Policies | Platinum International Limited
 0161 971 5000      [email protected] Birmingham, England, B37 7WL

PLATINUM POLICIES

General Terms & Conditions

These Terms and Conditions govern your use of the Company website (the “Company Site”) and your relationship with Platinum International Ltd, formally UK Batteries Limited (the “Company”, “we” or “us”). Please read them carefully as they affect your rights and liabilities under the law. If you do not agree to these Terms and Conditions, please do not register for or use the Company Site. If you have any questions on the Terms and Conditions, please contact [email protected]

1          Use of the Company Site

1.1       The Company Site is provided to you for your use subject to these Terms and Conditions. By using the Company Site you agree to be bound by these Terms and Conditions. References to these Terms and Conditions include:

1.1.1     the terms and conditions upon which we provide customers with credit accounts for access to any services provided by means of the Company Website; and,

1.1.2     the terms and conditions upon which any such services are provided by the Company.

2          Amendments

2.1       We may update these Terms and Conditions from time to time for legal or regulatory reasons or to allow the proper operation of the Company Site. Any changes will be notified to you via the e-mail address provided by you on registration or via a suitable announcement on the Company Site. The changes will apply to the use of the Company Site after we have given notice. If you do not wish to accept the new Terms and Conditions you should not continue to use the Company Site. If you continue to use the Company Site after the date on which the change comes into effect, your use of the Company Site indicates your agreement to be bound by the new Terms and Conditions.

3          Registration

3.1       You must ensure that the details provided by you on registration or at any time are correct and complete.

3.2       You must inform us immediately of any changes to the information that you provided when registering by updating your personal details in order that we can communicate with you effectively.

4          Access to services; password and security

4.1       To access and/or use certain services on the Company Site you will need to set up a web account with the Company. To set up a web account please contact [email protected]. When your web account has been set up you will be given a username and password. You may then change your password if you so wish at any time when using the service. In order to prevent fraud, you must keep your user name and password confidential and must not disclose them or share them with anyone. If you know or suspect that someone else knows your user name and/or password you should notify us by contacting [email protected] immediately.

4.2       If the Company has reason to believe that there is likely to be a breach of security or misuse of the Company Site, we may require you to change your password or we may suspend your account.

5          Intellectual property

5.1       The content of the Company Site is protected by copyright, trade marks, database right and other intellectual property rights. You may retrieve and display the content of the Company Site on a computer screen, store such content in electronic form on disk (but not any server or other storage device connected to a network) or print one copy of such content for your own personal, non-commercial use, provided you keep intact all and any copyright and proprietary notices. You may not otherwise reproduce, modify, copy or distribute or use for commercial purposes (except as provided in the Terms and Conditions of any services available on the website) any of the materials or content on the Company Site without written permission from the Company.

6          Your use of the Company Site

6.1       You may not use the Company Site for any of the following purposes:

6.1.1     disseminating any unlawful, harassing, libellous, abusive, threatening, harmful, vulgar, obscene, or otherwise objectionable material or otherwise breaching any laws;

6.1.2     transmitting material that encourages conduct that constitutes a criminal offence, or otherwise breaches any applicable laws, regulations or code of practice;

6.1.3     interfering with any other person’s use or enjoyment of the Company Site; or

6.1.4     making, transmitting or storing electronic copies of materials protected by copyright without the permission of the owner.

6.2       You will be responsible for our losses and costs resulting from your breach of this clause 6.

7          Availability of the Company Site

7.1       Although we aim to offer you the best service possible, we make no promise that the services at the Company Site will meet your requirements. We cannot guarantee that the services will be fault-free. If a fault occurs with the Company Site you should report it to [email protected] and we will attempt to correct the fault as soon as we reasonably can.

7.2       Your access to the Company Site may be occasionally restricted to allow for repairs, maintenance or the introduction of new facilities or services. We will attempt to restore the service as soon as we reasonably can.

8          The Company’s liability

8.1       The Company Site provides content from other Internet sites or resources and while the Company tries to ensure that material included on the Company Site is correct, reputable and of high quality, it does not make any warranties or guarantees in relation to that content. If the Company is informed of any inaccuracies in the material on the Site we will attempt to correct the inaccuracies as soon as we reasonably can.

8.2       Nothing in these Terms and Conditions limit or exclude the Company’s liability for:

8.2.1     death or personal injury caused by the Company’s negligence; or

8.2.2     fraud or fraudulent misrepresentation.

8.3       Subject to clause 8.2, the Company will under no circumstances whatever be liable to you, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, arising under or in connection with your access to and use of the Company Site for:

8.3.1     any loss of profits, sales, business, or revenue;

8.3.2     loss or corruption of data, information or software;

8.3.3     loss of business opportunity;

8.3.4     loss of anticipated savings;

8.3.5     loss of goodwill; or

8.3.6     any indirect or consequential loss.

8.4       Subject to clause 8.2 and clause 8.3, the Company’s total liability to you in respect of all other losses arising under or in connection with your access to and use of the Company Site, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, shall in no circumstances exceed £3,000.

8.5       Except as expressly stated in these Terms and Conditions, the Company does not give any representation, warranties or undertakings in relation to your access to and use of the Company Site. Any representation, condition or warranty which might be implied or incorporated into these Terms and Conditions by statute, common law or otherwise is excluded to the fullest extent permitted by law. In particular, the Company will not be responsible for ensuring that the Company Site and its contents are suitable for your purposes.

9          Third Party Websites

9.1       As a convenience to customers, the Company Site may include links to other web sites or material which are beyond its control. Where it does, the Company is not responsible for content on any site outside the Company Site.

10        Advertising and Sponsorship

10.1      Part of the Company Site may contain advertising and sponsorship. Advertisers and sponsors are responsible for ensuring that material submitted for inclusion on the Company Site complies with relevant laws and codes. We will not be responsible to you for any error or inaccuracy in advertising and sponsorship material.

11        Applicable Law

11.1      These Terms and Conditions will be subject to the laws of England and Wales. We will try to solve any disagreements quickly and efficiently. If you are not happy with the way we deal with any disagreement and you want to take court proceedings, you must do so within the United Kingdom.

12        International Use

12.1      We make no promise that materials on the Company Site are appropriate or available for use in locations outside the United Kingdom, and accessing the Company Site from territories where its contents are illegal or unlawful is prohibited. If you choose to access this site from locations outside the United Kingdom, you do so on your own initiative and are responsible for compliance with local laws.

