Data Protection Policy

 

Data Protection Policy

Introduction:

Salko UK Ltd is required to maintain certain personal data about current, past and prospective employees, clients, customers, and suppliers. In addition, it may be required by law to collect and use information in order to comply with the requirements of relevant third parties; for the purposes of satisfying operational and legal obligations.

Salko UK Ltd recognises the importance of the correct and lawful treatment of personal data. It maintains confidence in the organisation and provides for successful operations.

This personal data, whether it is held on paper, on computer or other media, will be subject to the appropriate legal safeguards as specified in the General Data Protection Regulations (GDPR) 2016.

Salko UK Ltd fully endorses and adheres to the eight principles of the Data Protection Act. These principles specify the legal conditions that must be satisfied in relation to obtaining, handling, processing, transportation, and storage of personal data.

Employees and any others who obtain, handle, process, transport, and store personal data for Salko UK Ltd must adhere to these principles and this policy. Please note that breaches to data security may be considered as Gross Misconduct and therefore if proven the Company may have to consider an individual’s summary dismissal from the Company.

Principles:    The principles require that personal data shall:

  1. Be processed fairly and lawfully and shall not be processed unless certain conditions are met.
  2. Be obtained for a specified and lawful purpose and shall not be processed in any manner incompatible with that purpose.
  3. Be adequate, relevant, and not excessive for those purposes.
  4. Be accurate and, where necessary, kept up to date.
  5. Not be kept for longer than is necessary for that purpose.
  6. Be processed in accordance with the data subject’s rights.
  7. Be kept secure from unauthorised or unlawful processing and protected against accidental loss, destruction, or damage by using the appropriate technical and organisational measures.
  8. And not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Satisfaction of principles:   In order to meet the requirements of the principles, Salko UK Ltd will:

  • observe fully the conditions regarding the fair collection and use of personal data.
  • meet its obligations to specify the purposes for which personal data is used.
  • collect and process appropriate personal data only to the extent that it is needed to fulfil operational or any legal requirements.
  • ensure the quality of personal data used.
  • apply strict checks to determine the length of time personal data is held.
  • ensure that the rights of individuals about whom the personal data is held, can be fully exercised under the Act.
  • take the appropriate technical and organisational security measures to safeguard personal data.
  • And ensure that personal data is not transferred abroad without suitable safeguards.

Salko UK Ltd Designated Data Controller

The Company’s Office and HR Manager is responsible for ensuring compliance with the Data Protection Act and implementation of this policy on behalf of the Managing Director.

Salko UK Ltd is registered with The Information Commissioner’s Office under registration reference ZA197075.

Status of the policy

This policy has been approved by the MD, and any breach will be taken seriously and may result in formal action. Any employee / Operative who considers that the policy has not been followed in respect of personal data about themselves should raise the matter with the HR Manager in the first instance.

Subject access

All individuals who are the subject of personal data held by Salko UK Ltd are entitled to:

  • Ask what information Salko UK Ltd holds about them and why.
  • Ask how to gain access to it.
  • Be informed how to keep it up to date.
  • Be informed what Salko UK Ltd is doing to comply with its obligations under the General Data Protection Regulations (GDPR) 2016.

Employee / Operative responsibilities: All employees / Operative is responsible for:

  • Checking that any personal data that they provide to Salko UK Ltd is accurate and up to date.
  • Informing Salko UK Ltd of any changes to information which they have provided, e.g., changes of address.
  • Checking any information that Salko UK Ltd may send out from time to time, giving details of information that is being kept and processed.

Data security: The need to ensure that data is kept securely means that precautions must be taken against physical loss or damage, and that both access and disclosure must be restricted. All staff are responsible for ensuring that:

  • Any personal data that they hold is kept securely.
  • Personal information is not disclosed either orally or in writing or otherwise to any unauthorised third party. Please note that you can be liable to prosecution if you deliberately give out personal details without permission.
  • They do not send offensive emails about other people, their private lives, or anything else that could bring the Company’s name into disrepute.

Whenever you are unsure of what is required or you otherwise need guidance in data protection, you should consult HR.

Reporting a Security Breach or Loss of Personal Data

If you are aware or suspect that there has been a security breach or a loss of personal data, then you need to notify the HR Manager as soon as possible so this issue can be investigated.

Rights to access information

Employees and other subjects of personal data held by Salko UK Ltd have the right to access any personal data that is being kept about them on computer and have access to paper-based data held in certain manual filing systems. This right is subject to certain exemptions that are set out in the Data Protection Act. Any person who wishes to exercise this right should make the request in writing to HR.

If personal details are inaccurate, they can be amended upon request.

Salko UK Ltd aims to comply with requests for access to personal information as quickly as possible but will ensure that it is provided within 40 days of receipt of request unless there is good reason for delay. In such cases, the reason for delay will be explained in writing to the individual making the request.

Sometimes it is necessary to access individual business communications during their absence, for example, when they are off during illness or while on holiday. Unless mailbox settings are such that the individuals who need to do this already have permission to view other inboxes.

Access may also be granted in very limited circumstances subject to compliance with any legal requirements to access email marked PERSONAL. Examples are when we have reasonable suspicion that they may reveal evidence of unlawful activity; including instances where there may be a breach of this Policy and or a Contract within the Salko UK Ltd.

Publication of Salko UK Ltd information

Information that is already in the public domain is exempt from the General Data Protection Regulations (GDPR) 2016. This would include, for example, information on staff contained within externally circulated publications. Any individual who has good reason for wishing details in such publications to remain confidential should contact the Office and HR Manager.

Subject consent

The need to process data for normal purposes has been communicated to all data subjects. In some cases, if the data is sensitive, for example information about health, race or gender, express consent to process the data must be obtained.

Retention of data

Salko UK Ltd will keep some forms of information for longer than others. All staff are responsible for ensuring that information is not kept for longer than necessary and in line with company operating procedures, below is an overview of general record retention periods and where further guidance may be obtained in relation to the records.

Type of record Retention period Format
Accident /Investigation Reports 4 years after end of investigation Electronic/

Hard

Health Safety and Environment Records In line with Company Management Systems Electronic
General File Share As defined by Business Departmental Head in order to fulfil business operational requirements/in line with operational procedures Electronic
  Email Accounts Deleted 3 months after staff leave unless request submitted to IT to retain Electronic
CVs and job applications (not recruited) 6 months after notification Electronic/ Hard
Disciplinary records 6 years following end of employment Electronic
TUPE In line with Company Management Systems Electronic
     
Staff Personnel files 6 years following end of employment Electronic/ Hard
Redundancy records 6 years after redundancy Electronic/ Hard
Sickness/Maternity/Adoption and Paternity Pay 3 years after the end of the tax year they relate to Electronic/ Hard
Wage/Salary (overtime, bonus, expenses) 6 years Electronic
Contractual/Client/Supplier information 5 years from when the business relationship ceases Electronic
CCTV footage As defined within operational controls Electronic

 

 

Steve Mason                                   

Managing Director                                                                                    24th January 2024

 

Changes to the Date Protection Regulations – implementation of the revised EU General Data Protection Regulations (GDPR) – EU 2016/679 that came into force on the 25th May 2018

Get in touch

Get in touch with our team at Salko UK

For a clear, honest appraisal of your next project. Just give us a call to get started on 01430 431977