Privacy Policy
Statement of Intent
Robocarv Ltd is required to collect l information to transact with subcontractors, suppliers and customers. We intend to meet all the requirements of the Data Protection Act 1998 (the Act) and the General Data Protection Regulations 2018 when collecting, storing, and destroying data.
To comply with the law, information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully. To do this, Robocarv Ltd must comply with the Data Protection Principles which are set out in the Data Protection Act 1998. In summary these state that personal data must be:
-
obtained and processed fairly and lawfully;
-
obtained for a specified and lawful purpose and not processed in any manner incompatible with that purpose; adequate, relevant, and not excessive for that purpose;
-
accurate and kept up to date;
-
not kept for longer than is necessary;
-
processed in accordance with the data subject's rights;
-
kept safe from unauthorised access, accidental loss, or destruction;
-
not be transferred to a country outside the European Economic Area, unless that country has equivalent levels of protection for personal data.
All Robocarv Ltd staff who process or use any Personal Information must ensure that they follow these principles at all times. In order to ensure that this happens, Robocarv Ltd has adopted this Data Protection Policy.
Notification of Data Held and Processed
All subcontractors, suppliers and customers, and other members of the public have the right to:
-
know what information Robocarv Ltd holds and processes about them and why;
-
know how to gain access to it;
-
know how to keep it up to date;
-
know what Robocarv Ltd is doing to comply with its obligations under the Act.
The Data Controller and the Designated Data Controllers
Ginny Mann, Administrator at Robocarv Ltd is the Data Controller under the Act, and the organisation is therefore ultimately responsible for implementation.
Personal Information
Personal Information is defined as any details relating to a living, identifiable individual. Within Robocarv Ltd this relates to subcontractors, suppliers and customers;. We need to ensure that the information gained from each individual is kept securely and to the appropriate level of confidentiality.
The personal information collected from individuals could include:
-
Their name
-
Address
-
Email address
-
Telephone numbers-including those of emergency contacts
-
Bank Details
Robocarv Ltd store personal information to comply with the HMRC AND ACCOUNTANTS.
Processing of Personal Information
All staff who process or use any Personal Information are responsible for ensuring that:
-
Any Personal Information which they hold is kept securely;
-
Personal Information is not disclosed either orally or in writing or otherwise to any unauthorised third party.
Staff should note that unauthorised disclosure will usually be a disciplinary matter and may be considered gross misconduct in some cases.
Personal information should be:
-
kept in a locked filing cabinet; or
-
in a locked cupboard; or
-
if it is computerised, be password protected;
-
kept on a storage device which is itself kept securely.
Conversations and Meetings
Information of a personal or confidential nature should not be discussed in a public area, in front of anyone that is not an employee of the setting. Robocarv Ltd employees should be aware of confidentiality at all times when discussions are taking place, either distancing themselves from the conversation if it does not concern them, or, ensuring that their discussion is not overheard by others. All staff should respect the confidential nature of any information inadvertently overheard.
Collecting Information
Whenever information is collected about people, they should be informed why the information is being collected, who will be able to access it and to what purposes it will be put. The individual concerned must agree that he or she understands and gives permission for the declared processing to take place, or it must be necessary for the legitimate business of the setting.
Sensitive Information
Sensitive information is defined by the Act as that relating to ethnicity, political opinions, religious beliefs, trade union membership, physical or mental health, sex life, criminal proceedings or convictions. The person about whom this data is being kept must give express consent to the processing of such data, except where the data processing is required by law for employment purposes or to protect the vital interests of the person or a third party.
Disposal of Confidential Material
Sensitive material should be shredded as soon as it is no longer needed; following retention guidelines and statutory requirements. Particular care should be taken to delete information from the tablets or the computer hard drive if they are to be disposed of.
Staff Responsibilities
All staff are responsible for checking that any information that they provide to Robocarv Ltd in connection with their employment is accurate and up to date. Staff have the right to access any personal data that is being kept about them, either on computer or in manual filing systems. Staff should be aware of and follow this policy and seek further guidance where necessary.
Duty to Disclose Information
There is a legal duty to disclose certain information, namely, information about: Drug trafficking, money laundering or acts of terrorism or treason, which will be disclosed to the police.
Retention of Data
Robocarv Ltd takes care to only store personal information that is absolutely necessary.
Personal information is kept for the period of time requested following guidelines from the HMRS , these retention periods are either recommended or statutory.
Stored information is filed in sealed filing boxes and locked in a secure location. Once the retention period has lapsed, the information is destroyed.
Date: 07/06/2018
Signed:
GINNY MANN
Administrator