Privacy Policy

Data Protection Policy – Union Pipe Ltd

 

 

Policy information

Organisation

Union Pipe Ltd

 

Scope of policy

This policy applies to all staff, contractors, agents and representatives working for or on behalf of Union Pipe Ltd, and is available on request. This policy can be made available in large print or other accessible format if required. This policy applies to all personal data processed by Union Pipe Ltd and held electronically or manually.

Policy operational date

24/05/2018

 

Policy prepared by

Director/Appointed Data Protection Officer

 

Date approved by Board/ Management Committee

24/05/2018

Policy review date

24/05/2021

 

 

 

Introduction

Purpose of policy

·         complying with the law: REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016

·         following good practice

·         protecting clients, staff and other individuals

·         protecting the organisation

 

Types of data

 

Personal Data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

 

Sensitive Data:

 

·    The racial or ethnic origin of the individual

·    Political opinions or affiliations

·    Religious beliefs or other beliefs of a similar nature

·    Membership of a trade union

·    Physical or mental health or condition

·    Sexual life

·    Commission or alleged commission of any offence

·    Any proceeding for any offence committed or alleged to have been committed or disposal of such proceedings or the sentence of court in such proceedings

·    Bank account details, any official identification details such as passport or driving licence numbers etc.

 

 

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/special-category-data/

 

Individual Rights

Union Pipe Ltd recognise that individuals have the following rights in relation to personal data/information;

the right to be informed;

·    the right of access;

·    the right to rectification;

·    the right to erasure;

·    the right to restrict processing;

·    the right to data portability;

·    the right to object; and

·    the right not to be subject to automated decision-making including profiling.

              

Policy statement

Union Pipe Ltd are committed to:

·         complying with both the law and good practice

·         respect individuals’ rights

·         be open and honest with individuals whose data is held

·         providing training and support for staff who handle personal data, so that they can act confidently and consistently

·         Notify the Information Commissioner voluntarily, even if this is not required

 

Key risks

·         Data Breach: I.e. information about the individual being released into the wrong hands.

·         Data Accuracy: Individuals being harmed through data being inaccurate or insufficient.

 

 

Responsibilities

Company Directors

Have overall responsibility for ensuring that the organisation complies with its legal obligations.

Data Protection Officer

·         Briefing the Board on Data Protection responsibilities

·         Reviewing Data Protection and related policies

·         Advising other staff on tricky Data Protection issues

·         Ensuring that Data Protection induction and training takes place

·         Notification to the ICO

·         Handling subject access requests

·         Approving unusual or controversial disclosures of personal data

·         Approving contracts with Data Processors

 

Employees

All employees are required to read, understand and accept any policies and procedures that relate to the personal data they may handle in the course of their work. 

Enforcement

Infringing on Data Protection and related policies are subject to penalties. This will be assessed by the Data Protection Officer and signed off by the managing director.

 

Security

Scope

Data Security is not wholly a Data Protection issue, or just a cyber security issue. Union Pipe evaluates potential threats to data security in both digital and non-digital contexts. Union Pipe is aware of the relevant threats and has necessary procedures in place.

 

Setting security levels

Union Pipe Ltd are committed to understanding the risks presented by our processing, and use all relevant information to assess the appropriate level of security we need to put in place. The greater the consequences of a breach of confidentiality, the tighter the security.

Security measures

 

Union Pipe ensures that different passwords are used for different (digital) data storage locations. These passwords are changed monthly.

 

Appropriate security software is used and reviewed on an ongoing basis to ensure that devices with personal information stored on them, are protected from external threats.

 

Physical documentation is kept within a secure location.

Business continuity

Union Pipe runs back up software every (working) day.

 

 

 

Data recording and storage

Accuracy

Union Pipe is committed to ensuring that all data which is recorded and stored is accurate (including when supplied by a third party). Measures may include (however are not limited to) verifying with the individual, company or previously held records.

Archiving

Data is stored on head office computers which are secure and backup regularly. Information where appropriate will be deleted permanently, on request, where appropriate.

 

 

 

Right of Access

Responsibility

Union Pipe’s Data Protection Officer ensures that right of access requests are handled within the legal time limit which is one month

 

Procedure for making request

Right of access requests must be in writing. It is the responsibility of all employees to pass on anything which might be a subject access request to the appropriate person without delay.

 

 

Provision for verifying identity

Where the person managing the access procedure does not know the individual personally necessary steps will be taken for checking their identity before handing over any information.

 

Charging

Information will be provided free of charge. However Union Pipe Ltd reserve the right to charge a ‘reasonable fee’ when a request is manifestly unfounded or excessive, particularly if it is repetitive.

Procedure for granting access

If the request is made electronically, Union Pipe will provide the information in a commonly used electronic format.

 

 

Transparency

Commitment

Union Pipe are committed to ensuring that Data Subjects are aware that their data is being processed and

·         for what purpose it is being processed

·         what types of disclosure are likely, and

·         how to exercise their rights in relation to the data

 

 

 

Lawful Basis

Underlying principles

Union Pipe Ltd will ensure that personal data is processed, only when at least one of the following legal bases apply:

(a) Consent: the individual has given clear consent for Union Pipe Ltd to process their personal data for a specific purpose.

(b) Contract: the processing is necessary for a contract Union Pipe Ltd has with the individual, or because they have asked you to take specific steps before entering into a contract.

(c) Legal obligation: the processing is necessary for Union Pipe Ltd to comply with the law (not including contractual obligations).

(d) Vital interests: the processing is necessary to protect someone’s life.

(e) Public task: the processing is necessary for Union Pipe Ltd to perform a task in the public interest or for Union Pipe Ltd’s official functions, and the task or function has a clear basis in law.

(f) Legitimate interests: the processing is necessary for legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

 

 

 

Opting out

Union Pipe Ltd recognises that people may opt out of their data being used for particular purposes, and is committed to adhering to such requests.

Withdrawing consent

Union Pipe Ltd wishes to acknowledge that, once given, consent can be withdrawn, but not retrospectively.  There may be occasions where Union Pipe Ltd has no choice but to retain data for a certain length of time, even though consent for using it has been withdrawn

 

 

 

 

 

Employee training & Acceptance of responsibilities

Induction

All employees who have access to any kind of personal data should have their responsibilities outlined during their induction procedures

 

Continuing training

The issue of data protection is of great importance at Union Pipe Ltd, and we ensure that there is plenty of oportunity for relevant discussion at team meetings, directors meetings and performance reviews. Where additional training is required for the Union Pipe Ltd to fulfil it’s requirements, appropriate measures will be taken.

 

Procedure for staff signifying acceptance of policy

Staff are to read the company Data Protection Policy. This is to be signed of and dated on completion.

 

 

Policy review

Responsibility

The Data Protection Officer is responsible for the next policy review

 

Procedure

All members of staff are to consulted in the review

 

 

 

For more information, please visit the ICO website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/