13        Miscellaneous

13.1      You may not transfer any of your rights under these Terms and Conditions to any other person. We may transfer our rights under these Terms and Conditions to another business where we reasonably believe your rights will not be affected.

13.2      If you breach these Terms and Conditions and the Company chooses to ignore this, the Company will still be entitled to use its rights and remedies at a later date or in any other situation where you breach the Terms and Conditions.

13.3      The Company shall not be responsible for any breach of these Terms and Conditions caused by circumstances beyond its reasonable control.

13.4      The Company Site is owned and operated by Platinum International Ltd, Platinum House, Bailey Road, Trafford Park, Manchester M17 1SA United Kingdom.

13.5      If you have any queries please contact [email protected].

The Company Registration No. 04397197

The Company VAT No. GB784109712

Last update: [01/05/18]

This site uses cookies – small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymised tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers

 


Modern Slavery and Human Trafficking Statement

 

INTRODUCTION

This statement is made in line with s.54 of the Modern Slavery Act 2015 and sets out our actions to understand all potential modern slavery risks related to our businesses and to put steps in place aimed at ensuring that there is no slavery or human trafficking within our own businesses and supply chains.   This statement relates to actions and activities during the 2021 financial year.

 

ORGANISATIONAL STRUCTURE AND SUPPLY CHAINS

 

The Organisation

This statement covers the activities of the following companies in the “Group”:

  • Alliance Automotive UK LV Limited
  • Alliance Automotive UK CV Limited
  • Alliance Automotive UK Limited
  • Alliance Automotive Procurement Limited
  • Alliance Automotive UK Trading Groups Limited
  • Apec Limited
  • Ferraris Piston Service Limited
  • Ferraris Distribution Limited
  • Platinum International Limited
  • Platinum International Group Limited
  • United Aftermarket Network Limited
  • Gaynor Pearce Motor Factors Limited
  • Auto Components (NI) Limited

The nature of the business of the group of companies is the distribution and wholesale of automotive aftermarket parts, consumables, maintenance, accessories and retail products.  The group operates in a number of locations across the United Kingdom and Republic of Ireland.

Suppliers

As a group we do not carry out detailed checks to test suppliers’ compliance with Company standards against trafficking and slavery throughout the entirety of their own supply chain.  The group does, however, require suppliers to certify that they comply with our Supplier Guidelines and Requirements; these Guidelines and Requirements include the need to make sure that their own chains are compliant and the results of that certification are audited.  Contracts will be terminated as soon as possible if a supplier breaches the Guidelines.

Employees

The Group only employs people who are allowed to legally work in the United Kingdom and Ireland.  The Group have processes in place to ensure that employees eligibility to work status is validated in line with current legislation.  There is a further statement contained within the staff handbook which makes it clear that human trafficking and slavery is an offence and therefore unacceptable.  Violation of these policies by any employee could result in disciplinary action and potentially dismissal.

Agency Workers

The Group only uses reputable employment agencies to source labour; it always verifies the practices of any new agency it is using before accepting the provision of labour.

Communication and training

As well as our employees being aware of our position on modern slavery and human trafficking, those employees who deal with suppliers or in a position of management are required to familiarise themselves with the Modern Slavery Act in more detail.  We review this statement and our Supplier Guidelines and Requirements regularly and any updated are notified throughout the Group.

HIGH RISK ACTIVITIES

There are no activities within the Group that are considered to be at high risk of slavery or human trafficking.  Through the Supplier Guidelines and Requirements the Group aims to make sure that all suppliers report on their compliance with the Modern Slavery At 2015.  Actions will be taken in the event of a breach of these Guidelines.

 

RESPONSIBILITIES

 

Slavery and Human Trafficking Statement

This is the responsibility of the Managing Director.  This statement is reviewed annually and reissued in March of each year, with the most recent version published on the company websites.

Policies

The Human Resources team in general are responsible for making sure that all Company policies are fully compliant with UK & Republic of Ireland employment legislation and that all policies are reviewed at least every two years.  All policies are available to employee via the intranet or hard copy.

Investigations

It will be the responsibility of the Human Resources Director to ensure that any concerns raised will be investigated and appropriate action or learning supported as required.

 

APPROVAL

This statement has been approved by the Managing Directors who will annually review and update.

 

Angelo Arnone
Managing Director

Steve Richardson
Managing Director

 

 

February 2022

Platinum Privacy Notice –

Applicants, Consultants, Employees (including Ex-Employees) and Workers (GDPR 01)

 

The General Data Protection Regulations (GDPR) supports us in looking after your privacy. 

 

We issue this privacy notice in the interests of transparency as to how we use (‘Process’) the personal data that we collect from job applicants, employees, ex-employees, workers and consultants (‘you’). This document details what information the Company stores, who is allowed to see it and how you can change it. Our data security means that we hold all personal data securely and limit access to those who need to see it.

 

This document describes how we collect, use and process your personal data, and how, in doing 1522847006179so, we comply with our legal obligations to you. This Privacy Policy applies to the personal data of our Applicants, Employees and Ex-employees. However, for Website Users, Customers, Suppliers and other people whom we may contact in order to provide our goods and services or for emergency contacts of our Staff you should refer to the Platinum Privacy Notice – Master (GDPR 02) which is available on both the Platinum Intranet and on this website.

 

For the purpose of applicable data protection legislation (including but not limited to the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”) and the DPA 2018, the company responsible for your personal data is Platinum International (‘Platinum’ or ‘us). This Privacy Policy applies in relevant countries throughout our international network. We will ensure compliance with all applicable data privacy protection legislation, no matter where you are.

 

It is important to point out that we may amend this Privacy Policy from time to time. To stay up to date, please visit this page to stay up to date, as we will post any changes here.

 

If you are dissatisfied with any aspect of our Privacy Policy, you may have legal rights and, where relevant, we have described these as well.

 

DEFINITIONS

Candidates – includes applicants for all roles advertised by Platinum International, including permanent, part-time and temporary positions; as well as people who have supplied a speculative CV to Platinum International not in relation to a specific job. Individual contractors, freelance workers and employees of suppliers or other third parties put forward for roles with Platinum International will be treated as candidates for the purposes of this Privacy Policy.

