Skillbase People Development Ltd Data Protection Policy In compliance with the General Data Protection Regulations (EU) 2016/679 (GDPR))

Similar documents
Data Protection Policy

UK Research and Innovation (UKRI) Data Protection Policy

GENERAL DATA PROTECTION REGULATION Guidance Notes

Broad Run Investment Management, LLC

SCHOOLS DATA PROTECTION POLICY. Guidance Notes for Schools

DATA PROTECTION POLICY

Data Protection Policy

Getting ready for the new data protection laws A guide for small businesses, charities and voluntary organisations

TimePlan Education Group Ltd ( the Company ) Data Protection. Date: April Version: 001. Contents

You can contact us directly at Dechert LLP, 160 Queen Victoria Street, London, EC4V 4QQ, United Kingdom or by ing

Search Consultancy Limited Privacy Notice

St John's Primary School and Nursery. Privacy Notice for Governors How we use your information 2018/19

Training Manual. DATA PROTECTION ACT 2018 (DPA18) Incorporating General Data Protection Regulations (GDPR) Data Protection Officer is Mike Bandurak

Orbit Recruitment Privacy Policy

RSD Technology Limited - Data protection policy: RSD Technology Limited ( the Company )

Data Protection Policy. Data protection. Date: 28/4/2018. Version: 1. Contents

GDPR for whom it may concern

DIOMED DEVELOPMENTS LIMITED DATA PRIVACY NOTICE FOR APPLICANTS

Privacy Notice (How we use school workforce information)

Data Protection Policy Approved by: COG Approved: 9 August 2017 Review date: August 2019 Version: Statement of Intent

P Drive_GDPR_Data Protection Policy_May18_V1. Skills Direct Ltd ( the Company ) Data protection. Date: 21 st May Version: Version 1.

PREPARING YOUR ORGANISATION FOR THE GENERAL DATA PROTECTION REGULATION YOUR READINESS CHECKLIST DATA PROTECTION COMMISSIONER

The Society of St Stephen s House Site Security and Monitoring Privacy Notice

Brasenose College is committed to protecting the privacy and security of personal data.

Trinity is committed to protecting the privacy and security of personal data.

Tourettes Action Data Protection Policy

Preparing for the GDPR

EDWARDS COMMERCIAL CLEANING SERVICES LTD and EDWARDS COMMERCIAL CLEANING (NORTH) LTD Data Protection Policy for Employees, Workers and Consultants

DATA PROTECTION POLICY

Data subject access policy

LIFE STYLE CARE PLC. Privacy Statement for Employees. August 2018

Privacy Notice. The Kind of Information We Hold About You

Guidance and Example of a Privacy Notice Form

PRIVACY NOTICE FOR STAFF

DATA PROTECTION POLICY 2018

GDPR P4 Privacy Policy Statement & Guidance for Employees and External Providers

St Michael s CE Primary School Data Protection Policy

The template uses the terms students / pupils to refer to the children or young people at the institution.

Job applicant privacy notice (compliant with the General Data Protection Regulations (GDPR)

How employers should comply with GDPR

INTERNATIONAL WHAT GDPR MEANS FOR RECORDS MANAGEMENT

DATA PROTECTION POLICY VERSION 1.0

Information Asset Register IAR. Guidance for Schools

Privacy Policy for Suppliers

LPC Law Recruitment Privacy Notice

SAFFRON WALDEN COMMUNITY CHURCH DATA PROTECTION POLICY. Adopted: [ ]

b. by a controller not established in EU, but in a place where Member State law applies by virtue of public international law.

Breakthrough Data Protection Policy Approved by Lead Organisation: November 2017 Next Review Date: November 2018

Depending on the circumstances, we may collect, store, and use the following categories of personal information about you:

12 STEPS TO PREPARE FOR THE GDPR

Nissa Consultancy Ltd Data Protection Policy

Scottish Charity Number SC Dingwall Baptist Church DATA PROTECTION POLICY

Privacy Notice for Directors and Local Academy Committee Representatives How we use your information 2018/2019

Privacy Notice for Staff

Baptist Union of Scotland DATA PROTECTION POLICY

EARLS HALL BAPTIST CHURCH DATA PROTECTION POLICY

Data Protection Policy

STAFF PRIVACY NOTICE

UoW takes measures to enable data to be restored and accessed in a timely manner in the event of a physical or technical incident.

