Data Protection Policy – Three SG
Policy information |
|
Organisation |
SSSG Ltd trading as Three SG |
Scope of policy |
THREE SG is committed to protecting your personal information and respecting your privacy and rights when it comes to information processing. THREE SG is committed to maintaining compliance with current data protection legislation, any future legislation that comes into force as and when required, and to maintain transparency about how it processes personal data. THREE SG processes the personal data of both its own employees and its business contacts and works to ensure this data is kept secure and the risk of data breach is reduced to a minimum.
|
Policy operational date |
25th May 2018
|
Policy prepared by |
Barry Sinclair |
Date approved by Board/ Management Committee |
18th May 2018 |
Policy review date |
18th May 2021 |
Introduction |
|
Purpose of policy |
Three SG’s reason for the policy: This informs you how and why THREE SG collects your personal information, how THREE SG processes your personal information, who has access to your personal information, and details your rights as an individual to control how your personal information is processed. By continuing to use THREE SG’s services you give THREE SG permission to process your personal data for the purposes identified as set out within this policy. |
Types of data |
Three SG will collect data relating to: · Name of client/company/employee · Address details of client/company/employee · Phone numbers of client/company/employee · Email address of client/company/employee · Key holder information of client/company/employee · Passwords for key holder information of client/company/employee · Job applicants information
|
Policy statement |
Three SG are committed to: · comply with both the law and good practice · respect individuals’ rights · be open and honest with individuals whose data is held · provide training and support for staff who handle personal data, so that they can act confidently. · Notify the Information Commissioner voluntarily, even if this is not required · Inform the ICO of any breach within 72hours of discovery · The right of access to your information. · The right to erasure to erase data held. · The right to restrict processing of data when not required.
|
Use of information |
How THREE SG uses your information Where THREE SG collects personal data (for example your name, postal address or e-mail address) this information is used exclusively by THREE SG for providing the services you have requested or which are detailed within your service contract. |
Responsibilities |
|
The Board / Company Directors |
Three SG Barry Sinclair and Sophie Campbell Sinclair |
Data Protection Officer |
Barry Sinclair’s responsibilities include: · Briefing the Board on Data Protection responsibilities · Reviewing Data Protection and related policies · Advising other staff on tricky Data Protection issues · Ensuring that Data Protection induction and training takes place · Notification to the ICO · Handling subject access requests · Approving unusual or controversial disclosures of personal data · Approving contracts with Data Processors
|
Employees &Data Processors |
All staff are required to read, understand and accept any policies and procedures that relate to the personal data they may handle in the course of their work.
|
CCTV Recording on site |
|
CCTV system |
THREE SG has CCTV cameras installed around their premises for the purposes of crime prevention and public safety. THREE SG staff, visitors to THREE SG or passersby may be recorded on these cameras. The footage is stored by THREE SG for a limited time before it is overwritten. THREE SG may monitor the footage in the event of an incident. THREE SG will only ever share the footage with the local Police force in the event of a criminal investigation. The contact number for CCTV enquiries is stated on signage around the building. Visitors to THREE SG are asked to sign in using the Visitors Book in the Reception area. Information requested includes name, company and vehicle registration. In the unlikely event of a fire, this information is used to perform a roll call and ensure all visitors have evacuated the building. This information remains at THREE SG office and is not shared with any other party.
|
Right of Access |
|
Customer rights of access |
Under the General Data Protection Regulation (GDPR) and the Data Protection Act 1998 (DPA) you have rights as an individual providing personal data:
Please notify THREE SG of any request to change how your personal data is processed or to update your records by telephone, email or post Subject Access Requests If you wish to make a free Subject Access Request to access a copy of the personal data THREE SG stores about you, or understand how it is processed and why, please follow the instructions below:
THREE SG will deal with your request without undue delay, within 1 month of the receipt of your request. THREE SG will notify you if it is unable to provide the information within 1 month, detailing the likely timescale. If THREE SG is unable to grant you access to your data for a specific reason you will be notified immediately. In certain circumstances, such as where a large amount of data is requested which may require extra time or resource to gather and collate the data, THREE SG reserves the right to charge a fee to account for this activity.
|
WEBSITE |
|
Visitors |
You can visit the THREE SG website without revealing who you are or giving any information about yourself, except where you voluntarily choose to give THREE SG your personal details via e-mail or by enquiring about any of THREE SG’s services.
|
Email and contact details |
People who email THREE SG THREE SG may monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law. People who contact THREE SG via Facebook You can contact THREE SG via Facebook if you wish to enquire about THREE SG services or wish to comment on THREE SG services. These communications are managed by Barry Sinclair and are only ever shared internally at THREE SG, either for the purpose of providing you with the information you have requested. Enquiries THREE SG receives enquiries through the website and by telephone, post and email. Enquiries will typically require the person to enter some form of contact details to allow THREE SG to follow them up. For general enquiries, a record of the enquiry is retained by THREE SG until the enquiry has been dealt with and no further follow up is needed. If we receive an enquiry and the customer does not wish to proceed, the details are held on THREE SG’s internal system for 24 months before deleting. This policy does not cover the links within this site to other websites, or the content of those sites. THREE SG encourages you to read the policy statements on the other websites you visit.
|
COMMUNICATIONS |
Three SG may contact you from time to time regarding servicing, invoices and general correspondence with regards to the system installed. At anytime you can opt out using our contacts page, email, telephone or post. |
Security Screening |
|
Screening Information |
Successful applicants to THREE SG are required to complete a security screening check before commencing employment with THREE SG. This process is outsourced to the National Security Screening Agency Ltd (NSSA), a THREE SG approved screening company. The NSSA collect personal data for the purpose of carrying out background screening on behalf of THREE SG employees. Successful applicants are asked to complete an NSSA security screening application form provided by the THREE SG. Applicants are asked to provide their current passport or a birth certificate, a driving license and a utility bill or bank statement with their current home address stated. These forms are checked and counter signed by the THREE SG and then forwarded to the NSSA. The NSSA will ask the applicant about their previous work experience, education, referee details, and for answers to the questions relevant to the role they have applied for. The NSSA will share the applicant’s name, date of birth and address history with third parties (the Criminal Disclosure and Barring Service and Equifax) where it is necessary to fulfill their contractual obligations to the applicant and to THREE SG, and where obliged to do so by law. Once the preliminary screening is successful, the applicant can then commence their employment with THREE SG. The THREE SG compiles a separate file relating to their employment containing the documentation listed above. The information contained in this is kept in a secure location and is password protected by the THREE SG and only used for purposes directly relevant to that person’s employment.
|
Information Retention |
If the employment is terminated or an employee resigns, THREE SG retains both the security screening and HR file for each individual file for 7 years before destruction. THREE SG will inform any third parties processing the data to remove it subject to data protection requirements.
|
Key holding Information |
|
CUSTODIAN MONITORING SERVICES |
Three SG will collect for key holding services:
This is for the identification of end users and to inform clients of alarm conditions and events relating to the system under contract.
|
Information Retention |
This information will be held for the length of the contract and deleted/erased 24 months after cancellation. For information regarding Custodian data policy please go to their website www.custodianmonitoring.com
|