 

Company – Platinum International Ltd, the Company’s Subsidiaries or Holding Companies and any Subsidiary of any holding Company.

 

Customers – this category covers our customers, clients, and others to whom Platinum International provides goods and/or services in the course of its business.

 

Data Controller – means the person or organisation who determines the purposes for which and the manner in which any personal data is processed.

 

General Data Protection Regulation (GDPR) – a European Union statutory instrument which aims to harmonise European data protection laws. It has an effective date of 25 May 2018, and any references to it should be construed accordingly to include any national legislation implementing it.

 

Personal data – means any information relating to an identified or identifiable living person.

 

Personal Data – Sensitive/ Special categories – means personal data consisting of information as to:

  1. the racial or ethnic origin of the individual;
  2. their political opinions;
  3. their religious or philosophical beliefs;
  4. their membership of a trade union;
  5. their physical or mental health or condition;
  6. their sexual life;
  7. the commission or alleged commission by them of any offence;
  8. any proceedings for any offence committed or alleged to have been committed by them, the disposal of such proceedings or the sentence of any court in such proceedings;
  9. genetic data; and
  10. biometric data where processed to uniquely identify a person (for example a photo in an electronic passport).

 

Staff – includes employees and interns engaged directly in the business of Platinum International (or who have accepted an offer to be engaged) as well as certain other workers engaged in the business of providing services to Platinum International (even though they are not classed as employees). Independent contractors and consultants performing services for Platinum International fall within the definition of a ‘Supplier’ for the purposes of this Privacy Policy.

 

Suppliers – refers to partnerships and companies (including sole traders), and atypical workers such as independent contractors and freelance workers, who provide services to Platinum International. In certain circumstances Platinum International will sub-contract the services it provides to Clients to third party suppliers who perform services on Platinum International’s behalf. In this context, suppliers that are individual contractors, freelance workers, or employees of suppliers will be treated as Candidates for data protection purposes. Please note that in this context, Platinum International requires Suppliers to communicate the relevant parts of this Privacy Policy (namely the sections directed at Candidates) to their employees.

 

Website Users – any individual who accesses any of the Platinum International websites.

 

WHAT KIND OF INFORMATION DO WE COLLECT?

  1. As an independent battery and lubricants distributor, we collect personal data from our Website users, Customers, Suppliers and other people. This document deals with the information we collect from Employees, Workers, Applicants and Consultants whom we may contact as part of our day to day business. The information described below is in addition to any personal data we are required by law to process in any given situation.

 

  1. We may collect some or all of the information listed below to enable us to offer you employment opportunities and to manage our employment relationship. In some jurisdictions, we are restricted from processing some of the data outlined below (please note the list is not exhaustive). In such cases, we will not process the data in those jurisdictions:
    1. Name;
    2. Age/date of birth;
    3. Birth number;
    4. Sex/gender;
    5. Photograph;
    6. Marital status;
    7. Contact details;
    8. Education details;
    9. Employment history;
    10. Emergency contacts and details of any dependants;
    11. Referee details;
    12. Immigration status (whether you need a work permit);
    13. Nationality/ citizenship/ place of birth;
    14. A copy of your driving licence and/ or passport/ identity card;
    15. Financial information (where we need to carry out financial background checks);
    16. Social security number (or equivalent in your country) and any other tax-related information;
    17. Diversity information including racial or ethnic origin, religious or other similar beliefs, and physical or mental health, including disability-related information;
    18. Details of any criminal convictions if this is required for a role that you are interested in applying for;
    19. Details about your current remuneration, pensions and benefits arrangements;
    20. Information on your interests (hobbies etc.) and needs, both collected directly and inferred, for example from a job interview;
    21. Extra information that you choose to tell us;
    22. Extra information that your referees choose to tell us about you;
    23. Extra information that we find out, or that we find from other third party sources such as social media and job sites;
    24. IP address;
    25. The dates, times and frequency with which you access our services; and
    26. CCTV footage, if you attend our premises.

 

  1. To the extent that you access our website we will also collect certain data from you (please see our Cookies policy for further information).

 

HOW DO WE COLLECT YOUR INFROMATION?

  1. We collect personal data in a number of ways, but in the it is usually provided by you directly to us, in summary:
    1. Personal data we receive from you:
      1. When you proactively contact us, usually by phone or email and give us personal data. Please note phone calls make to and from any Platinum International controlled location may be logged, monitored or recorded for training, verification or Health & Safety purposes.
      2. When we contact you, by phone, email or through our employees’ (usually a member of our management or Recruitment teams) HR activities.
    2. Personal data we receive from other sources:
      1. As appropriate, we may seek more information about you from other sources, generally by way of due diligence or other market intelligence including from third party market research and by analysing online and offline media (which we may do ourselves, or employ other organisations to do for us); and
      2. From other limited sources and third parties (for example from referees to the extent that they provide us with your details).
    3. Personal data we collect via our website:
      1. When you access our website we may collect your data automatically or through you providing it to us. When you visit our website there is certain information that we may automatically collect, whether or not you decide to use our services. This includes your IP address, the date and the times and frequency with which you access the website and the way you browse its content. We will also collect data from you when you contact us via the website. We also collect your data automatically via cookies, in line with cookie settings in your browser. If you would like to find out more about cookies, including how we use them and what choices are available to you, please see our Cookie Policy on our website.

 

  1. Platinum International needs to know certain information about you in order to consider you for employment or to manage your employment relationship.

 

  1. There are numerous ways you can share your information with us. It all depends on what suits you. These may include:
    1. Entering your details on the Platinum International website or via an application form, as part of the candidate application process;
    2. Leaving or sending a hard copy CV to a Platinum International employee or business location;
    3. Emailing your CV to a Platinum International employee or being interviewed by them;
    4. Applying for a job through a job board, which then redirects you to the Platinum International website;
    5. Entering your personal details into a Platinum International microsite; or
    6. Entering your details through a social media channel such as Facebook or Twitter etc.

 

  1. We also receive personal data about Candidate from other sources. Depending on the relevant circumstances and applicable local laws and requirements, these may include personal data received in the following situations:
    1. Your referees may disclose personal information about you;
    2. Third parties such as customers, suppliers or other know individuals may share personal information about you with us;
    3. We may obtain information about you from searching for potential candidates and applicants from third party sources, such as LinkedIn, Facebook and other job sites;
    4. If you ‘like’ our page on Facebook, Snapchat, Instagram or ‘follow’ us on Twitter etc. we will receive your personal information from those sites; and
    5. If you were referred to us through a recruitment agency, they may share personal information about you with us.

