Data Protection Policy
Blue Box Design will ensure that all data and information held on file for employees or clients will remain confidential and be stored in a secure environment.
All computer systems relating to employees or client’s records will be password protected and encrypted.
Our internal computer system is individually password protected.
Access to all CRM and Accounts Systems is used by authorised members of staff and passwords stored securely under sole control of the company Directors – Donald McLaren and Michael McLaren.
DATA PROTECTION, CONFIDENTIALITY AND INFORMATION SECURITY POLICY
1 – Introduction
Blue Box Design needs to collect and use certain types of information about the individuals who come into contact with Blue Box Design in order to carry on our work. This personal information must be collected and dealt with appropriately whether it is collected on paper, stored on a computer database or, recorded on other material and there are safeguards to ensure this under the Data Protection Act 1998 (DPA).
2. – Data Controller
Blue Box Design is the Data Controller and Data Processor under the Act, which means that it determines what purposes personal information held will be used for.
3. – Disclosure
The Client or Employee will be made aware how and with whom their information will be shared. There are circumstances where the law allows Blue Box Design to disclose data (including sensitive data) without the subject’s consent.
a) Carrying out legal duty or as authorised by the Secretary of State
b) Protecting vital interests of an Individual or other person
c) The Individual has already made the information public
d) Conducting any legal proceedings, obtaining legal advice or defending any legal rights
e) Monitoring for Equality and Diversity purposes – i.e. race, religion or disability
f) Providing a confidential service where the Individual’s consent cannot be obtained or where it is reasonable to proceed without consent: e.g. where we would wish to avoid forcing stressed or ill Individuals to provide consent signatures
Blue Box Design regards the lawful and correct treatment of personal information as very important to successful working, and to maintaining the confidence of those with whom we deal and intends to ensure that personal information is treated lawfully and correctly.
To this end, Compack Limited will adhere to the principles of Data Protection, as detailed in the Data Protection Act 1998.
4. – Data collection
Informed consent is when
• An Individual clearly understands why their information is required, who it will be shared with, the possible consequences of them agreeing or refusing the proposed use of the data
• And then gives their consent
Blue Box Design will ensure that data is collected within the boundaries defined in this policy. This applies to data that is collected in person, or by completing a form. When collecting data, Blue Box Design will ensure that the Individual:
a) Clearly understands why the information is needed
b) Understands what it will be used for and what the consequences are should the Individual decide not to give consent to processing
c) As far as is reasonable possible, grants explicit consent, either in writing or verbally for data to be processed
d) Is, as far as reasonable practicable, competent enough to give consent and has given so freely without any duress
e) Has received sufficient information on why their data is required and how it will be used
f) Will sign and date the Data Protection Statement at induction stage
5. – Data storage
Information and records relating to service users will be stored securely and will only be accessible to authorised staff and will be stored for only as long as it is needed or required statute and will be disposed of appropriately.
It is Blue Box Design's responsibility to ensure all personal and company data is non-recoverable from any computer system previously used within the organisation, which has been passed on/sold to a third party.
6. – Data access and accuracy
All individuals have the right to access the information Blue Box Design holds about them. This can be arranged by contacting the Centre’s Administration team and providing 48 hours’ notice. Blue Box Design will also take reasonable steps to ensure that this information is kept up to date by asking data subjects whether there have been any changes.
In addition, Blue Box Design will ensure that:
• It has a Data Protection Officer with specific responsibility for ensuring compliance with Data Protection
• Everyone involved in processing personal information understands that they are contractually responsible for following good data protection practice
• Everyone processing personal information is appropriately trained to do so and is appropriately supervised
• Anyone wanting to make enquiries about handling personal information knows what to do
• It deals promptly and courteously with any enquiries regarding handling of personal information and describes clearly how this information is handled
• It will regularly review and audit the ways it holds, manages and uses personal information
• It regularly assesses and evaluates its methods and performance in relation to handling personal information
• All staff are aware that a breach of the rules and procedures identified in this policy may lead to disciplinary action being taken against them
This policy will be updated as necessary to reflect best practice in data management, security and control and to ensure compliance with any changes or amendments made to the Data Protection Act 1998.
In case of any queries or questions relating to this policy, please contact Blue Box Design Data Protection Officer:
Blue Box Design, Unit 22, 9 Munro Rd, Stirling FK7 7XQ
Tel. 01786 446 098
E-mail – firstname.lastname@example.org
Blue Box Design as both the Data Controller and Data Processor is committed to protecting the rights of the individual and acknowledge that any personal data of yours that we handle will be processed in accordance with the Data Protection Act 1998 (DPA) and the new General Data Protection Regulations (GDPR) 2018
What Data will be collected
The following data may be collected, held and shared by Blue Box Design:
• Personal information (e.g. Name, Address, Date of Birth)
• Characteristics (ethnicity, gender)
• Past and present Job roles
Who will it be collected from
• Human Resources
• Group Leaders
How will it be collected
• E mail
Why is it collected
• For the purposes of processing payroll and accounts, To ensure the health and safety of the employees at work and to allow consideration of any adjustments that may be required to support their ability to work.
• Data may also be used for research, audit or statistics but will be anonymised if this is the case.
Lawful Basis for processing the information
• Lawful basis for processing this sensitive personal information is for legal obligation of the Health and Safety and Work Act and Consent.
18 April 2018
How long will data be held for
• Management referral information will be held for 6 years after the employee has left their job or 75 years of age (whichever is soonest) as recommended by the British Medical Association (BMA)
How will the data be stored
• Your records will be stored in accordance with Blue Box Design records storage policy following GDPR regulations.
Who will my information be shared with
• We will not share information about you with third parties without your consent unless the law allows us to.
What are your rights
• You have the right to see any information we hold about you. The request should be made in writing and should be responded to within 4 weeks without charge. You can also request that an amendment is attached to your personal information if you believe any of the information held by Blue Box Design is inaccurate or misleading