntory Privacy Policy WEBSITE PRIVACY NOTICE

Data Privacy Notice. Madsen Advisory Limited ("Madsen") is committed to protecting and respecting your privacy.

This Privacy Policy governs our processing of all personal data provided to us at Environmental Essentials in relation to our E-learning services.

GLOBAL DATA PROTECTION POLICY

GLOBAL DATA PROTECTION POLICY

Link Exhibitions Privacy Policy

INFORMATION TO BE GIVEN 2

The Data Protection Act 1998

Privacy Policy. Company registry number: Budapest, Gönczy Pál utca em. Homepage: contact: Phone:

Data Protection Privacy Notice

Whiteinch and Scotstoun Housing Association and WS Property Management Ltd. Privacy Policy

Motor Sports Association. Data Protection Policy

Our privacy statement Who are we? Your acceptance of this statement Changes to this privacy statement What is personal data?

1.7 The Policy sets out the manner by which the University will respond to Subject Access Requests.

Privacy Notice For Ghana International Bank Plc customers

These pieces of information are used to improve services for you through, for example:

PRIVACY NOTICE STORM RECRUITMENT UNIT 11, 2 ND FLOOR CHARLESLAND CENTRE, GREYSTONES, CO. WICKLOW 1. INTRODUCTION

Frequently Asked Questions

Vistra International Expansion Limited PRIVACY NOTICE

RVC DATA PROTECTION POLICY

Transcription:

1. Statement of Policy (Guardian) needs to collect and use certain types of information about the Individuals or Service Users with whom they come into contact in order to carry on our work. This personal information must be collected and dealt with appropriately whether it is collected in written form, stored in a computer database, or recorded on other material. Data is collected and processed in such a way as to fully comply with the General Data Protection Regulations 2018 (GDPR). Our policy is designed to comply with the principles of GDPR in order to ensure that data is processed: i. In a fair and lawful manner ii. iii. iv. For specific and lawful purposes It is adequate, relevant and not excessive It is accurate and up to date v. Retention period for data is reasonable and in accordance with the stated purpose vi. vii. viii. Access rights to personal data is in accordance with GDPR Regulations Data is securely retained Data transfer is provided for securely where applicable Policy Statement Reviewed and Signed 06/04/2018: John Quick Director

2 Compliance with GDPR 2.1 Fair and Lawful processing of data Data will always be collected, processed and retained where Guardian have legitimate grounds for its collection and use. Data will not be used in ways that have unjustified adverse effects on the individuals concerned Guardian will always be transparent about how they intend to use the data and will give individuals appropriate privacy notices when collecting their personal data; Guardian will only handle personal data in ways the owner would reasonably expect Guardian will ensure that no unlawful use is made of the data. Fair processing of data requires transparency, meaning that we are clear and open with individuals about how their information will be used and for what purpose. Guardian will not disclose or sell data to a third party. 2.2 Specific use of data Guardian will endeavour to be clear from the outset about why personal data is being collected and what it is intended be used for. In accordance with GDPR requirements Guardian will give the appropriate privacy notices to data owners when it is collected. Guardian will comply with GDPR regulations as far as notifying the Information Commissioner is concerned Guardian will ensure that use of data for any purpose that is additional to or different from the originally specified purpose, the new use or disclosure will be fair and compatible with the original purpose. 2.3 Sufficiency of Data In accordance with the principle of data minimisation Guardian will ensure that data held will be sufficient for the purpose for which it is being held and no more information will be held than is necessary to fulfil the stated purpose. 2.4 Accuracy and currency of data All data will so far as is reasonably practicable be checked on an ongoing basis for accuracy and to ensure that the information is up to date. In particular data relating to staff records will be updated as soon as more current information is made available to the Company. 2.5 Retention of data Data processed for the stated purpose will not be kept for longer than is necessary for that purpose. Compliance with this principle will mean that data will be: Reviewed periodically the timeliness of retention. Consider the intended purpose for use of the data when determining retention periods Securely delete data that is no longer required Update, archive or securely delete information if it goes out of date.