Workforce Privacy Notice

Privacy Notice for Directors and Local Academy Committee Representatives How we use your information 2018/2019

Data Protection Employee Privacy Notice

SHAREHOLDERS PRIVACY NOTICE

General Data Protection Regulation

Data Protection Policy

Section a What this Policy is for Policy Statement. 2. Why this policy is important... 3

Brasenose College Data Protection Policy Statement v1.2

We reserve the right to update this privacy notice at any time. Please check our website from time to time for any changes we may make.

Privacy Notice. If you wish to know more about our approach to Data Protection please read this Privacy Notice.

European Union General Data Protection Regulation 25 th May 2018

LEICESTER HIGH SCHOOL DATA PROTECTION POLICY

St Mark s Church of England Academy Data Protection Policy

The Privacy Battlefield What does the GDPR Require?

CHANNING SCHOOL DATA PROTECTION POLICY

Data Protection Policy

RECRUITMENT PRIVACY NOTICE

Paul Vane Acting Information Commissioner

gdpr walkthrough lawful basis for processing

This privacy notice applies to attendees, organisers and others involved in Merton College s conferences and events

What personal details do we hold

NEW LIFE BAPTIST CHURCH NORTHALLERTON DATA PROTECTION POLICY. Adopted: 20 June 2018 To be reviewed: June 2021

Data Protection Policy. UK Policy May 2018

Hendre Infants School DATA PROTECTION POLICY. Nurture, Believe, Achieve Headteacher: A. J. Brett-Harris

Foundation trust membership and GDPR

GDPR DATA PROCESSING NOTICE FOR FS1 RECRUITMENT UK LTD FOR APPLICANTS AND WORKERS

Data Breach Notification Policy

RAW MARKETING DATA PROTECTION POLICY

GDPR factsheet Key provisions and steps for compliance

Privacy Notice: All staff

Data Protection Policy

GDPR for Employers DUBLIN / BELFAST / LONDON / NEW YORK / SAN FRANCISCO / PALO ALTO

Pensions Authority Data Protection Considerations for Trustees of Occupational Pension Schemes

PRIVACY NOTICE for Welsh St Donat s Community Council, May 2018

Transcription:

Effective from 1 st January 2018 Table of Contents Introduction... 2 Data Protection Officer... 2 Skillbase definitions of personal and sensitive personal data under GDPR... 2 Use of personal data in Skillbase... 3 Sales, Business Development and commercial contacts... 3 Service delivery... 3 Employees... 3 Associates... 3 Data Protection Checkpoints and Impact Assessments... 4 Third party suppliers... 4 Subject Access Requests... 4 Privacy notices... 4 Consent... 4 Data Breaches... 5 International... 5 Children... 5 Contact Information... 5 1

Introduction This document sets out the policy for all activities carried out under Skillbase People Development Ltd by its Directors, Employees and Associates, and is for the information of clients and people in receipt of Skillbase services. This policy is reviewed annually at year start and mid-year by the Skillbase Board, to ensure both operational compliance and its continued appropriateness to the business as it develops. Data Protection Officer A named Board member has designated responsibility for compliance with data protection legislation. The designated Board member is Jennie Shannon. Skillbase definitions of personal and sensitive personal data under GDPR PERSONAL DATA Personal data includes information about a living individual where it can be connected to a name, home address, date of birth, National ID, passport or tax number (e.g. payroll record). Within the context of the Skillbase business, we only use personal data when one or more of the following apply: We have consent It is necessary for the preparation and/or performance of a contract with the data subject It is necessary for compliance with a legal obligation It is necessary to protect the vital interests (e.g. immediate health needs) of the data subject It is necessary for the purposes of legitimate interests SENSITIVE PERSONAL DATA Sensitive personal data relates to a person s physical, physiological, genetic, biometric, mental, economic, cultural or social identity; also, anything that reveals political opinions, racial or ethnic origin, religious beliefs, trade union membership, sexual orientation and health status. Within the context of the Skillbase business, we only use sensitive personal data when one or more of the following apply: We have consent It is necessary under employment law, collective agreement or other law The data has already been made public by the data subject It is required by judicial authorities It is necessary for the protection of public health Our default approach to the use of sensitive personal data is for there to be explicit consent from the data subject(s). In the event of any doubt, use of sensitive personal data is reviewed by our Data Protection Officer. 2