 

  1. We use CCTV in and around all our Company controlled buildings and locations to monitor your behaviour and for security and Health & Safety purposes. In addition, we use locational tracking devices in company computers, phones and in Company controlled vehicles to monitor a device’s physical location for the purposes of performance management reviews, security, Health & Safety information and for delivery information purposes which may be supplied to third parties within Europe (EEA). For identification purposes we may use your image on your training record to demonstrate your particular training requirement and competence level or on identification cards/ badges. In addition, we may use colleague images along with your name and work location to acknowledge significant Birthdays or work anniversaries for marketing purposes and in the Company magazine, the ‘Platinum Post’.

 

  1. Personal data we collect automatically, when you access our website or read or click on an email from us, where appropriate we may also collect your data automatically or through you providing it to us.

 

HOW WILL YOUR INFORMATION BE USED?

  1. As your employer, ex-employer or potential employer, the Company needs to keep and process information about you for normal employment purposes. All such personal information is protected by law under the General Data Protection Regulations (GDPR). The information we hold and process will be used for our management and administrative use only. We will keep and use it to enable us to run the business and manage our relationship with you effectively, lawfully and appropriately, during the recruitment process, whilst you are working for us, at the time when your employment ends and after you have left. This includes using information to enable us to comply with the employment contract, to comply with any legal requirements, pursue the legitimate interests of the Company and to protect our legal position in the event of legal proceedings. There is no strict requirement for you to provide this data, but if you do not we may be unable, in some circumstances, to comply with our obligations and it will not be practically possible to employ you. However, we would tell you about the implications of that decision.

 

  1. Much of the information we hold will have been provided by you, but some may come from other internal sources, such as your manager, or in some cases, external sources, such as referees. External sources of personal data that have been provided by you may include information from social media accounts.

 

  1. The sort of information we hold includes your application form and references, your contract of employment and any amendments to it; correspondence with or about you, for example letters to you about a pay rise or, at your request, a letter to your mortgage company confirming your salary; information such as Driving Licence and Vehicle Insurance Declaration for both you and other individuals who may drive under the Company’s vehicle insurance scheme; information needed for payroll, pension administration, benefits and expenses purposes; contact and emergency contact details; records of holiday, sickness and other absence; information needed for the equal opportunities monitoring policy; and records relating to your career history, such as training and capability records, appraisals, other performance measures and, where appropriate, disciplinary and grievance records.

 

  1. You will, of course, inevitably be referred to in many Company documents and records that are produced by you and your colleagues in the course of carrying out your duties and the business of the Company. You should refer to the Data Protection Policy which is available on our website, on the Company intranet (under Company Information) or in paper format from Platinum International Ltd, Platinum House, Bailey Road, Trafford Park, Manchester. M17 1SA.

 

  1. Where necessary, we may keep information relating to your health, which could include reasons for absence and GP reports and notes, hospital letters and occupational health reports. This information will be used in order to comply with our health and safety and occupational health obligations – to consider how your health affects your ability to do your job and whether any adjustments to your job might be appropriate. We will also need this data to administer and manage statutory and company sick pay, make other statutory payments such as maternity pay etc., private health insurance and Company vehicle driving assessments, DVLA vehicle licence and company vehicle insurance checks.

 

  1. We monitor company equipment and services such as computers, internet usage, Platinum email, desk telephone and mobile telephone use, as detailed in our various Company policies and available on the Company’s intranet. We also keep records of your hours of work by way of our Time and Attendance systems and processes.

 

  1. We do not use automated decision making (including profiling) in our systems.

 

  1. If in the future we intend to process your personal data for a purpose other than that which it was collected we will provide you with information on that purpose and any other relevant information.

 

OUR LEGAL BASES FOR PROCESSING YOUR DATA?

  1. Our legal basis for processing personal data of applicants, employees and ex-employees is that:
    1. Processing of some elements of sensitive personal data is carried out with ‘consent’ in order for us to undertake equal opportunities monitoring, medical surveillance in order for us to make reasonable disability adjustments.
    2. Processing the personal data is necessary for the purpose of carrying out the employment ‘contract’ or to take steps to enter into an employment contract;
    3. Processing is necessary to comply with a ‘legal obligation’ (for example, we are obliged under employment law to include in a written statement of employment terms with the identity of the parties to the employment contract);
    4. Processing the data is necessary to protect the ‘vital interests’ of an individual (for example we are legally responsible for the health and safety of staff and job applicants (when they are on our premises) and so it is necessary to process data relating to those individuals for that reason); and/or
    5. Processing the data is necessary for the purposes of our ‘legitimate interests’ as the data controller (except where such interests are overridden by the interests, rights or freedoms of the individual).
      1. Our ‘legitimate interests’ for these purposes are:
        1. The need to process data on applicants and staff for the purposes of assessing suitability for employment and then carrying out the employment contract;
        2. The need to gather data for the purposes of safeguarding the health and safety of job applicants and employees;
        3. The need to transfer employee data intra-group for administrative purposes; and
        4. The need to process employee data for the purposes of ensuring network and information security.

 

  1. As a company, we may sometimes need to process your data to pursue our legitimate business interests, for example to prevent fraud, administrative purposes or reporting potential crimes. The nature of our legitimate interests mean that we process employee, customer and supplier etc. data. During the course of our business we deal with payments, products (in the main batteries and lubricants) and third parties (including external authorities). We will never process your data where these interests are overridden by your own interests.

 

  1. Where we process special categories of information relating to your racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, biometric data or sexual orientation, we will always obtain your explicit consent, such as for equal opportunities monitoring. Unless this is not required by law, such as proof of the Right to Work or the information is required to protect your health in an emergency.

 

  1. Where we are processing data based on your consent, you have the right to withdraw that consent at any time. Platinum International will only hold information which relates to you for the purposes of identity or well-being. For example, we may hold information on you which relates to your ethnic origin but not your political opinions. We may also hold information on you which relates to your physical or mental health condition but not your religious beliefs. With your permission, some of our roles and some of our customers require us to carry out comprehensive security checks which require checking if you have any criminal convictions.

 

WHO DO WE SHARE YOUR PERSONAL DATA WITH?

