Reflections Cleaning Services ltd is Firstly fully committed to full compliance. Hence the requirements of the General Data Protection Regulations. Secondly the Company will ensure that procedures are followed. In this case aim to ensure that all employees. As well as clients, sub-contractors and even consultants or other servants of the Company. Furthermore who have access to any personal data. In which held by or on behalf of the Company. Are fully aware and abide by their duties. Under the General Data Protection Regulations.
Statement of Policy
Because The Company needs to collect and use information about the people. Such as whom we work and conduct business with. In providing our services to our clients and those who provide the service.
These may include prospective ,current and past employees, suppliers of goods or services and our customers.
In addition, the Company may be required by law to collect and use information. In order to comply with UK legislative requirements. This personal information must be handled and dealt with correctly. By whatever means it is gathered and stored. On the other hand it may be paper or electronic and when no longer required. May be disposed of securely and promptly.
Therefore Reflections Cleaning Services Ltd, will not sell or pass on any personal information. To any organisation using the information for profit or gain. Unless required to do so by law. Under the current operating parameters of the Company no data will be knowingly transferred outside the United Kingdom.
Handling of personal/special category data
Furthermore Our data protection policy sets out our commitment to protecting personal data, and how we implement that commitment. In regards to the collection and use of personal data.
We are committed to:
- The data protection principles below.
- Meeting our legal obligations as laid down by the General Data Protection Regulations.
- That data is collected and used fairly and lawfully.
- Processing personal data only in order to meet our operational needs or fulfil legal requirements.
- Taking steps to ensure that personal data is up to date and accurate.
- Establishing appropriate retention periods for personal data.
- Ensuring that data subjects’ rights can be appropriately exercised.
- Providing adequate security measures to protect personal data.
- A nominated officer is responsible for data protection compliance, and provides a point of contact for all data protection issues.
- All staff are made aware of good practice in data protection.
- Providing adequate training for all staff responsible for personal data.
- That everyone handling personal data knows where to find further guidance.
- Queries about data protection, internal and external to the organisation, is dealt with effectively and promptly.
- Regularly reviewing data protection procedures and guidelines within the organisation.
- Ensuring that the rights of people whom we hold information. will be able to fully exercise their rights. Under the General Data Protection Regulations. These rights include:
- The right to be informed.
- Access to information.
- To request rectification.
- The right to request erasure.
- Restrict processing in certain circumstances.
- Data portability.
- Object to processing.
Data Protection Principles
Article 5 of the GDPR requires that personal data shall be:
A) Firstly processed fairly and lawfully in a transparent manner.
B) Secondly Collected for specific as well as explicit and legitimate purposes are not further processed. In a manner that is incompatible with those purposes. Therefore further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes. Shall not be considered to be incompatible with the initial purpose.
C) Thirdly adequate, relevant and limited to what is necessary. In terms of relation to the purposes for which they are processed.
D) Fourthly accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
E) Firstly kept in a form which can permit identification of data subjects for no longer than is necessary. In which the purpose for which the personal data are processed. Personal data may be stored for longer periods. If personal data will be processed solely for archiving purposes in the public interest. As well as scientific or historical research purposes and even statistical purposes. Which are subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights. As well as the freedoms of individuals.
F) To process in a manner. Which will ensure appropriate security of the personal data. As well as including protection against unauthorised or unlawful processing. And even against accidental loss. More so the destruction or damage. As well as the use of appropriate technical or organisational measures.
Finally the data controller shall be responsible for and able to demonstrate compliance with the principles.
Special category data is defined as personal data consisting of information as to:
- Racial or ethnic origin.
- Political opinion.
- Religious/philosophical belief.
- Trade union membership.
- Physical or mental health conditions.
- Sexual life or sexual orientation.
- Biometric data.
This statement has been approved by Reflections Cleaning Services Ltd. on 27/03/2019