Data Protection & Personal Records
We recognise the importance of respecting the privacy of anyone who works for the company and the need to build in adequate safeguards during the collection, storage and processing of employees’ personal data. This applies to both paper and computer-based records.
Our clients expect the same, if not higher, levels of protection and employees will be required to sign and abide by Non-Disclosure Agreements and Confidentiality Statements during the term of their employment. Any breaches will be dealt with through our disciplinary procedures.
Data protection law
The Data Protection Act 1998 describes how organisations, including ours, must collect, handle, and store personal and sensitive information. These rules apply regardless of whether data is stored electronically, on paper or any other materials or means. To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully.
The Data Protection Act is underpinned by eight important principles. These say that personal data must be:
Processed fairly and lawfully
Obtained only for specific, lawful purposes
Adequate, relevant and not excessive
Accurate and kept up-to-date Not held for any longer than necessary
Processed in accordance with the rights of data subjects
Protected in appropriate ways
Not transferred outside the European Economic Area (EAA) unless that country or territory also ensures an adequate level of protection.
The term ‘personal data’ means any information affecting the privacy of a current or past employee. The main reasons for collecting and storing information are to:
Meet our needs as an employer.
Comply with statutory requirements.
Comply with our contractual obligations.
We hold information on computer electronically and in manual filing systems for:
Recruitment, promotion and training.
Pay information (this includes details of the bank or building society accounts for salary transfers and the payment of expenses).
Certain benefits including sick pay and pensions.
Contacting someone in an emergency.
Meeting requests from HMRC and the Department for Work and Pensions, benefit agencies and other public authorities.
Grievance and disciplinary purposes.
Providing references or information to financial institutions and potential employers
Guiding management and business decisions (such as succession and manpower planning)
The following categories will only be held on file for specific legitimate purposes:
Ethnic origin, which will be collected strictly for statistical purposes in connection with ethnic monitoring under the Commission for Racial Equality’s code of practice.
The processing of data concerning health in order to comply with the Equality Act 2010 and health and safety legislation.
Access to your personal information will only be granted to the following:
Policies and Procedures
Access to your own records Under the Data Protection Act 1998
All employees have the right to request reasonable access to their personal data held on a computer and manually. Your pay and personnel records held on the computer, together with details about your personal credit arrangements with the company, are available on request.
Personal files in paper form may be examined. You have the right to ask for your personal data to be amended, provided that you can show there is:
A factual error.
A necessary update.
An important document is missing.
Employees will generally not be able to see information that might also refer to another member of staff without their knowledge or consent since this might breach their right to confidentiality.