2.6 Individual rights of access to data Guardian will safeguard the rights provided under the Regulations of any individual for whom data is held. Individual rights as described in the Regulations are summarised as follows: The right of access to a copy of the information comprised in their data The right to object to data processing that is likely to cause or is causing damage or distress The right to prevent processing for direct marketing The right to object to decisions being taken by automated means The right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed The right to claim compensation for damages caused by a breach of the Act. 2.7 Security of Data * Appropriate security will remain in place to prevent any data being accidentally or deliberately compromised. Stephen Greenhalgh is responsible for ensuring data security. * See Guardian Data Security Policy. 2.8 Damage or Distress caused by processing of data Guardian will endeavour to obviate any consequential damage or distress which may be caused by the processing of personal data. In particular information or comments which may have a negative effect will be avoided. 2.9 Preventing Direct Marketing Direct marketing includes any means by which contact can be made including mailshots, emails and text messaging. Where anyone gives written notice to stop (or not begin) using their data for direct marketing such notice will be complied with within a reasonable period usually within twenty eight days. Notice can also comprise an electronic indication contained within an email or web page. Guardian s policy is to only initiate direct marketing to qualified contacts. Qualified contacts are those organisations who have been previously contacted by telephone and permission has been elicited to make further contact perhaps by mailshot and/or email. 2.10 Contact notification and Opt-in Marketing is not normally carried out by cold contact with prospective clients. Prospects are qualified as to various characteristics including their size and viability and their likely requirement for our services. Initial contact is made via telephone and the contact details for further approach, usually an email address is ascertained from the initial client contact. Permission is sought to provide further information via post and email. The first email contact made after this conversation includes the following endorsement:

Data Protection and Privacy. In accordance with the General Data Protection Regulations May 2018 we are making contact with you either in connection with the existing relationship that exists between us or because we have had permission from a member of your staff to contact you. We may contact you from time to time to provide information about our services or to provide advice and guidance as to your legal obligations with respect to the safe use of electricity at your site(s). We only hold the necessary basic data to enable us to communicate with you either because it is in our legitimate interest to do so, to fulfil a contract, to renew a contract, to provide information, or to fulfil a legal obligation. At any time you may change or re-state your preferred method of contact, i.e. mail, email or face to face appointment. An opportunity to state your current preference is included below. We will never sell your data and will never make it available to a third party unless there is a legal obligation to do so. If you do not wish us to communicate with you in future please contact us at info@guardianelectrical.co.uk or opt out by checking the box at the bottom of this message. I would prefer to be contacted by: Mail / Email / Direct Appointment - Delete as necessary I do not wish to be contacted in future Tick if applicable 2.11 Deletion or suppression of data If a contact requests that we delete their data, we will normally suppress the data we hold. This involves our deleting all data apart from the minimum amount which will enable us to respect the contacts preferences in future. It is necessary to hold this minimal data in order to ensure that contacts are not inadvertently re-entered on to our database. 2.12 Automated decision taking No part of our data processing will involve automated decision making unless: We are authorised or required by a legal obligation It is in preparation for, or in relation to, a contract with the organisation concerned 2.13 Correcting inaccurate personal data Where data is shown to be inaccurate, we will correct such data within twenty eight days. The organisation concerned will have every right to have the entry rectified, blocked, erased or destroyed. Where the inaccurate information has been received from a third party or from the contact organisation or individual themselves, Guardian will not be held responsible for the inaccuracy other than to take reasonable measures to ensure the continuing accuracy of the data and to correct it when the anomalies are apparent. 2.14 Sending personal data outside the European Economic Area (EEA). Guardian s core activities are based within the UK only and no data will be transferred outside the EEA.

2.15 Conditions for processing At all times Guardian will endeavour to ensure that data is processed in a fair and legal manner. In determining the conditions for processing the following summary applies to our data processing: Status Data held How collected Means of contact Prospective Business Name* Direct request by Email interest in our Business Address* telephone or letters. Direct Mail services Contact Name Response to mailing Telephone Gathering Contact Email or email information for Use of our website business Surveys reasons Attending seminars Permission Reason for collection Contact agreed When it is verbally or in in our writing, by legitimate direct contact interest. with company When representative consent to Via electronic it is opt-in. provided. Introduction via Group related company Existing Customer Business Name* Business Address* Contact Name Contact Email Account data including company details, billing details etc. Technical data associated with electrical inspection and testing of customers assets and installation Direct request by telephone or letters. Response to mailing or email Surveys Account details completed by company representative ** Data entered onto TraQit hosted website completed on site by Guardian staff ** Data entered onto TraQit hosted website by customer staff ** Email Direct Mail Telephone Use of TraQit website via login and personal password provided as part of contract. Existing contractual arrangement Direct permission from Company representative To fulfil a contract To renew a contract To provide informatio n To fulfil a legal obligation Guardian Staff Personal data Entered personally or by a member of staff at induction and on an ongoing basis Direct entry Voluntary submission by staff member Direct by employee after notice and details provided To conduct employment Required by legal obligation * Data available in public domain. ** For Data entered by customer Guardian is a Data Processor, for all other data Guardian is a Data Controller.

