Copyright © 2014 Marsh Industries Limited. All Rights Reserved. | Privacy Policy | WEB DESIGN & DEVELOPMENT by
Policy information | |
|---|---|
Bespoke Sewage Treatment Plant | The board of directors have agreed that The Managing Director determines the purposes for which and the manner in which any personal data are held, or are to be processed. |
The scope of policy | The policy applies to all sites and offices the Managing Director is responsible for. BSTP has instructed our agencies to ensure full compliance with all and future UK & EU legislation |
Policy operational date | The policy will be reviewed every 3 years |
Policy prepared by | The Directors of BSTP |
Date approved by Board/ Management Committee | This policy was approved on the 22nd January 2018 |
Policy review date | Review December 2020 |
Introduction | |
|---|---|
Purpose of policy | BSTP has introduced this policy:
|
Types of data | Employees and customer details will be covered by this policy. For further data please visit the government website |
Policy statement | BSTP will:
Please note the guidance from BSTP on when breaches should be reported as this is one of the main changes from the current Data Protection Act and GDPR |
Key risks | BSTP will to its best endeavours prevent
|
Responsibilities | |
|---|---|
The Board / Company Directors | Have overall responsibility for ensuring that the organisation complies with its legal obligations. |
Data Protection Officer | The Managing Director is responsible for
|
Outside Organisations | BSTP will seek advice from the EEF, Northgate Arinso & its professional advisors to ensure compliance. |
Employees & Volunteers | All staff and volunteers are required to read, understand and accept policies and procedures that relate to the personal data they may handle in the course of their work. |
Enforcement | Breaches in compliance with Data Protection may result in disciplinary action |
Security | |
|---|---|
Scope | Business Continuity is included below but you may want to move this to a separate policy |
Setting security levels | Brightwell Marketing & Blue Moon Computer Services will ensure adequate IT security systems are in place and maintained |
Security measures | BSTP will ensure its IT, Computer consultants and marketing companies have a fully compliant system. The company Lawyers will address any breach in compliance by third parties. |
Data recording and storage | |
|---|---|
Accuracy | BSTP will have measures in place to ensure data accuracy. For example, where information is taken over the telephone, how is it checked back with the individual? If the information is supplied by a third party, what steps will be taken to ensure or check its accuracy? |
Updating | Please note the separate requirements for the data we hold. For example, we cannot keep CVs for more than 6 months unless we have express permission from the candidates |
Storage | All information is stored electronically where ever possible |
Retention periods | A maximum period of 2 years with permission from individuals |
Archiving | The company stores invoices, its own bank information for 10 years employee data is held only when employed by the company |
Right of Access | |
|---|---|
Responsibility | the directors are responsible for ensuring that right of access requests are handled within the legal time limit which is one month |
Procedure for making request | Right of access requests must be in writing. There should be a clear responsibility for all employees to pass on anything which might be a subject access request to the appropriate person without delay. |
Provision for verifying identity | Where the person managing the access procedure does not know the individual personally there should be provision for checking their identity before handing over any information |
Procedure for granting access | If the request is made electronically, we will provide the information in a commonly used electronic format. The GDPR includes a best practice recommendation that, where possible, organisations should be able to provide remote access to a secure self-service system which would provide the individual with direct access to his or her information |
Transparency | |
|---|---|
Commitment | BSTP will explain its commitment to ensuring that Data Subjects are aware that their data is being processed and
|
Procedure | When BSTP deems there are standard ways for each type of Data Subject to be informed, these will be given, for example:
|
Responsibility | Individuals in the company are responsible for their actions when passing on information outside of working hours and the company premises. |
Lawful Basis | |
|---|---|
Underlying principles | GDPR states we must record the lawful basis for the personal data we hold a |
Opting out | BSTP is not relying on consent, but will give people the opportunity to opt out of their data being used in particular ways |
Withdrawing consent | BSTP the organisation may wish to acknowledge that, once given, consent can be withdrawn, but not retrospectively. There may be occasions where the organisation has no choice but to retain data for a certain length of time, even though consent for using it has been withdrawn |
Employee training & Acceptance of responsibilities | |
|---|---|
Induction | All employees who have access to any kind of personal data will have their responsibilities outlined during their induction procedures |
Continuing training | There are opportunities to raise Data Protection issues during employee training, team meetings, supervisions, etc. |
Procedure for staff signifying acceptance of policy | The policy will be included in the Company Handbook |
Policy review | |
|---|---|
Responsibility | The board of directors are responsible for the review |
Procedure | Site Manager will be briefed on Data Protection regulation |
Timing | Review will be completed by December 2020 |
This website uses cookies. By using this website and agreeing to this policy, you consent to BSTP’s use of cookies in accordance with the terms of this policy.
Cookies are files sent by web servers to web browsers and stored by the web browsers.
The information is then sent back to the server each time the browser requests a page from the server. This enables a web server to identify and track web browsers.
There are two main kinds of cookies: session cookies and persistent cookies. Session cookies are deleted from your computer when you close your browser, whereas persistent cookies remain stored on your computer until deleted, or until they reach their expiry date.
BSTP uses the following cookies on this website, for the following purposes.
When visiting this website you choose your language. BSTP stores this information so when you re-visit you are taken directly to the appropriate website.
Most browsers allow you to refuse to accept cookies.
In Internet Explorer, you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector.
In Firefox, you can adjust your cookies settings by clicking “Tools”, “Options” and “Privacy”.
Blocking cookies will have a negative impact upon the usability of some websites.
Copyright © 2014 Marsh Industries Limited. All Rights Reserved. | Privacy Policy | WEB DESIGN & DEVELOPMENT by