  1. Where appropriate we may share your personal data, in various ways and for various reasons, with the following categories of people:
    1. Any of our group companies;
    2. Individuals and organisations who hold information related to a business reference or application to do business with us, such as current or past suppliers, customers and insurers etc.;
    3. Tax, audit, or other authorities, when we believe in good faith that the law or other regulation requires us to share this data (for example, because of a request by a tax authority or in connection with any anticipated litigation);
    4. Third party service providers who perform functions on our behalf (including external consultants, business associates and professional advisers such as lawyers, auditors and accountants, technical support functions and IT consultants carrying out testing and development work on our business technology systems);
    5. Third party outsourced IT and document storage providers where we have an appropriate processing agreement (or similar protections) in place;

 

  1. Other than as mentioned below, we will only disclose information about you to third parties if we are legally obliged to do so or where we need to comply with our contractual duties to you, for instance we may need to pass on certain information to our external payroll provider, pension or health insurance schemes. For example:
    1. Our external payroll provider: Wilds CCA;
    2. Our pension provider: Now: Pensions;
    3. Government organisations such as CSA, Police, HMRC, DVLA, Environment Agency and the HSE;
    4. Approved medical providers;
    5. Other employers for the purposes of obtaining and giving references;
    6. Healthcare providers;
    7. Insurance providers;
    8. Financial auditors;
    9. Our customers upon request for the purpose of site and project work e.g. CVs; and
    10. Licence Plate recognition schemes such as Congestion charge zones etc.

 

  1. Other than as mentioned above, where appropriate we may share your personal data in various ways and for various reasons, with the following categories of people:
    1. Any of our group companies for purposes connected with your employment or the management of the Company’s business;
    2. Individuals and organisations who hold information related to your reference or application to join us, such as current or past employers, educators and examining bodies, and employment agencies;
    3. Tax, audit, or other authorities, when we believe in good faith that the law or other regulation requires us to share this data (for example, because of a request by a tax authority or in connection with any anticipated litigation);
    4. Third party service providers who perform functions on our behalf (including external consultants, business associates and professional advisers such as lawyers, auditors and accountants, technical support functions and IT consultants carrying out testing and development work on our business technology systems);
    5. Third party outsourced IT and document storage providers where we have an appropriate processing agreement (or similar protections) in place;
    6. Marketing technology platforms and suppliers;
    7. In the case of candidates and prospective members of Staff’s referees: third parties who we have retained to provide services such as reference, qualification and criminal convictions checks, to the extent that these checks are appropriate; and
    8. If Platinum International merges with or is acquired by another business or company in the future, (or is in meaningful discussions about such a possibility) we may share your personal data with the (prospective) new owners of the business or company.

 

  1. In limited and necessary circumstances, your information may be transferred outside of the EEA or to an international organisation to comply with our legal or contractual requirements. We have in place safeguards including password protection, virus checking and Websense/ ForcePoint etc. to ensure destination and sender checks are passed etc. to ensure the security of your data.

 

HOW DO WE SAFEGUARD YOUR PERSONAL DATA?

  1. We are committed to taking all reasonable and appropriate steps to protect the personal information that we hold from misuse, loss, or unauthorised access. We do this by having in place a range of appropriate technical and organisational measures. These include measures to deal with any suspected data breach.

 

  1. If you suspect any misuse or loss of or unauthorised access to your personal information please let us know immediately. Details of how to contact us can be found here.

 

HOW DO WE STORE AND TRANSFER YOUR DATA INTERNATIONALLY?

  1. To enable us to conduct international business, your data may be transferred:
    1. between and within Platinum International entities and employees;
    2. to third parties (such as suppliers, customers and advisors to the Platinum International business);
    3. to a cloud-based storage provider; and
    4. to other third parties, as referred to here.

 

  1. We want to make sure that your data are stored and transferred in a way which is secure. We will therefore only transfer data outside of the European Economic Area or EEA (i.e. the Member States of the European Union, together with Norway, Iceland and Liechtenstein) where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data or where it is necessary for the conclusion:
    1. For the performance of a contract between ourselves and a third party and the transfer is in your interests for the purposes of that contract (for example, if we need to transfer data outside the EEA in order to meet our obligations under that contract if you are a customer or supplier of ours); or
    2. where you have consented to the data transfer.

 

  1. To ensure that your personal information receives an adequate level of protection, we have put in place appropriate procedures with the third parties we share your personal data with to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the law on data protection.

 

HOW LONG DO WE KEEP YOUR PERSONAL DATA FOR?

  1. We will keep Employee personal data for no longer than is necessary, having regard to the original purpose for which the data was processed. In some cases we will be legally obliged to keep your data for a set period. Your personal employment data will be stored for a period of seven (7) years in normal circumstances. However it may be retained for longer periods in the event of an ongoing legal claim or for up to thirty (30) years for ongoing health monitoring purposes.

 

  1. We will delete candidate personal data from our systems if we have not had any meaningful contact with you for two years (or for such longer period as we believe in good faith that the law or relevant regulators require us to preserve your data). After this period, it is likely your data will no longer be relevant for the purposes for which it was collected.

 

  1. When we refer to “meaningful contact”, we mean, for example, communication between us (either verbal or written), or where you are actively engaging with our online services. If you are a Candidate we will consider there to be meaningful contact with you if you submit or have your CV submitted by a third party to us. We will also consider it meaningful contact if you communicate with us about potential roles, either by verbal or written communication or click through from any of our marketing communications. Your receipt, opening or reading of an email or other digital message from us will not count as meaningful contact – this will only occur in cases where you click-through or reply directly.

 

YOUR RIGHTS – HOW TO ACCESS, AMEND OR TAKE BACK THE PERSONAL DATA

  1. One of the General Data Protection Regulation’s (GDPR’s) main objectives is to protect and clarify the rights of EU citizens and individuals in the EU with regards to data privacy. Under the GDPR and The Data Protection Act 2018 (DPA) you have a number of rights with regard to your personal data. In summary of the below:
    1. You have the right to request from us access to and rectification or erasure of your personal data, the right to restrict processing, object to processing as well as in certain circumstances the right to data portability. This means that you retain various rights in respect of your personal data, even once you have given it to us. These are described in more detail below.
    2. If you have provided consent for the processing of your data you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.
    3. We can refuse to comply with any request if we can demonstrate compelling and legitimate grounds for processing, which override your interests, rights and freedoms or where there is another legitimate or legal reason for keeping the data. These include but are not limited to where we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms; or if the processing is for the establishment, exercise or defence of legal claims.

