DATA PROTECTION POLICY
Name of organisation:……… The Waste Clearance Team (the “Company”)
As part of its business activities, the Company has to gather and use certain personal data about individuals and companies, including its customers, suppliers, and employees. This policy describes how this data is collected, handled and stored to meet the company’s data protection standards.
This Data Protection Policy ensures the Company:
- Complies with data protection law and follows good practice
- Protects the rights of employees, suppliers and customers
- Protects itself from the risks of a data breachPolicy ScopeThis policy applies to staff (whether permanent, temporary or agency) and all contractors, suppliers or any other person working on behalf of the Company.
It applies to all data that we hold relating to individuals and can include names of individuals, postal addresses, email addresses, telephone numbers, card details, financial information and any other information relation to these individuals. The personal data the company holds is (i) data from which individuals can be directly or indirectly identified (“Personal Data”) and (ii)data relating to various aspects of a person’s life, such as race, sexuality, mental or physical health, etc., (“Sensitive Personal Data”) (together “Data”).
Data Protection Risks
This policy helps protect the Company from potential Data security risks, including:
- Breaches of confidentiality – information being given out inappropriately.
- Breaches of its obligations under data protection laws – information not being stored orprocessed correctly.
- Reputational damage to the company if unauthorised access was gained to Data.ResponsibilitiesThe senior management of the Company is ultimately responsible for ensuring that the Company meets its legal obligations under the relevant data protection legislation (including the General Data Protection Regulation “”GDPR”).
Everyone, however, who works for, or with the Company has some responsibility for ensuring that all Data is collected, stored and handled appropriately.
Everybody that handles Data must ensure that it is handled and processed in line with this policy and data protection principles and used only for the legitimate and proper purposes carried out by the Company, including the provision of waste clearance services (“Services”).
- The only people able to access Data covered by this policy should be those who need it for their work.
- Data should not be shared informally. When access to confidential information is required, employees must request it from their line managers.
- Employees should keep all Data secure, following the company guidelines below.
- Passwords must be used which should not be shared with anyone else.
- Data should never be disclosed to unauthorised people, either within the company orexternally.
- Data should be regularly reviewed and updated if necessary. Any Data no longerrequired should be deleted or securely disposed of.
- Any employee unsure of any aspect of data protection should check with their linemanager.Data Protection Principles
The Company fully endorses and adheres to the principles of the GDPR. These principles specify the legal conditions that must be satisfied in relation to obtaining, handling, processing, transportation and storage of Data and must be adhered to:
- Data shall be processed fairly, lawfully and transparently.
- Data shall be obtained only for specified, explicit and lawful purposes, and shall not befurther processed in any manner incompatible with that purpose or those purposes.
- Data shall be adequate, relevant and limited to what is necessary for the purpose orpurposes for which they are processed.
- Data shall be accurate and, where necessary, kept up to date (including rectification ordeletion if appropriate).
- Data shall not be kept for longer than is necessary for the processing purposes that itwas obtained. Proper consideration should be given to rendering that Data unidentifiable (e.g. anonymization) as soon as those processing purposes have been completed.
- Data shall be processed in accordance with the rights of data subject.
- Data shall be processed making use of the appropriate technical and organisationalmeasures to ensure appropriate security of that Data.What Data Does The Company Store?
The Company obtains and processes Personal (and occasionally Sensitive Personal) Data from various sources, including by obtaining information from individuals themselves.
Workers (employees, agents, contractors or otherwise; prospective, current and past) (“Staff”):
- Name, address, contact details, emergency contact details, date of birth, sickness record (including any information about health that is relevant to employment), bank account details and tax information.
- Information generated in the course of employment, including any changes to the information above and information generated as part of management (e.g. performance reviews, voluntarily completed surveys or feedback).
• In some circumstances, Data may be collected indirectly from monitoring devices (including but not limited to door access-control mechanisms, closed-circuit television and other security systems, telephone, e-mail and internet-access logs and recordings).
