BDB 24 – DATA PROTECTION POLICY
BDB Special Projects is committed to ensuring the privacy and security of all personal data retained. The main board of Directors and Senior Managers are committed to the delivery of this policy statement and ensuring it is understood and followed throughout the business. BDB Special Projects company structure facilitates transparent and compliant administration of the General Data Protection Regulations (GDPR), this includes assigning responsibilities for Data Protection to a specific individual within the structure of the organisation. This role has been assigned to the HR & Admin Manager.
Through the implementation of defined processes and with a strong focus on managing risk, BDB Special Projects communicate openly with internal and external customers on how their personal data is collected and stored. BDB Special Projects only process personal data that is essential to business operations for our continued compliance with government and regulatory bodies where we are required to achieve certain operational, vocational and administrative standards. This may include the need to verify certain competencies or qualifications held by an individual which may be essential for them to carry out their work.
Personal data will be captured through the completion of the BDB Special Projects Application form. All job applicants, employees, contractors, apprentices and former workers will have the right to refuse to allow the company to hold any of their Personal Data. When BDB Special Projects needs to process criminal records data in order to obtain a basic criminal record check / DBS disclosure it does so in order to meet its legitimate interest of protecting its reputation, to gain the confidence of the public in the reliability of our staff. BDB Special Projects will only process criminal records data in this capacity with your consent.
BDB Special Projects confirms via this policy that no personal data will be passed to a third party without the express permission of the individual concerned. All personal data is stored in a password-protected database managed by the specific individual assigning responsibilities for Data Protection.
To make an access request the individual should send the request to firstname.lastname@example.org. In some cases, the company may need to ask for proof of identity before the request can be processed. BDB will respond to a request within a period of one month from the date it is received, in some cases if requests are excessive this may take up to three months but the company will advise the individual accordingly.
Through the continuous monitoring of compliance with this policy, BDB Special Projects regularly reviews the accuracy of personal data held and offers all individuals routine opportunities for review and updating of this information. The quality and accuracy of all personal data is a primary concern and upon reasonable request, all personal data that is being held, where/how it was obtained and who it may be shared with will be made available.
All individuals retain the right to complain to the Information Commissioners Office (ICO) should they feel there is a cause for concern regarding the manner in which their personal data is being managed or processed. In the first instance, all investigations will be carried out at a senior management level and be escalated to the Directors in the event that an acceptable resolution cannot be achieved.
BDB Special Projects ensure that all consent mechanisms used in the consent process are unambiguous. Every opportunity is provided for the individual to assert a positive indication of agreement and that they have been afforded the opportunity to decide, rather than proceed on an assumption of acceptance by default.
The use of customers and client’s emails, for non-business related private communications, are not permissible. It is illegal to send a group email to persons related to this business, (as in private email address being used without consent) via a personal Email, as they may not have consented to this email address being shared and used by a third party. It is also not permissible to contact persons from your private email where a privileged email address was not shared personally to you and is privileged information and a non-business related communication.
Data security is of paramount importance to BDB Special Projects as part of our protection from any data breaches systems are constantly monitored, audited and assessed to facilitate the detection of potential breaches. Any breaches deemed to be of a level that may involve suffering, financial loss or damage through identity theft or confidentiality breach will be notified to the ICO.
BDB Special Projects will not transfer HR related data to countries outside the EEA.
Data Protection Principles
The Company is committed to the principles of GDPR and processes personal data in accordance with the following data protection principles:
- The Company processes personal data lawfully, fairly and in a transparent manner.
- The Company collects personal data only for specified, explicit and legitimate purposes.
- The Company processes personal data only where it is adequate, relevant, and limited to what is necessary for the purposes of processing.
- The Company keeps accurate personal data and takes all reasonable steps to ensure that inaccurate personal data is rectified or deleted without delay.
- The Company keeps personal data only for the period necessary for processing.
- The Company adopts appropriate measures to make sure that personal data is secure and protected against, unauthorised or unlawful processing, accidental loss, destruction or damage.
Date: 1st September 2018
on behalf of BDB Special Projects