 

  1. To get in touch about these rights, please contact us (for further information please see the ‘Complaints’ section). We will seek to deal with your request without undue delay, and in any event within one month (subject to any extensions to which we are lawfully entitled). Please note that we may keep a record of your communications to help us resolve any issues which you raise.

 

  1. Right to object: this right enables you to object to us processing your personal data where we do so for one of the following four reasons: (i) our legitimate interests; (ii) to enable us to perform a task in the public interest or exercise official authority; (iii) to send you direct marketing materials; and (iv) for scientific, historical, research, or statistical purposes.

 

  1. The “legitimate interests” and “direct marketing” categories above are the ones most likely to apply to our Website Users, Customers and Suppliers. If your objection relates to us processing your personal data because we deem it necessary for your legitimate interests, we must act on your objection by ceasing the activity in question unless:
    1. we can show that we have compelling legitimate grounds for processing which overrides your interests; or
    2. we are processing your data for the establishment, exercise or in the defence of a legal claim.

 

  1. If your objection relates to direct marketing, we must act on your objection by ceasing this activity.

 

  1. Right to withdraw consent: Where we have obtained your consent to process your personal data for certain activities (for example, for our marketing activities), you may withdraw this consent at any time and we will cease to carry out the particular activity that you previously consented to unless we consider that there is an alternative reason to justify our continued processing of your data for this purpose in which case we will inform you of this condition.

 

  1. Data Subject Access Requests (DSAR): You may ask us to confirm what information we hold about you at any time, and request us to modify, update or delete such information. We may ask you to verify your identity and for more information about your request. If we provide you with access to the information we hold about you, we will not charge you for this unless your request is “manifestly unfounded or excessive”. If you request further copies of this information from us, we may charge you a reasonable administrative cost where legally permissible. Where we are legally permitted to do so, we may refuse your request. If we refuse your request we will always tell you the reasons for doing so.

 

  1. Right to erasure: You have the right to request that we erase your personal data in certain circumstances. Normally, the information must meet one of the following criteria:
    1. the data are no longer necessary for the purpose for which we originally collected and/ or processed them;
    2. where previously given, you have withdrawn your consent to us processing your data, and there is no other valid reason for us to continue processing;
    3. the data has been processed unlawfully (i.e. in a manner which does not comply with the GDPR);
    4. it is necessary for the data to be erased in order for us to comply with our legal obligations as a data controller; or
    5. if we process the data because we believe it necessary to do so for our legitimate interests, you object to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing.

 

  1. We would only be entitled to refuse to comply with your request for one of the following reasons:
    1. to exercise the right of freedom of expression and information;
    2. to comply with legal obligations or for the performance of a public interest task or exercise of official authority;
    3. for public health reasons in the public interest;
    4. for archival, research or statistical purposes; or
    5. to exercise or defend a legal claim.

 

  1. When complying with a valid request for the erasure of data we will take all reasonably practicable steps to delete the relevant data.

 

  1. Right to restrict processing: You have the right to request that we restrict our processing of your personal data in certain circumstances. This means that we can only continue to store your data and will not be able to carry out any further processing activities with it until either: (i) one of the circumstances listed below is resolved; (ii) you consent; or (iii) further processing is necessary for either the establishment, exercise or defence of legal claims, the protection of the rights of another individual, or reasons of important EU or Member State public interest.

 

  1. The circumstances in which you are entitled to request that we restrict the processing of your personal data are:
    1. where you dispute the accuracy of the personal data that we are processing about you. In this case, our processing of your personal data will be restricted for the period during which the accuracy of the data is verified;
    2. where you object to our processing of your personal data for our legitimate interests. Here, you can request that the data be restricted while we verify our grounds for processing your personal data;
    3. where our processing of your data is unlawful, but you would prefer us to restrict our processing of it rather than erasing it; and
    4. where we have no further need to process your personal data but you require the data to establish, exercise, or defend legal claims.

 

  1. If we have shared your personal data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal data.

 

  1. Right to rectification: You also have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. Where appropriate, we will also tell you which third parties we have disclosed the inaccurate or incomplete personal data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.

 

  1. Right of data portability: If you wish, you have the right to transfer your personal data between data controllers. In effect, this means that you are able to transfer your Platinum International account details to another online platform. To allow you to do so, we will provide you with your data in a commonly used machine-readable format that is password-protected so that you can transfer the data to another online platform. Alternatively, we may directly transfer the data for you. This right of data portability applies to: (i) personal data that we process automatically (i.e. without any human intervention); (ii) personal data provided by you; and (iii) personal data that we process based on your consent or in order to fulfil a contract.

 

  1. Right to lodge a complaint with a supervisory authority: You also have the right to lodge a complaint with your local supervisory authority. Details of how to contact them can be found in the ‘Complaints’ section).

 

  1. If you would like to exercise any of these rights, or withdraw your consent to the processing of your personal data (where consent is our legal basis for processing your personal data), details of how to contact us can be found in the ‘Complaints’ section. Please note that we may keep a record of your communications to help us resolve any issues which you raise.

 

  1. You may ask to unsubscribe from your marketing activities at any time.

 

  1. It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during the period for which we hold your data.

 

COMPLAINTS

  1. If you think we have not complied with the requirements of the GDPR or DPA 18 with regard to your personal data, you have a specific right to lodge a complaint with the relevant supervisory authority. The supervisory authority will then inform you of the progress and outcome of your complaint. The supervisory authority in the UK is the Information Commissionaire’s Office (ICO).

 

  1. Platinum International Ltd and Platinum International BV (Platinum International Ltd, Platinum House, Bailey Rd, Trafford Park, Manchester, M17 1SA. Company Registration Number 4397197) is the controller and processor of data for the purposes of the DPA 18 and GDPR.

 

  1. If you have any concerns as to how your data is processed you can contact: Mark Broomhead – HR, Quality & Systems Manager at [email protected] or you can write using the address of Platinum International Ltd, Platinum House, Bailey Rd, Trafford Park, Manchester, M17 1SA.