- Name, address, contact details (email and phone) and information given to help uscomplete the Services successfully. This information can be in relation to the person whose property we are collecting from, an on the day contact (if different) and the person placing the order (if different).
- Any data gathered at the time of carrying out the Services: e.g. photos of the waste, data about the waste (weight and size) and name and signature (if on site) confirming that the Services have been completed.Why Does the Company Collect and Process Data?The Company collects and processes Data manually and electronically, for a number of reasons, including but not limited to:
- administrative and HR purposes, including recruitment, appraisals, promotions, career planning, remuneration, benefits, training and the provision of references;
- health and safety matters;
- disciplinary, grievance and performance management;
- Sensitive Personal Data is only processed by the Firm for monitoring equalopportunities, diversity and staff welfare and for the purpose of providing specificservices to individuals. Customers:
- Fulfilment of the Services, including providing information to Suppliers that is necessary for the fulfilment of the Services.
- Administer, support, improve and develop our business to improve the services we offer and to help us prevent fraud.Data SecurityData should be stored safely in accordance with the best practices.
Data Use And Accuracy
- When working with Data employees should ensure the screens of their computers are always locked when the machine is left unattended.
- Data should not be shared informally.
- Employees should not save copies of Data to their own computers. Always access andupdate the central electronic copy of any Data.
It is the responsibility of all employees who work with Data to take reasonable steps to ensure it is kept as accurate and up to date as possible.
- Data will be held in as few places as necessary. Employees should not create any unnecessary additional Data sets.
- Data should be updated if any inaccuracies are discovered and any out of date information, such as telephone number or email address, should be removed from the database.
Telephone use and Data Protection Guidelines
The purpose of the GDPR is to protect the rights and privacy of individuals with regard to their personal information. Wherever possible information should only be passed to known individuals where the need and authority to share information has already been clearly established. Where this is not possible the guidance below should be adhered to. These are merely guidelines and it is necessary to use personal judgment with regards to Data Protection.
- When calling someone you should clearly state your name and that you are calling from The Company and you should establish who you are speaking with and, if answering the telephone, ascertain the nature of the call.
- You should always think carefully before disclosing any Data to anyone. You should not disclose Personal Data to anyone unless you are certain that they are entitled to receive that Personal Data It will have to be a matter of judgment in each case. As a rule you should consider whether or not the information is necessary to allow you and the recipient to perform their job correctly.
- If you can identify the individual you are speaking with on the telephone (ie from their voice) and you are satisfied that they have a legitimate reason for requesting the information, you may disclose this over the telephone.
- If you cannot be sure of the identity of the individual making the telephone enquiry, you should ask them for information that helps validate who they are. For example, reference numbers, names, postcodes, names of anyone else involved in the collection (e.g. insurer, installer…).
- Ensure that you are not inadvertently disclosing information to others who are in close proximity. This is particularly important in the case of staff working in an open plan office.
- If you have any doubts or concerns in respect of a individual’s identity and request for information you could say that you do not have the information to hand and that you need time to find it and get back to them – taking a contact telephone number. You can then discuss the issue with your Line Manager.
- You should never disclose Sensitive Personal Data to anyone without the prior approval of a senior manager.Right of Access to DataAll individuals who are the subject of personal data held by The Company are entitled to be informed of various rights under the GDPR. This includes the right to:
- ask what information the Company holds about them and why (including how this complies with the Company’s data protection obligations)
- Ask how to gain access to the Data and to keep it up to date.
- Ask for Data to be deleted.
- Ask for Data to be moved.
- Ask for certain processing activities to stop.If an individual contacts the Company requesting this information the Company is obliged to consider the request in accordance with the relevant law.Disclosing Data For Other Reasons
In certain circumstances, Data must be disclosed to government agencies without the consent of the data subject. Any such requests should be referred to senior, who will take the appropriate steps to ensure that the request is legitimate and the correct process is followed.