What this policy covers
This policy details your rights and obligations in relation to your personal data and the personal data of third parties that you may come into contact with during the course of your employment.
If you have access to the personal data of employees or of third parties, you must comply with this Policy. Failure to comply with the Policy and procedures may result in disciplinary action up to and including dismissal without notice.
Your entitlements
Personal Data means data held either on a computer or in a paper-based filing system which relates to a living individual who can be identified from that data.
The General Data Protection Regulation which came into force 25 May 2018 prescribes the way in which the Company may collect, retain and handle personal data. The Company will comply with the requirements of the General Data Protection Regulation and all employees and contractors who handle personal data in the course of their work must also comply with it.
The purposes for which your personal data may be held by the Company
Personal data relating to employees may be collected by the Company for the purposes of:
- recruitment, promotion, training, redeployment and / or career development, such as references, CVs and appraisal documents
- administration and payment of wages, such as emergency contact details and bank/building society details
- calculation of certain benefits including pensions
- disciplinary or grievance issues
- performance management purposes and performance review
- recording of communication with employees and their representatives
- compliance with legislation
- provision of references to financial institutions, to facilitate entry onto educational courses and/or to assist future potential employers and
- staffing levels and career planning
Sensitive personal data
Sensitive personal data includes information relating to the following matters:
- your racial or ethnic origin
- your political opinions
- your religious or similar beliefs
- your trade union membership
- your physical or mental health or condition
- your sex life, or
- the commission or alleged commission of any offence by you
Processing of sensitive data
The Company will process sensitive data primarily where it is necessary to enable the Company to meet its legal obligations and in particular to ensure adherence to health and safety and vulnerable groups protection legislation or for equal opportunities monitoring purposes. In most cases, the Company will not process sensitive personal data without your consent.
Procedure
Accuracy of personal data
The Company will review personal data regularly to ensure that it is accurate, relevant and up to date.
To ensure the Company’s files are accurate and up to date, and so that the Company is able to contact you or, in the case of an emergency, another designated person, you must notify the Company as soon as possible of any change in your personal details (e.g., change of name, address, telephone number, loss of driving licence where relevant, next of kin details, etc.).
Security of personal data
The Company will ensure that personal data is not processed unlawfully, lost or damaged. If you have access to personal data during the course of your employment, you must also comply with this obligation. If you believe you have lost any personal data in the course of your work, you must report it to your manager immediately. Failure to do so may result in disciplinary action up to and including dismissal without notice.
Access to personal data [“subject access requests”]
The General Data Protection Regulation gives you the right to access the personal data held about you by the Company.
The Company will arrange for you to see or hear all personal data held about you within one month of receipt of a written request.