Introduction:
Personal data is any information, paper documents, digital records, photos or video footage from which individuals can be identified. Under UK General Data Protection Regulation (GDPR) and the data Protection Act 2018, the definition of personal data is more detailed than the previous Data Protection Act (DPA) definitions. It includes a wider range of personal identifiers which constitute personal data, reflecting the changes in technology since DPA legislation came into force and the developed ways organisations now collect information about people.
In essence, GDPR takes into account how technology has progressed since 1998 and its wider, extensive use by all organisations.
GDPR applies to both automated personal data and manual filing systems where personal data is accessible.
Under GDPR all businesses must be able to demonstrate how they comply with the law.
Information Commissioners Office data protection registration number ICO:00012139478
Lawful bases for processing data:
There are six lawful bases in order to process data:
Consent: Where an individual has given clear consent for the use of their personal data for a specific purpose as detailed earlier;
Contract: Where processing is necessary to fulfil a contract in place with an individual or prior to entering into the contract where the individual has requested this action to be taken;
Legal obligation: Where the processing is necessary for compliance with the law (this does not include contractual obligations);
Vital interests: The processing is necessary to protect someone’s life
Public task: The processing is necessary to perform a task in the public interest or for official functions, and the task or function has a clear basis in law.
Legitimate interests: where the processing is necessary for legitimate interests.
At Pollard Safety Services Ltd our legal basis for processing data falls mainly under: Consent, Contract, and Legal requirement.
Key Roles:
|
Data Controller: The legal body which determines the purpose and means of the processing of personal data. |
Managing Director of Pollard Safety Services Ltd |
|
Data Protection Officer: A mandatory role for all organisations responsible for overseeing the data protection strategy and implementation to ensure compliance and educating employees on important compliance requirements. |
Managing Director of Pollard Safety Services Ltd |
|
Data Processor: Anyone who processes data on behalf of the Controller. In practice this means anyone responsible for data management, processing and/or who has access to personal data. |
Administrator Managing Director Associates and Consultants |
The Information We Collect
We collect various types of information in connection with the services including:
• Commercial information you provide directly to us.
• Personal or commercial specific information we collect in respect of the advice we are providing you.
• Information we may obtain from third party sources.
• Electronic data relating to our website e.g., cookies.
• Information relating to employees and associates of the business.
Use and Sharing of Information
We use the information we collect:
• To provide the service you request.
• To understand more about situations and your business so we can offer you the most comprehensive professional service.
• To ensure legal compliance on your behalf.
• To customise the service, we provide you.
• To store information relating to regulation.
• To deal with any complaints and to improve our services.
We may share information with:
• Affiliates – companies who help us provide competent advice.
• Service providers – companies that provide services on behalf of us.
• Law enforcement – when we are legally required to do so, or on your behalf when requested.
Managing Information:
We manage our data information by:
• Asking consent when processing a person’s information.
• Holding a register of what personal data types is held and the document title/type of document.
• Identifying where data is distributed to third parties.
• Considering and assessing the reason for possessing the personal data.
• Clarifying the risk level which comes with holding personal data (breach of data security legislation,
complaints or claims from individuals who feel their personal data has been inappropriately used or
shared etc).
• Ensuring that the data is stored securely, electronically and is not accessible to anyone, including
inadvertently as far as is reasonably practicable.
• Obeying the data retention policies within the organisation.
• Deleting data that our business no longer has a use for.
Your Rights and Requests Concerning Your Personal Data
We will process and manage all your Personal Data in line with your rights to:
• request access to any data we hold about you;
• prevent the processing of your Personal Data for direct-marketing purposes, if so instructed;
• ask to have inaccurate Personal Data amended;
• be forgotten, and have all relevant Personal Data erased (subject to our overriding legal obligations);
• prevent processing which is likely to cause damage or distress to you or anyone else;
• request certain restrictions on the processing of your Personal Data;
• receive a copy of your Personal Data and/or request a transfer of your Personal Data to another Data Controller;
• not be subject to automated decision making;
• be notified of a data security breach which affects your rights and freedoms, without undue delay;
• if you have provided your express consent that your Personal Data may be processed for marketing and advertising purposes, you are entitled to withdraw that consent. Such a withdrawal will not affect any processing of the data completed before consent was withdrawn; and
• to make certain requests to us concerning how your Personal Data is managed.
Access and portability requests
You are entitled to request access to your Personal Data unless providing a copy would adversely affect the rights and freedoms of others.
You can also request information about the different categories and purposes of data processing; recipients or categories of recipients who receive your Personal Data, details on how long your Personal Data is stored for, information on your Personal Data’s source and whether the Data Controller uses automated decision-making.
You also have “Data Portability” rights which includes the right to request a copy of your Personal Data be sent to you or transmitted to another Data Controller.
Correction requests
You are entitled to request we correct or complete your inaccurate or incomplete Personal Data without undue delay, and we will update the information and erase or correct any inaccuracies as required.
Erasure requests
You can exercise your “right to be forgotten” and can request we erase your Personal Data. Once receiving a request, we must erase the Personal Data without delay, unless an exception applies that permits us to continue processing your data. Details of such exceptions are contained in the Enactments and include situations where we might need to retain the information to carry out our official duties and/or comply with legal obligations and/or for the establishment of exercising or defending legal claims, or it is in the public interest to retain your Personal Data.
Restriction requests
You may request restrictions be applied to the processing of your Personal Data for some specific reasons such as you contest the accuracy of the data, the processing is unlawful or if we no longer need to process your Personal Data. You can also request restrictions be applied if the processing is being done for public interest or third-party reasons.