2.16 Exemptions Any exemptions from our responsibilities under the Regulations will consist of minimum departures from the Act s provisions. These will generally relate to processing personal data for purposes relating to criminal justice and taxation. 2.17 Complaints If a complaint against our data processing activities arises it will be dealt with in accordance with our Customer Complaints procedures as part of our BS EN ISO 9001:2010 procedures even if the complainant is not an existing customer. This means that the complaint handling will be supervised by a Director and will be responded to within seven days. Response will include clarification of how the data has been processed and an explanation of how any anomalies will be corrected. 2.18 Anonymisation Guardian considers that the practice of anonymisation of data does not apply to the methods we use to process data. 2.19 Big data, artificial intelligence (AI) and machine learning At the time of issue of this policy, these techniques do not apply to Guardian s data processing activities. 2.20 CCTV Guardian does not use CCTV in its core activities. 2.21 Data sharing Guardian does not share data with any third parties other than those that have a legal authority to request it. 2.22 Employment Data Guardian processes data in connection with the employment of its staff and prospective staff in accordance with The Employment Practices Code issued by the Information Commissioner. Persons to whom this applies include: Applicants for employment (successful and unsuccessful) Former applicants (successful and unsuccessful) Employees (current and former) Contract staff (current and former) Information to which these provisions relates includes: Information which identifies a person Biographical data relating to a living person that would affect the person s privacy

The format of the data would normally be by computerised and/or automated methods to enable ready access by authorised enquirers. Data processed would include the following: Details of individual salary and bank account held on computer records E-mail data concerning any incidents involving the named worker Supervisor s or management s notes providing input into a computerised personnel file Individual personnel files in various searchable formats including application details, leave record and performance reviews and appraisals Records of previously completed application forms Health records provided on a voluntary basis. Correspondence relating to employment, deployment, promotion and disciplinary proceedings. 2.23 Sensitive Data Sensitive Data includes information relating to a person s: Racial or ethnic origin * Political opinions * Religious beliefs or other beliefs of a similar nature * Trade union membership perhaps to enable collection and distribution of Union contributions Physical or mental health or condition to enable compliance with Disability and Equality Regulations Sexual life * Commission or alleged commission of any offence and any associated court proceedings in compliance with the Company s legal obligations * Not normally collected except perhaps to ensure individual human rights are not breached in any way. Notwithstanding the Company s legal obligations, persons listed under section 2.22 2.24 of this Policy are responsible for the accuracy of any information they provide to the Company which are used to constitute records. 2.24 Employee Opt-in At initial induction and on an ongoing basis as required staff will be requested to provide permission for their personal data to be processed. As part of this communication individuals will be provided with details of what data is being processed, the purpose for its collection and assurance as to the security, retention and disposition of their records Permission will normally be by means of a standard proforma issued at the start of employment during induction or at an appropriate point in their employment. Individuals will be requested to sign the proforma to indicate their permission. Copies of completed opt-in forms will be retained in personnel records

2.25 Online Data collection and Apps The following principles applies to the on-line collection of data: Consideration will be made for the absolute need for the data being collected. The Company will be clearly identified in any contact methods as well as the reason for data collection Contact information will always kept securely Contacts will always be given a choice as to whether marketing material will be sent to them Only information that will be actually used will be collected Requests via subject access requests will be acknowledged and acted upon within twenty eight days Users of on-line services will be given regular opportunity to check details held for accuracy and currency Our TraQit App does not use personal data but only collects and displays technical information relating to clients equipment etc. 3 Data Controller Where data is initiated and/or entered by members of Guardian s staff we consider that Guardian is the Data Controller under such circumstances. Where data is initiated and/or entered by the client as in updating online records, submission by staff of their own data information, we consider that Guardian is a Data Processor. 4 Distribution and Review This Policy will be distributed to all interested parties by means of the Company intranet. It will be reviewed at least annually and on an ongoing basis as required. Policy Reviewed and Signed 06/04/2018: John Quick Director

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback