What personal data do you hold?
Customer: name, home address and email address
Staff: name, address, bank details, national insurance number, date of birth and next of kin
Where is the data kept?
Customer information: Data base on computer and hard copies of invoices in office
Staff: Hard copy in office
Who has access to the data?
Customer: Mark, Paul and Wendy
Staff: Mark and Wendy
Why do they have access?
Customer: to process invoices and keep customers updated with reminders and offers
Staff: Mark and Wendy: to process payments and be able to maintain a contract of employment.
Changes to be made:
New form for customers to complete if they would like us to hold their information
Information older than 6 years to be shredded securely – for both staff and customers
New paragraph regarding data protection to be added to contracts of employment for staff and within handbook.
Employee's personal data
The Company will collect and process information relating to you in accordance with the privacy notice which is [on the intranet OR annexed to this Agreement]. The Employee is required to sign and date the privacy notice, and return to [HR OR NAME OF MANAGER].
Employee's responsibilities when handling personal data
You shall comply with the Privacy standard when handling personal data in the course of your employment including personal data relating to any employee, customer, client, supplier or agent of the Company. You will also comply with the Company's IT and communications systems policy, data protection policy [ANY OTHER POLICY].
Failure to comply with the Privacy standard or any of the policies listed above in Clause 2.1 may be dealt with under our disciplinary procedure and, in serious cases, may be treated as gross misconduct leading to summary dismissal.
As some of you are aware the new data protection laws are coming into effect from Friday 25th May 2018 with the EU’s General Data Protection Regulation (GDPR). We can assure you we are committed to collecting and using personal data fairly and in accordance with the requirements for the GDPR. We have your details on a database as a past customer or a prospective customer and would like you to verify if you’re happy to receive communications regarding this to help comply with the GDPR consent requirements. By opting in you will receive the service providing reminders for your MOT and Service and information regarding our business and offers that we may have. You have the right to withdraw your consent at any time.