Daystate Ltd recognises that the correct and lawful treatment of Personal Information will maintain confidence in the organisation and will provide for successful business operations.
Protecting the confidentiality and integrity of Personal Information is taken seriously at all times.
Scope of the Policy
The GDPR applies to ‘personal information’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
As a “personal information controller” Daystate Ltd is responsible for deciding how we hold and use personal information and we are required under information protection legislation to notify interested parties of the information contained in this privacy policy.
Information protection principles
Daystate Ltd will comply with information protection law, so personal information we hold must be:
• Used lawfully, fairly and in a transparent way.
• Collected only for valid purposes and not used in any way that is incompatible with those purposes.
• Relevant to the purpose of use and limited only to those purposes.
• Accurate and kept up to date.
• Kept only as long as necessary for the purpose intended.
• Kept securely.
Purpose for collecting personal information
Personal information is collected and retained for the following purposes:
Customers:
We will collect personal data with the overall aim of providing a better service and to enable us to perform the necessary administration of the associated standard of work contracted to undertake.
Suppliers and Sub-contractors:
For the completion of orders or contracts in direct relation to the on-going continuation of the business relationship.
Employees:
For contract of employment and associated records and communication.
Personal information collected and retained
The following information may be collected and retained:
Cusomers, suppliers and Sub-Contractors:
Mainly through Day to Day commercial transactions but also via e-mail, post or by phone may include variations of names, positions, copies of qualification certificates and direct contact details i.e. e-mail addresses, phone numbers (company or private) etc
Employees:
from direct contact, details may include the name, address, telephone number, e-mail address, date of birth, gender, marital status, salary, bank, pension, national insurance, employment detail and any human resources administration i.e. discipline’s, photographs etc
Your right to withdraw consent:
Personal information will only be used for the purposes stated above, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
You have the right to withdraw your consent at any time.
To withdraw your consent you can speak to a member of staff on 01785 791755 who will put you in contact with the data protection manager or email accounts@daystate.com
Once we have received notification that you have withdrawn your consent, we will no longer process your data for the purpose or purposes you originally agreed to.
Security Integrity and Confidentiality:
Personal Information is secured and protected against unauthorised or unlawful processing and against accidental loss, destruction or damage.
Confidentiality & Availability:
Only people who have a need to know and are authorised can access it.
Integrity:
That personal information is accurate and suitable for the purpose for which it is processed.
Access and Sharing
The information is only used in communication between Daystate Ltd employees and the related company or individual as part of normal auditing, recording, reporting, analysis and research within the context of the agreement between the relevant parties.
Any company or individual has a right to request access to their personal information regarding correction, erasure, restriction, for a change your mind, to object to any processing or to request a transfer.
This allows a copy of the personal information held to be checked for detail and that Daystate Ltd is lawfully processing that information.
Daystate Ltd may need to request confirmation of identity to ensure a right to access the personal information.
Storage and Security
Storage:
all personal information is only retained the main Daystate Ltd computer for use for that particular company or contact. Any hard copies are only retained for delivery at the next convenient time.
Back-ups on HD and USB are retained at the Daystate Ltd premises and only available to Daystate Ltd personnel.
Security:
All third-party service providers are required to take appropriate security measures to protect your personal information in line with our policy and we do not allow our third-party service providers to use your personal information for their own purposes
As a duty of confidentiality, measures are in place to protect the security of your information (available on request) to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure
Security Breaches :
Procedures to deal with any suspected information security breach are in place including immediate communication to any relevant parties regarding the breach and any actions taken.
Retention
Personal information is only retained for as long as necessary to fulfil the purposes it was collected for, during the period of the contractual relationship and may include satisfying any legal, accounting, or reporting requirements. This appropriate retention period will also consider the purpose, amount, nature, sensitivity, potential risk of harm from unauthorised use or disclosure of personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
Disposal
Hard Copies:
These are shredded or disposed of in a manner that the details cannot be used
Computer Records:
Are deleted from the appropriate storage facility
Changes to this privacy notice:
Daystate Ltd reserves the right to review and update this privacy notice at any time, and we will provide all relevant interested parties with a new privacy policy.
Daystate Ltd © 2017