Modern Slavery Act


Privacy Policy & GDPR Statement
Privacy Policy & GDPR Statement

Issue Date: 13/02/2021
Approved by: MD

Contents

Introduction
Information covered by the Regulation Data Protection Principles
Conditions
Individual’s rights
Legal requirements
No commercial disposal to third parties Disposal of hard copy data
Disposal of digital data
Data Breaches
Our commitment to data protection Further Information

Introduction
In order to operate efficiently, we must collect information about people with whom we work. These may include members of the public, current, past, and prospective employees, and suppliers. In addition, we may be required by law to collect and use information in order to comply with the requirements of contracts held with local authorities.

This personal information must be handled and stored properly under the Data Protection Act 1998 (‘the Act’) which has been superseded by the General Data Protection Regulation May 2018 and DPA 2018. The Act laid out the way that we handle ‘data’ that we collect in the course of carrying out our functions and the rights given to people whose ‘data’ we may hold. The regulation goes further in its requirements for transparency and individual’s rights, emphasis on the documentation that must be kept to demonstrate accountability and how the company manages data protection as a corporate issue.

We consider that the correct treatment of data is integral to our successful operations and maintaining trust of the persons we deal with. We fully appreciate the underlying principles of the Regulation, supporting and adhere to their provisions.

We are registered with the Information Commissioner to process personal data. We are named as a data controller under the register kept by the Information Commissioner in accordance with section 19 of the Act.

This document is proprietary and confidential. No part of this document may be disclosed in any manner to a third party without the prior written consent of the document owner. Electronic Master. Printed copies will not be kept up to date.

Information covered by the regulation.
The regulation uses the term ‘data’. For information held by Bennett’s Vehicle Services, data essentially means any recorded information held by us and from which a living individual can be identified. It will not include a variety of information including names, addresses, telephone numbers, photographs of people and other personal details. It will include any expression of opinion about a living individual or any indication of our intentions about that individual.

Data protection principles
We will comply with the eight enforceable data protection principles by making sure that data is:

  1. Fairly and lawfully processed.

  2. Processed for limited purposes.

  3. Adequate, relevant, and not excessive

  4. Accurate and kept up to date.

  5. Not kept longer than necessary and then disposed of in an appropriate manor.

  6. Processed in accordance with the individual’s rights.

  7. Secure.

  8. Not transferred to countries outside the European Economic area unless the country

    to which the data is to be transferred has adequate protection for the individuals.

Conditions
We will ensure that at least one of the following conditions is met before we process any personal data:

  1. The individual has consented to the processing.

  2. The processing is necessary for the performance of a contract with the individual.

  3. The processing is required under a legal obligation (other than one imposed by a contract)

  4. The processing is necessary to protect vital interests of the individual.

  5. The processing is necessary to carry out public functions e.g. administration of justice

  6. The processing is necessary in order to pursue our legitimate interest or those of third parties (unless it could unjustifiably prejudice the interests of the individual)

Under the Regulation, one of a set of additional conditions must be met for ‘sensitive personal data’. This includes information about the radical or ethnic origin, political opinions, religious and other beliefs, trade union membership, physical or mental health condition, sex life, criminal proceedings or convictions. We will ensure that one of the following additional conditions is met before we process any sensitive personal data:

Individual’s rights
We will ensure that individuals are given their rights under the Regulation including:

  • The right to obtain their personal information from us except in limited circumstances.

  • The right to ask us not to process personal data where it causes substantial unwarranted damage to them or anyone else.

  • The right to claim compensation from us for damage and distress caused by ant breach of the Regulation.

  • The right to request that their personal data be removed / deleted from our system.

  • Legal Requirements

While it is unlikely, Bennett’s may be required to disclose your user data by a court order or to comply with other legal requirements. We will use all reasonable endeavours to notify you before we do so unless we are legally restricted from doing so.

No commercial disposal to third parties
We shall not sell, rent, distribute or otherwise make user data commercially available to any third party, except as described above or with your prior permission.

Disposal of Hard Copy Data
Any hard copy of data (paperwork) that is no longer required where it has reached the end of its specified retention date or has been requested to be destroyed with the appropriate authorisation will be disposed of in a manner that it will make it no longer legible or useable.

Disposal of Digital Data
Any digital data that is no longer required where it has reached the end of its specified retention date or has been requested to be a delated with the appropriate authorisation will be removed from our system /main frame so that it will be irretrievable.

Data Breaches
When a personal date breach is detected and where it could result in discrimination. Damage to a reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage then the ICO will be notified within 72 hours of the breach being detected and if it results in a high risk to the rights and freedoms of individuals then those concerned will be notified directly.

Our Commitment to data protection
We will ensure that:

  • Everyone managing and handling personal information understands that they are responsible for following good data protection practice.

  • There is someone with specific responsibility for data protection in the organisation.

  • Staff who handle personal information are appropriately supervised and trained.

  • Queries about handling personal information are promptly and courteously dealt with

  • People know how to access their own personal information.

  • Methods of handling personal information are regularly assessed and evaluated any disclosure of personal information will be in compliance with approved procedures.

  • We take all necessary steps to ensure that personal data is kept secure at all, times against unauthorised or unlawful loss or disclosure.

  • All contractors who are users of personal information supplied by Hybrids will be required to confirm that they will abide by the requirements of the Regulation with regards to information supplied by us.

    Further Information

    The Information Commissioner – www.informationcommissioner.gov.uk



To Deliver Excellence
To Deliver Excellence

Genuine Security Services
Equipped To Protect