Use of personal data in Skillbase Skillbase processes and stores personal data in the following areas: Sales, Business Development and commercial contacts Contact details of clients with whom we have commercial relationships Contact details of organisations and individuals with whom we communicate and include in our marketing and business development activities This data is held in Skillbase and not passed on to any third party. Service delivery Contact information on people who take part in our training programmes, assessment centres and feature in any other client projects Results of assessments and tests related to people who take part in our training programmes and assessment centres and other client projects Other personal information which may be collected, analysed and held as part of a defined client project under any of our service lines This data is held in Skillbase for a period agreed with the client and unless agreed otherwise, is only shared with the client who has commissioned the work and the individual to whom it is related. Following the completion of a client engagement, once the client has all the data they require, paper records are destroyed and electronic records are deleted from Skillbase systems within 6 months. Employees Personal data related to the employment contract including address and identity, right to work, medical reports relevant to employment, pay, benefits, banking and taxation This data is held in Skillbase and shared as appropriate with our Accountancy service provider (which includes outsourced payroll and taxation services) and in response to legitimate enquires from public authorities (e.g. tax, immigration). Associates Personal data related to the Associate Contract including address and identity, right to work, medical reports relevant to operating as an Associate, banking and taxation This data is held in Skillbase and shared as appropriate with our Accountancy service provider (which includes taxation services) and in response to legitimate enquires from public authorities (e.g. tax, immigration). 3

Data Protection Checkpoints and Impact Assessments Each client project undertaken has a Data Protection Checkpoint (DPC) at its inception and prior to commencement in order to identify whether the project creates any new data protection issues or risks and to make appropriate arrangements or changes to this policy. The DPC includes confirming with our client that they have the necessary policy and process in place in order that the end-to-end handling of data, by the client and by Skillbase, complies with GDPR standards. The DPC will be conducted by the MD (Sarah Wilson) as part of project signoff. In event of a project or situation where data processing is likely to result in high risk to individuals, a formal Data Protection Impact Assessment (DPIA) will be carried out and reviewed by the Data Protection Officer and if appropriate by the Skillbase Board prior to proceeding with the project. Third party suppliers Third party suppliers to Skillbase such as IT, Accountancy and specialist service providers are required to have appropriate Data Protection Policies and Practices, which are evaluated when arrangements are set up and reference to those Policies and Practices is included as appropriate in contractual documents. Subject Access Requests Subject Access Requests should be addressed in writing (electronic or paper) to the Designated Board member who has designated responsibility for compliance with data protection - Jennie Shannon. Any request must be clearly marked as a Subject Access Request. See contact details below. Subject Access requests will be responded to within one month. If a Subject Access request is considered to be manifestly unfounded or excessive, it will be refused and the reason explained in writing within one month. In such a case the person making the request will have the right to complain to the supervisory authority and to a judicial remedy. Privacy notices The Skillbase employment contracts and associate agreements contain privacy notices. Consent We don t currently collect any data by consent as all purposes are lawful based on explicit need. For example, we consider the collection of psychometric data, feedback on courses and contact details of course delegates as being in the legitimate interests of the employer or a third party and therefore do not require consent for these activities. 4

If at any time we carry out activity which requires consent for use of data, e.g. a marketing survey or a highly specific workforce analysis, a request for consent will be included as a step in the process and will conform with the GDPR requirement for consent to be freely given, informed, specific and explicit. Data Breaches In the case of a personal data breach, the person who identifies it, should report it immediately to the DPO and be prepared to support the investigation and resolution of a breach. The Board, on the advice of the DPO, decides whether or not: 1. The Information Commissioner s Office (ICO) should be informed, which is necessary in the event that it is likely to result in a risk to the rights and freedoms of individuals, e.g. it could result in discrimination, damage to reputation, financial loss, loss of confidentiality. 2. Those directly concerned should be informed, which is necessary in the event that the breach may result in a high risk to the rights and freedoms of individuals. International Skillbase operations are conducted from the UK and whilst delivered internationally, fall under the UK supervisory authority. Children Skillbase does not provide services or engage with people under the age of 18 and therefore this policy has no special provisions for children. Contact Information Skillbase People Development Ltd., Unit 22 Broadmarsh Business Centre, Harts Farm Way, Havant, Hants, PO9 1HS Data Protection Officer - Jennie.shannon@skillbase.com 5

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback