GDPR Policy

Accio Consult & Construct Ltd

GDPR Personal Data Information

May 2018
 

Employment

The following personal data may be collected, held, and processed by the Company for the purpose of the employment of the data subject:

  1. Name;
  2. Address;
  3. A photocopy of your passport for ID purposes;
  4. Application form (including telephone numbers; work history and qualifications)
  5. CV
  6. Personnel forms completed by the data subject through the course of their employment
  7. Bank and salary details;
  8. References
  9. Appraisal records
  10. Absence and sickness records
  11. Disciplinary records

After the data subjects employment ends, their personal data will be stored for a period of 6 years.         This is the recommended period as it covers the time limit for bringing any civil legal action.     

Third Parties

The following third parties may receive some personal data in relation to the employment of the data subject:

  • Payroll
  • Pension
  • Healthcare
  • Insurers
  • Car rental/leasing companies

Data Protection Measures

The Company shall ensure that all its employees, agents, contractors, or other parties working on its behalf comply with the following when working with personal data:

  1. Where any personal data is to be erased or otherwise disposed of for any reason (including where copies have been made and are no longer needed), it should be securely deleted and disposed of. Hardcopies should be shredded, and electronic copies should be deleted securely.
  2. Personal data may be transmitted over secure networks only; transmission over unsecured networks is not permitted in any circumstances;
  3. Where Personal data is to be transferred in hardcopy form it should be passed directly to the recipient or sent using recorded delivery;
  • No personal data may be shared informally and if an employee, agent, sub-contractor, or other party working on behalf of the Company requires access to any personal data that they do not already have access to, such access should be formally requested from Stephen Casey who can be contacted at stephen@acciocandc.com;
    1. All hardcopies of personal data, along with any electronic copies stored on physical, removable media should be stored securely in a locked box, drawer, cabinet or similar;
  • No personal data may be transferred to any employees, agents, contractors, or other parties, whether such parties are working on behalf of the Company or not, without the authorisation of Stephen Casey who can be contacted at stephen@acciocandc.com;
    1. Personal data must be handled with care at all times and should not be left unattended or on view to unauthorised employees, agents, sub-contractors or other parties at any time;
    2. If personal data is being viewed on a computer screen and the computer in question is to be left unattended for any period of time, the user must lock the computer and screen before leaving it;
    3. Personal data may only be transferred to devices belonging to agents, contractors, or other parties working on behalf of the Company where the party in question has agreed to comply fully with the letter and spirit of this Policy and of the Regulation (which may include demonstrating to the Company that all suitable technical and organisational measures have been taken);
    4. All data stored on the Company server is backed up every day and it is encrypted;
    5. All passwords used to protect personal data should be changed every 6 months and should not use words or phrases that can be easily guessed or otherwise compromised. All passwords must contain a combination of uppercase and lowercase letters, numbers, and symbols;
    6. Under no circumstances should any passwords be written down or shared between any employees, agents, contractors, or other parties working on behalf of the Company, irrespective of seniority or department. If a password is forgotten, it must be reset using the applicable method;

 

Organisational Measures

The Company shall ensure that the following measures are taken with respect to the collection, holding, and processing of personal data:

  1. All employees, agents, contractors, or other parties working on behalf of the Company shall be made fully aware of both their individual responsibilities and the Company’s responsibilities under the Regulation and under this Policy, and shall be provided with a copy of this Policy;
  2. Only employees, agents, sub-contractors, or other parties working on behalf of the Company that need access to, and use of, personal data in order to carry out their assigned duties correctly shall have access to personal data held by the Company;
  3. All employees, agents, contractors, or other parties working on behalf of the Company handling personal data will be appropriately trained to do so;
  4. All employees, agents, contractors, or other parties working on behalf of the Company handling personal data will be appropriately supervised;
  5. Methods of collecting, holding and processing personal data shall be regularly evaluated and reviewed;
  6. The performance of those employees, agents, contractors, or other parties working on behalf of the Company handling personal data shall be regularly evaluated and reviewed;
  7. All employees, agents, contractors, or other parties working on behalf of the Company handling personal data will be bound to do so in accordance with the principles of the Regulation and this Policy by contract;
  8. All agents, contractors, or other parties working on behalf of the Company handling personal data must ensure that any and all of their employees who are involved in the processing of personal data are held to the same conditions as those relevant employees of the Company arising out of this Policy and the Regulation;
  9. Where any agent, contractor or other party working on behalf of the Company handling personal data fails in their obligations under this Policy that party shall indemnify and hold harmless the Company against any costs, liability, damages, loss, claims or proceedings which may arise out of that failure.

There will be no transfers of personal data to non-EEA countries.

The Company’s Data Protection officer is Stephen Casey who can be contacted at stephen@acciocandc.com