 

  1. You can notify Platinum International Ltd of any changes to your personal data, by contacting the HR Department or emailing [email protected]

 

  1. Please sign below to confirm your understanding of the Company holding such information on file, for as long as it considers necessary to fulfil the purpose for which it was obtained and to processing (including disposing and destroying). Data will be stored in accordance with the eight Data Protection Principles and the other requirements of the Act and any other procedures laid down by the Company for this purpose from time to time.

Data Protection Policy – for Employees, Workers and Consultants (HR28)

The ‘Company’ – Platinum International Ltd, the Company’s Subsidiaries or Holding Companies and any Subsidiary of any Holding Company.

1 Overview
1.1 The Company takes the security and privacy of your data seriously. We need to gather and use information or ‘data’ about you as part of our business and to manage our relationship with you. We intend to comply with our legal obligations under the Data Protection Act 2018 (the ‘2018 Act’) and the EU General Data Protection Regulation (‘GDPR’) in respect of data privacy and security. We have a duty to notify you of the information contained in this policy.

1.2 This policy applies to current and former employees, workers, volunteers, apprentices and consultants. If you fall into one of these categories then you are a ‘data subject’ for the purposes of this policy. You should read this policy alongside your contract of employment (or contract for services) and any other notice we issue to you from time to time in relation to your data.

1.3 The Company has measures in place to protect the security of your data in accordance with our Data Security Policy. A copy of this can be obtained from the Company’s intranet under Company information or alternative from the HR department.

1.4 The company will hold data in accordance with our Data Retention Policy. A copy of this can be obtained from the Company’s intranet under Company information or alternative from the HR department. We will only hold data for as long as necessary for the purposes for which we collected it.

1.5 The Company is a ‘Data Controller’ for the purposes of your personal data. This means that we determine the purpose and means of the processing of your personal data.

1.6 This policy explains how the Company will hold and process your information. It explains your rights as a data subject. It also explains your obligations when obtaining, handling, processing or storing personal data in the course of working for, or on behalf of, the Company.

1.7 This policy does not form part of your contract of employment (or contract for services if relevant) and can be amended by the Company at any time. It is intended that this policy is fully compliant with the 2018 Act and the GDPR. If any conflict arises between those laws and this policy, the Company intends to comply with the 2018 Act and the GDPR.

2 Data Protection Principles
2.1 Personal data must be processed in accordance with six ‘Data Protection Principles.’ It must:
• be processed fairly, lawfully and transparently;
• be collected and processed only for specified, explicit and legitimate purposes;
• be adequate, relevant and limited to what is necessary for the purposes for which it is processed;
• be accurate and kept up to date. Any inaccurate data must be deleted or rectified without delay;
• not be kept for longer than is necessary for the purposes for which it is processed; and
• be processed securely.

We are accountable for these principles and must be able to show that we are compliant.
3 How we define Personal Data
3.1 ‘Personal data’ means information which relates to a living person who can be identified from that data (a ‘data subject’) on its own, or when taken together with other information which is likely to come into our possession. It includes any expression of opinion about the person and an indication of the intentions of us or others, in respect of that person. It does not include anonymised data.

3.2 This policy applies to all personal data whether it is stored electronically, on paper or on other materials.

3.3 This personal data might be provided to us by you, or someone else (such as a former employer, your doctor, or a credit reference agency), or it could be created by us. It could be provided or created during the recruitment process or during the course of the contract of employment (or services) or after its termination. It could be created by your manager or other colleagues.

3.4 We will collect and use the following types of personal data about you:
• recruitment information such as your application form and CV, references, qualifications and membership of any professional bodies and details of any pre-employment assessments;
• your contact details and date of birth;
• the contact details for your emergency contacts;
• your gender;
• your marital status and family details;
• information about your contract of employment (or services) including start and end dates of employment, role and location, working hours, details of promotion, salary (including details of previous remuneration), pension, benefits and holiday entitlement;
• your bank details and information in relation to your tax status including your national insurance number;
• your identification documents including passport and driving licence and information in relation to your immigration status and right to work for us;
• information relating to disciplinary or grievance investigations and proceedings involving you (whether or not you were the main subject of those proceedings);
• information relating to your performance and behaviour at work;
• training records;
• electronic information in relation to your use of IT systems/swipe cards/telephone systems;
• health and safety records;
• your images (whether captured on CCTV, by photograph or video); and
• any other category of personal data which we may notify you of from time to time.

4 How we define special categories of personal data
4.1 ‘Special categories of personal data’ are types of personal data consisting of information as to:
• your racial or ethnic origin;
• your political opinions;
• your religious or philosophical beliefs;
• your trade union membership;
• your genetic or biometric data;
• your health;
• your sex life and sexual orientation; and
• any criminal convictions and offences.

We may hold and use any of these special categories of your personal data in accordance with the law.

5 How we define processing
5.1 ‘Processing’ means any operation which is performed on personal data such as:
• collection, recording, organisation, structuring or storage;
• adaption or alteration;
• retrieval, consultation or use;
• disclosure by transmission, dissemination or otherwise making available;
• alignment or combination; and
• restriction, destruction or erasure.

This includes processing personal data which forms part of a filing system and any automated processing.

6 How will we process your personal data?
6.1 The Company will process your personal data (including special categories of personal data) in accordance with our obligations under the 2018 Act.

6.2 We will use your personal data for:
• performing the contract of employment (or services) between us;
• complying with any legal obligation; or
• if it is necessary for our legitimate interests (or for the legitimate interests of someone else). However, we can only do this if your interests and rights do not override ours (or theirs). You have the right to challenge our legitimate interests and request that we stop this processing. See details of your rights in section 12 below.

We can process your personal data for these purposes without your knowledge or consent. We will not use your personal data for an unrelated purpose without telling you about it and the legal basis that we intend to rely on for processing it.

If you choose not to provide us with certain personal data you should be aware that we may not be able to carry out certain parts of the contract between us. For example, if you do not provide us with your bank account details we may not be able to pay you. It might also stop us from complying with certain legal obligations and duties which we have such as to pay the right amount of tax to HMRC or to make reasonable adjustments in relation to any disability you may suffer from.

7 Examples of when we might process your personal data
7.1 We have to process your personal data in various situations during your recruitment, employment (or engagement) and even following termination of your employment (or engagement).

