Our data protection policy sets out our arrangements for processing and controlling personal data in accordance with the Data Protection Act and the General Data Protection Regulations (GDPR). This statement explains how we implement that commitment with regards to the collection and use of personal data.
Personal data means any information relating to a person that means they can be identified either directly or indirectly.
The categories of data that we collect and process includes information such as personal data (name, address, DOB etc.), financial details (i.e. bank account details for payment) and previous employment details.
Data protection accountability principles
• Personal data shall be processed fairly and lawfully.
• Personal data shall be obtained for one or more specified and lawful purposes namely legal, contractual or consensually
• Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
• Personal data shall be accurate and, where necessary, kept up to date.
• Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
• Personal data shall be processed in accordance with the rights of data subjects under the Data Protection Act and General Data Protection Regulation (GDPR).
• Appropriate technical and organisational measures shall be taken against unauthorised and unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
• Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
We are committed to:
• Meeting our legal obligations as laid down by the Data Protection Act and General Data Protection Regulations
• Fully implementing company procedure DP 07 Data Protection, copy available on request
• Ensuring that data is collected and used fairly and lawfully and in a transparent manner
• Processing personal data only in order to meet our operational needs or fulfill legal requirements. All information obtained and processed will be for one of the following lawful basis’ – an individual has given consent, there is a contractual reason for obtaining the information, we require the information to fulfil our legal obligations
• Taking steps to ensure that personal data is up to date and accurate and not excessive for the purpose it is being used for
• Ensuring that data subjects’ rights can be appropriately exercised
• Providing adequate security measures to protect personal data
• Ensuring that a nominated officer is responsible for data protection compliance and provides a point of contact for all data protection issues
• Providing adequate training for all staff responsible for personal data
• Ensuring that everyone handling personal data knows where to find further guidance
• Ensuring that queries about data protection, internal and external to the organisation is dealt with effectively and promptly and within one month of a request
• Regularly reviewing data protection procedures and guidelines within the organisation
Individuals have the right to request to access the personal data held by Hercules and obtain confirmation that their data is being processed correctly. This is called a ‘subject access request’. Subject access requests can be made by emailing firstname.lastname@example.org stating your name, contact details and reason for request. On receipt of a subject access request verification of the identity of the individual making the request will be obtained prior to responding. Information will be provided within one month of the initial request and will be provided free of charge unless the request is unfounded or excessive i.e. repetitive. Individuals also have the ‘right to be forgotten’ and to restrict processing of their date. Further details can be obtained by emailing email@example.com
All relevant members of staff will be made fully aware of this policy and of their duties and responsibilities under the regulations. All contractors who are users of personal information supplied by us will be required to abide by the requirements of the Act with regard to information supplied by us.
The Managing Director shall review this policy annually or following significant changes.
Hercules Site Services Ltd
Download a copy