| Policy information | |
|---|---|
| Portapura | The board of directors have agreed that The Managing Director determines the purposes for which and the manner in which any personal data are held, or are to be processed. |
| The scope of policy | The policy applies to all sites and offices the Managing Director is responsible for. Portapura has instructed our agencies to ensure full compliance with all and future UK & EU legislation |
| Policy operational date | The policy will be reviewed every 3 years |
| Policy prepared by | The Directors of Portapura Industries |
| Date approved by Board/ Management Committee | This policy was approved on the 22nd January 2018 |
| Policy review date | Review December 2020 |
| Introduction | |
|---|---|
| Purpose of policy | Portapura has introduced this policy:complying with the lawfollowing good practiceprotecting clients, staff and other individualsprotecting the organisation |
| Types of data | Employees and customer details will be covered by this policy. For further data please visit the government website |
| Policy statement | Portapura will:comply with both the law and good practicerespect individuals’ rightsbe open and honest with individuals whose data is heldprovide training and support for staff who handle personal data, so that they can act confidently and consistentlyNotify the Information Commissioner voluntarily, even if this is not requiredPlease note the guidance from Portapura on when breaches should be reported as this is one of the main changes from the current Data Protection Act and GDPR |
| Key risks | Portapura will to its best endeavours preventinformation about data getting into the wrong hands, through poor security or inappropriate disclosure of informationindividuals being harmed through data being inaccurate or insufficient |
| Responsibilities | |
|---|---|
| The Board / Company Directors | Have overall responsibility for ensuring that the organisation complies with its legal obligations. |
| Data Protection Officer | The Managing Director is responsible forBriefing the Board on Data Protection responsibilitiesReviewing Data Protection and related policiesAdvising other staff on tricky Data Protection issuesEnsuring that Data Protection induction and training takes placeNotification to the BoardHandling subject access requestsApproving unusual or controversial disclosures of personal dataApproving contracts with Data Processors |
| Outside Organisations | Portapura will seek advice from the EEF, Northgate Arinso & its professional advisors to ensure compliance. |
| Employees & Volunteers | All staff and volunteers are required to read, understand and accept policies and procedures that relate to the personal data they may handle in the course of their work. |
| Enforcement | Breaches in compliance with Data Protection may result in disciplinary action |
| Security | |
|---|---|
| Scope | Business Continuity is included below but you may want to move this to a separate policy |
| Setting security levels | Brightwell Marketing & Blue Moon Computer Services will ensure adequate IT security systems are in place and maintained |
| Security measures | Portapura will ensure its IT, Computer consultants and marketing companies have a fully compliant system. The company Lawyers will address any breach in compliance by third parties. |
| Data recording and storage | |
|---|---|
| Accuracy | Portapura will have measures in place to ensure data accuracy. For example, where information is taken over the telephone, how is it checked back with the individual? If the information is supplied by a third party, what steps will be taken to ensure or check its accuracy? |
| Updating | Please note the separate requirements for the data we hold. For example, we cannot keep CVs for more than 6 months unless we have express permission from the candidates |
| Storage | All information is stored electronically where ever possible |
| Retention periods | A maximum period of 2 years with permission from individuals |
| Archiving | The company stores invoices, its own bank information for 10 years employee data is held only when employed by the company |
| Right of Access | |
|---|---|
| Responsibility | the directors are responsible for ensuring that right of access requests are handled within the legal time limit which is one month |
| Procedure for making request | Right of access requests must be in writing. There should be a clear responsibility for all employees to pass on anything which might be a subject access request to the appropriate person without delay. |
| Provision for verifying identity | Where the person managing the access procedure does not know the individual personally there should be provision for checking their identity before handing over any information |
| Procedure for granting access | If the request is made electronically, we will provide the information in a commonly used electronic format.The GDPR includes a best practice recommendation that, where possible, organisations should be able to provide remote access to a secure self-service system which would provide the individual with direct access to his or her information |
| Transparency | |
|---|---|
| Commitment | Portapura will explain its commitment to ensuring that Data Subjects are aware that their data is being processed andfor what purpose it is being processedwhat types of disclosure are likely, andhow to exercise their rights in relation to the data |
| Procedure | When Portapura deems there are standard ways for each type of Data Subject to be informed, these will be given, for example:the handbook for employeesin the welcome letter or pack for members, with occasional reminders in the newsletterduring the initial interview with clientson the website |
| Responsibility | Individuals in the company are responsible for their actions when passing on information outside of working hours and the company premises. |
| Lawful Basis | |
|---|---|
| Underlying principles | GDPR states we must record the lawful basis for the personal data we hold a |
| Opting out | Portapura is not relying on consent, but will give people the opportunity to opt out of their data being used in particular ways |
| Withdrawing consent | Portapura the organisation may wish to acknowledge that, once given, consent can be withdrawn, but not retrospectively. There may be occasions where the organisation has no choice but to retain data for a certain length of time, even though consent for using it has been withdrawn |
| Employee training & Acceptance of responsibilities | |
|---|---|
| Induction | All employees who have access to any kind of personal data will have their responsibilities outlined during their induction procedures |
| Continuing training | There are opportunities to raise Data Protection issues during employee training, team meetings, supervisions, etc. |
| Procedure for staff signifying acceptance of policy | The policy will be included in the Company Handbook |
| Policy review | |
|---|---|
| Responsibility | The board of directors are responsible for the review |
| Procedure | Site Manager will be briefed on Data Protection regulation |
| Timing | Review will be completed by December 2020 |
This website uses cookies. By using this website and agreeing to this policy, you consent to
Portapura ’s use of cookies in accordance with the terms of this policy.
Cookies are files sent by web servers to web browsers and stored by the web browsers.
The information is then sent back to the server each time the browser requests a page from the server. This enables a web server to identify and track web browsers.
There are two main kinds of cookies: session cookies and persistent cookies. Session cookies are deleted from your computer when you close your browser, whereas persistent cookies remain stored on your computer until deleted, or until they reach their expiry date.
Portapura uses the following cookies on this website, for the following purposes.
When visiting this website you choose your language.
Portapura stores this information so when you re-visit you are taken directly to the appropriate website.
Most browsers allow you to refuse to accept cookies.
In Internet Explorer, you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector.
In Firefox, you can adjust your cookies settings by clicking “Tools”, “Options” and “Privacy”.
Blocking cookies will have a negative impact upon the usability of some websites.