If such a request is received, we can continue to store your Personal Data, but may only process it under certain circumstances, such as: you give consent for us to continue processing your data, we need to establish, exercise, or defend legal claims or we need to protect the rights of another individual or legal entity or for important public interest reasons.
Objection requests
You may also object to your Personal Data being processed under certain circumstances, including for direct marketing purposes and profiling related to direct marketing.
If we receive such an objection, we will stop processing your Personal Data unless we can show a compelling legitimate ground for processing your Personal Data which overrides your interests and the basis of your request.
If you wish to exercise any of your rights outlined above, please contact us by:
Email catherine@pollardsafetyservices.co.uk
Phone 07956 552343
Address 4 Honeysuckle Close, Darfield, Barnsley, S73 9JT
Responding to your requests
If we have reasonable doubts about the identity of a person making any request, we may request additional information to confirm the identity.
When responding to written requests Personal Data will only be disclosed if we can confirm the identity of the sender and/or sufficient supporting evidence is provided by the sender establishing their identity.
Upon receiving a request from you concerning your Personal Data, we will respond within one month of receiving the request by email (unless you request a response in an alternative format).
If we are unable to immediately comply with your request, we will inform you within our response stating whether we need to extend our response time (for up to a maximum of two months), along with an explanation for the delay.
If we do not take any action within one month after receiving your request, you are entitled to request an explanation from us as to why no action was taken and you may make a complaint to the ICO: Information Commissioner’s Office – casework@ico.org.uk
Signed: C. Pollard Dated: 7th July 2023
Privacy Policy Information Management Register
|
Personal Data held |
Documents holding: |
Reason for processing |
Third party’s information is shared with |
Severity |
Likelihood |
Rating |
How is it kept secured |
|
Occupational health reports |
Names, titles, addresses, medical conditions, personal limitations, treatments. |
To aid companies to carry out risk assessments, make reasonable adjustments and implement adequate control measures within their workplace for legal compliance. |
Medical professionals, HSE, Local Authority professionals, SSIP accredited schemes, authorised company personnel. |
H |
M |
M |
Only electronic copies are maintained where necessary.
Paper copies are shredded and disposed of as confidential waste.
Remote workers are trained and instructed as part of their terms to enable them to understand what personal data is and to ensure that all paper copies are shredded and disposed of as confidential waste.
Electronic copies are maintained on individual computers that are password protected. |
|
Risk assessments relating to those with limitations (medical, physical, sensory, learning or mental health) |
Names, titles, medical conditions and limitations, treatments. |
To aid companies to implement adequate control measures or make reasonable adjustments within their workplace for legal compliance. |
Medical professionals, HSE, Local Authority professionals, SSIP accredited schemes, authorised company personnel. |
H |
L |
M |
|
|
Highly confidential data such as witness statements following accidents |
Names, titles, addresses, dates, times, photographs and locations. |
To aid companies to carry out full and balanced investigations to enable them to fulfil their legal duties. |
Medical professionals, HSE, Local Authority professionals, SSIP accredited schemes, authorised company personnel, Insurers, Law |
H |
M |
H |
|
|
Accident reports |
Names, titles, address, dates, times, injury details, personally declared medical conditions or limitations, photographs and locations. |
To aid companies to report where legally required, to carry out investigations or risk assessments, make reasonable adjustments, implement adequate control measures within their workplace for legal compliance. |
Medical professionals, HSE, Local Authority professionals, SSIP accredited schemes, authorised company personnel, Insurers. |
H |
L |
L |
|
|
Insurance claims and associated reports |
Names, titles, addresses, dates, times, photographs and locations. |
To aid companies to report in compliance with legal obligations. To carry out investigations, risk assessments, make reasonable adjustments, implement adequate control measures within their workplace for legal compliance. |
Medical professionals, HSE, Local Authority professionals, SSIP accredited schemes, authorised company personnel, Insurers. |
H |
L |
M |
|
Complaints from workers regarding health, safety or environmental workplace conditions. |
Names, titles, addresses, dates, times, photographs and locations. |
To aid companies to report where legally required, to carry out investigations or risk assessments, make reasonable adjustments, implement adequate control measures within their workplace for legal compliance. |
Medical professionals, HSE, Local Authority professionals, SSIP accredited schemes, authorised company personnel. |
H |
L |
L |
Remote workers store, review then return proofed documents via email with the |
|
Health and Safety Advice, Training and Inspection documents. |
Names, titles, dates, signatures, site information and observations. |
To aid companies to work and improve in compliance with legal obligations. To carry out investigations, risk assessments, make reasonable adjustments, implement adequate control measures within their workplace for legal compliance. |
Medical professionals, HSE, Local Authority professionals, SSIP accredited schemes, authorised company personnel. |
H |
M |
H |
Backup copies are secured on a Cloud server which is password protected.
Competent third parties – e.g HR consultants, Insurers, GDPR advisers, accountants assist in providing competent advice and guidance on the use, storage and handling of |
|
Employee’s information relating to work and employment |
Names, titles, address, dates, times, injury details, personally declared medical conditions or limitations, photographs and locations. |
To ensure adequate information is gained to help manage the health and safety of employees. To ensure legal compliance. |
HR professionals, medical professionals, HSE, Local Authority professionals, Insurers. |
H |
M |
H |
|
|
Electronic data e.g., emails and website cookies. |
Names, titles, dates, signatures, site information and observations. |
To record conversation emails to help provide a service to you. To track how customers use our website for marketing purposes. |
Medical professionals, HSE, Local Authority professionals, SSIP accredited schemes, authorised company personnel. Our marketing team. |
H |
L |
M |