Get Insite, On Site..... Today!
This Policy sets out the obligations of ForeFront Scaffold Solutions Limited & Insite International (“ForeFront & Insite”) (“the Companies”) regarding data protection and the rights of its employees, contractors and clients (“data subjects”) in respect of their personal data under the General Data Protection Regulation (“the Regulation”).
The Regulation defines “personal data” as any information relating to an identified or identifiable natural person (a data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
This Policy sets out the procedures that are to be followed when dealing with personal data. The procedures and principles set out herein must be followed at all times by the Company, its employees, agents, contractors, or other parties working on behalf of the Company.
The Company is committed not only to the letter of the law, but also to the spirit of the law and places high importance on the correct, lawful, and fair handling of all personal data, respecting the legal rights, privacy, and trust of all individuals with whom it deals.
This Policy aims to ensure compliance with the Regulation. The Regulation sets out the following principles with which any party handling personal data must comply. All personal data must be:
The Regulation seeks to ensure that personal data is processed lawfully, fairly, and transparently, without adversely affecting the rights of the data subject. The Regulation states that processing of personal data shall be lawful if at least one of the following applies:
The Company will only collect and process personal data for and to the extent necessary for the specific purpose(s) informed to data subjects as under Part 4, above.
The Company shall ensure that all personal data collected and processed is kept accurate and up-to-date. The accuracy of data shall be checked when it is collected and at regular intervalls thereafter. Where any inaccurate or out-of-date data is found, all reasonable steps will be taken without delay to amend or erase that data, as appropriate.
The Company shall not keep personal data for any longer than is necessary in light of the purposes for which that data was originally collected and processed. When the data is no longer required, all reasonable steps will be taken to erase it without delay. Retention Periods are defined in the company’s Retention Policy.
The Company shall ensure that all personal data collected and processed is kept secure and protected against unauthorised or unlawful processing and against accidental loss, destruction or damage. Further details of the data protection and organisational measures which shall be taken are provided in Parts 18 and 19 of this Policy.
The Company shall carry out Privacy Impact Assessments when and as required under the Regulation. Privacy Impact Assessments shall address the following areas of importance:
The Regulation sets out the following rights applicable to data subjects:
The Company shall ensure that all its employees, agents, contractors, or other parties working on its behalf comply with the following when working with personal data:
The Company shall ensure that the following measures are taken with respect to the collection, holding, and processing of personal data:
This Policy shall be deemed effective from 25th May 2018. No part of this Policy shall have retrospective effect and shall thus apply only to matters occurring on or after this date.
get in touch now!