POS DISPLAYS LTD aims to adhere to the requirements of the General Data Protection Regulations (GDPR) relating to the processing of personal data in manual and electronic records.
Personal data is information that relates to an identifiable person who can be directly or indirectly identified from that information. It may include information containing religious beliefs, an individual’s racial or ethnic origin, political opinions, trade union membership, physical or mental health, sexual orientation and criminal records.
Our commitment requires that personal data must be processed in line with the following basic data protection principles:
· It will processed fairly, lawfully and in a transparent manner:
· It will be collected for a specific, explicit, and legitimate purpose;
· It will be adequate, relevant and limited to what is necessary for the purposes of processing;
· It will be accurate and up to date. Every reasonable effort will be made to ensure that inaccurate data is rectified or erased with delay;
· It will not be kept for longer than is necessary for its given purpose;
· It will be processed in line with the rights of the individual;
· It will be processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures;
· It will comply with the relevant GDPR procedures for international transferring of personal data.
This includes where third parties process data on behalf of POS DISPLAYS LTD.
DATA STORAGE AND TRANSFER
Whether stored manually or electronically, personal data will be secure as far as is practicable.
POS DISPLAYS LTD aims to ensure that manual files holding personal data are securely held with locks and only those who should have access retain the key. In the case of computerised records
POS DISPLAYS LTD will ensure that strong passwords are established to limit unauthorised access and all laptops that are taken offsite will contain necessary information only. Encrypted systems will be used where necessary. Data will not be held for longer than is necessary. Arrangements for the secure disposal of both paper and electronic records have been established.
All forms of data transfer and storage must be approved by management prior to their use if not supplied by POS DISPLAYS LTD. Devised such as, floppy disks, memory sticks, USB memory modules, internal and external CD and DVD writers should be considered prohibited unless explicit management consent has been provided.
The Transmission of any data from any internal source to a personal computer or storage device is not permitted.
DISCLOSURE OF DATA
POS DISPLAYS LTD will only disclose information when an individual has provided their express consent, where we are legally obliged to do so or when there is a business requirement to disclose data that is within the remit of the legislation e.g. for any employee benefits operated by third parties, for statutory payment purposes, for HR management and administration and so forth.
You must check fax numbers and email addresses carefully before sending any information. If a fax or email containing sensitive material is sent to the wrong address, you must inform management immediately.
SUBJECT ACCESS REQUESTS
You have the right to be informed whether POS DISPLAYS LTD processes personal data relating to you and to access such data by submitting a written request is manifestly unfounded, excessive or repetitive, or unless a request is made for duplicate copies to provide to third parties.
POS DISPLAYS LTD will respond to a request without delay. Access to data will be provided, subject to legally permitted exceptions, within one month as a maximum. This may be extended by a further two months where requests are complex or numerous.
You must inform POS DISPLAYS LTD immediately if you believe that the data is inaccurate, either as a result of a subject access request or otherwise. POS DISPLAYS LTD will take immediate steps to rectify the information.
If a data breach is likely to result in a risk to the rights and freedoms of individuals, it must be reported to the Information Commissioners Office (ICO) with 72 hours of POS DISPLAYS LTD becoming aware of it. As such, you must report any breaches to a member of management immediately.
Individuals will be informed directly in the event that the breach is likely to result in a high risk to the rights and freedoms of that individual.
If the breach is sufficient to warrant notification to the public, POS DISPLAYS LTD will arrange this without undue delay.
This policy and the related procedures run in conjunction with our Equal Opportunities Policy and anyone who feels that they have been unfairly treated should follow the Grievance Procedure.
Many thanks & best Regards
POS DISPLAYS LTD