Bespoke Sewage Treatment Plant Data Protection policy

Policy information

Bespoke Sewage Treatment Plant

The board of directors have agreed that The Managing Director determines the purposes for which and the manner in which any personal data are held, or are to be processed.

The scope of policy

The policy applies to all sites and offices the Managing Director is responsible for. BSTP has instructed our agencies to ensure full compliance with all and future UK & EU legislation

Policy operational date

The policy will be reviewed every 3 years

Policy prepared by

The Directors of BSTP

Date approved by Board/ Management Committee

This policy was approved on the 22nd January 2018

Policy review date

Review December 2020

Introduction

Purpose of policy

BSTP has introduced this policy:

  • complying with the law
  • following good practice
  • protecting clients, staff and other individuals
  • protecting the organisation

Types of data

Employees and customer details will be covered by this policy. For further data please visit the government website

Policy statement

BSTP will:

  • comply with both the law and good practice
  • respect individuals’ rights
  • be open and honest with individuals whose data is held
  • provide training and support for staff who handle personal data, so that they can act confidently and consistently
  • Notify the Information Commissioner voluntarily, even if this is not required

Please note the guidance from BSTP on when breaches should be reported as this is one of the main changes from the current Data Protection Act and GDPR

Key risks

BSTP will to its best endeavours prevent

  • information about data getting into the wrong hands, through poor security or inappropriate disclosure of information
  • individuals being harmed through data being inaccurate or insufficient

Responsibilities

The Board / Company Directors

Have overall responsibility for ensuring that the organisation complies with its legal obligations.

Data Protection Officer

The Managing Director is responsible for

  • Briefing the Board on Data Protection responsibilities
  • Reviewing Data Protection and related policies
  • Advising other staff on tricky Data Protection issues
  • Ensuring that Data Protection induction and training takes place
  • Notification to the Board
  • Handling subject access requests
  • Approving unusual or controversial disclosures of personal data
  • Approving contracts with Data Processors

Outside Organisations

BSTP will seek advice from the EEF, Northgate Arinso & its professional advisors to ensure compliance.

Employees & Volunteers

All staff and volunteers are required to read, understand and accept policies and procedures that relate to the personal data they may handle in the course of their work.

Enforcement

Breaches in compliance with Data Protection may result in disciplinary action

Security

Scope

Business Continuity is included below but you may want to move this to a separate policy

Setting security levels

Brightwell Marketing & Blue Moon Computer Services will ensure adequate IT security systems are in place and maintained

Security measures

BSTP will ensure its IT, Computer consultants and marketing companies have a fully compliant system. The company Lawyers will address any breach in compliance by third parties.

Data recording and storage

Accuracy

BSTP will have measures in place to ensure data accuracy. For example, where information is taken over the telephone, how is it checked back with the individual? If the information is supplied by a third party, what steps will be taken to ensure or check its accuracy?

Updating

Please note the separate requirements for the data we hold. For example, we cannot keep CVs for more than 6 months unless we have express permission from the candidates

Storage

All information is stored electronically where ever possible

Retention periods

A maximum period of 2 years with permission from individuals

Archiving

The company stores invoices, its own bank information for 10 years employee data is held only when employed by the company

Right of Access

Responsibility

the directors are responsible for ensuring that right of access requests are handled within the legal time limit which is one month

Procedure for making request

Right of access requests must be in writing. There should be a clear responsibility for all employees to pass on anything which might be a subject access request to the appropriate person without delay.

Provision for verifying identity

Where the person managing the access procedure does not know the individual personally there should be provision for checking their identity before handing over any information

Procedure for granting access

If the request is made electronically, we will provide the information in a commonly used electronic format.

The GDPR includes a best practice recommendation that, where possible, organisations should be able to provide remote access to a secure self-service system which would provide the individual with direct access to his or her information

Transparency

Commitment

BSTP will explain its commitment to ensuring that Data Subjects are aware that their data is being processed and

  • for what purpose it is being processed
  • what types of disclosure are likely, and
  • how to exercise their rights in relation to the data

Procedure

When BSTP deems there are standard ways for each type of Data Subject to be informed, these will be given, for example:

  • the handbook for employees
  • in the welcome letter or pack for members, with occasional reminders in the newsletter
  • during the initial interview with clients
  • on the website

Responsibility

Individuals in the company are responsible for their actions when passing on information outside of working hours and the company premises.

Lawful Basis

Underlying principles

GDPR states we must record the lawful basis for the personal data we hold a

Opting out

BSTP is not relying on consent, but will give people the opportunity to opt out of their data being used in particular ways

Withdrawing consent

BSTP the organisation may wish to acknowledge that, once given, consent can be withdrawn, but not retrospectively. There may be occasions where the organisation has no choice but to retain data for a certain length of time, even though consent for using it has been withdrawn

Employee training & Acceptance of responsibilities

Induction

All employees who have access to any kind of personal data will have their responsibilities outlined during their induction procedures

Continuing training

There are opportunities to raise Data Protection issues during employee training, team meetings, supervisions, etc.

Procedure for staff signifying acceptance of policy

The policy will be included in the Company Handbook

Policy review

Responsibility

The board of directors are responsible for the review

Procedure

Site Manager will be briefed on Data Protection regulation

Timing

Review will be completed by December 2020

About cookies

This website uses cookies. By using this website and agreeing to this policy, you consent to BSTP’s use of cookies in accordance with the terms of this policy.

Cookies are files sent by web servers to web browsers and stored by the web browsers.

The information is then sent back to the server each time the browser requests a page from the server. This enables a web server to identify and track web browsers.

There are two main kinds of cookies: session cookies and persistent cookies. Session cookies are deleted from your computer when you close your browser, whereas persistent cookies remain stored on your computer until deleted, or until they reach their expiry date.

Cookies on our website

BSTP uses the following cookies on this website, for the following purposes.

When visiting this website you choose your language.  BSTP stores this information so when you re-visit you are taken directly to the appropriate website.

Refusing cookies

Most browsers allow you to refuse to accept cookies.

In Internet Explorer, you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector.

In Firefox, you can adjust your cookies settings by clicking “Tools”, “Options” and “Privacy”.

Blocking cookies will have a negative impact upon the usability of some websites.

 

Go back to homepage