7.2 For example (and see section 7.6 below for the meaning of the asterisks):
• to decide whether to employ (or engage) you;
• to decide how much to pay you, and the other terms of your contract with us;
• to check you have the legal right to work for us;
• to carry out the contract between us including where relevant, its termination;
• training you and reviewing your performance*;
• to decide whether to promote you;
• to decide whether and how to manage your performance, absence or conduct*;
• to carry out a disciplinary or grievance investigation or procedure in relation to you or someone else;
• to determine whether we need to make reasonable adjustments to your workplace or role because of your disability*;
• to monitor diversity and equal opportunities*;
• to monitor and protect the security (including network security) of the Company, of you, our other staff, customers and others;
• to monitor and protect the health and safety of you, our other staff, customers and third parties*;
• to pay you and provide pension and other benefits in accordance with the contract between us*;
• paying tax and national insurance;
• to provide a reference upon request from another employer;
• to pay trade union subscriptions*;
• monitoring compliance by you, us and others with our policies and our contractual obligations*;
• to comply with employment law, immigration law, health and safety law, tax law and other laws which affect us*;
• to answer questions from insurers in respect of any insurance policies which relate to you*;
• running our business and planning for the future;
• the prevention and detection of fraud or other criminal offences;
• the prevention and detection of motoring offences;
• to defend the Company in respect of any investigation or litigation and to comply with any court or tribunal orders for disclosure*; and
• for any other reason which we may notify you of from time to time.

7.3 We will only process special categories of your personal data (see above) in certain situations in accordance with the law. For example, we can do so if we have your explicit consent. If we asked for your consent to process a special category of personal data then we would explain the reasons for our request. You do not need to consent and can withdraw consent later if you choose by contacting the HR Department.

7.4 We do not need your consent to process special categories of your personal data when we are processing it for the following purposes, which we may do:
• where it is necessary for carrying out rights and obligations under employment law;
• where it is necessary to protect your vital interests or those of another person where you/they are physically or legally incapable of giving consent;
• where you have made the data public;
• where processing is necessary for the establishment, exercise or defence of legal claims; and
• where processing is necessary for the purposes of occupational medicine or for the assessment of your working capacity.

7.5 We might process special categories of your personal data for the purposes in paragraph 7.2 above which have an asterisk beside them. In particular, we will use information in relation to:
• your race, ethnic origin, religion, sexual orientation or gender to monitor equal opportunities;
• your sickness absence, health and medical conditions to monitor your absence, assess your fitness for work, to pay you benefits, to comply with our legal obligations under employment law including to make reasonable adjustments and to look after your health and safety; and
• your trade union membership to pay any subscriptions and to comply with our legal obligations in respect of trade union members.

7.6 We do not take automated decisions about you using your personal data or use profiling in relation to you.

8 Sharing your personal data
8.1 Sometimes we might share your personal data with group companies or our contractors and agents to carry out our obligations under our contract with you or for our legitimate interests.

8.2 We require those companies to keep your personal data confidential and secure and to protect it in accordance with the law and our policies. They are only permitted to process your data for the lawful purpose for which it has been shared and in accordance with our instructions.

8.3 The legitimate activities which third parties undertake for the Company include (but are not limited to) Payroll provision, Pension, Insurance brokerage (vehicle, health, and travel etc.), Legal services, Mobile phone providers, IT data storage provision (including cloud based storage) and accreditation bodies such as ISO.

8.4 We do not send your personal data outside the European Economic Area. If this changes you will be notified of this and the protections which are in place to protect the security of your data will be explained.

9 How should you process personal data for the Company?
9.1 Everyone who works for, or on behalf of, the Company has some responsibility for ensuring data is collected, stored and handled appropriately, in line with this policy and the Company’s Data Security and Data Retention policies.

9.2 The person responsible for data protection in the Company is Mark Broomhead (HR, Quality & Systems Manager) who is responsible for reviewing this policy and updating the Board of Directors on the Company’s data protection responsibilities and any risks in relation to the processing of data. You should direct any questions in relation to this policy or data protection to this person.

9.3 You should only access personal data covered by this policy if you need it for the work you do for, or on behalf of the Company and only if you are authorised to do so. You should only use the data for the specified lawful purpose for which it was obtained.

9.4 You should not share personal data informally.

9.5 You should keep personal data secure and not share it with unauthorised people.

9.6 You should regularly review and update personal data which you have to deal with for work. This includes telling us if your own contact details change.

9.7 You should not make unnecessary copies of personal data and should keep and dispose of any copies securely.

9.8 You should use strong passwords.

9.9 You should lock your computer screens when not at your desk.

9.10 Personal data, if stored electronically should be held in secure drives or in password protected folders. Furthermore, it should be encrypted before being transferred electronically to authorised external contacts (please speak to IT for more information on how to do this).

9.11 Personal data, if stored in hard copy should be kept secure in lockable files and cabinets. When being disposed of, it is to be shredded.

9.12 Consider anonymising data or using separate keys/ codes so that the data subject cannot be identified.

9.13 Do not save personal data to your own personal computers or other devices.

9.14 Personal data should never be transferred outside the European Economic Area except in compliance with the law and authorisation of the person responsible for data protection (Mark Broomhead).

9.15 You should lock drawers and filing cabinets. Do not leave paper with personal data lying about.

9.16 You should not take personal data away from Company’s premises without authorisation from your line manager or the person responsible for data protection.

9.17 Personal data should be shredded and disposed of securely when you have finished with it.

9.18 You should ask for help from the person responsible for data protection if you are unsure about data protection or if you notice any areas of data protection or security we can improve upon.

9.19 Any deliberate or negligent breach of this policy by you may result in disciplinary action being taken against you in accordance with our disciplinary procedure.

9.20 It is a criminal offence to conceal or destroy personal data which is part of a subject access request (see below). This conduct would also amount to gross misconduct under our disciplinary procedure, which could result in your dismissal.

10 How to deal with data breaches
10.1 We have robust measures in place to minimise and prevent data breaches from taking place. Should a breach of personal data occur (whether in respect of you or someone else) then we must take notes and keep evidence of that breach. If the breach is likely to result in a risk to the rights and freedoms of individuals then we must also notify the Information Commissioner’s Office within 72 hours.

10.2 If you are aware of a data breach you must contact the person responsible for data protection (Mark Broomhead) immediately and keep any evidence you have in relation to the breach.

11 Subject Access Requests
11.1 Data subjects can make a ‘Subject Access Request’ (‘SAR’) to find out the information we hold about them. This request must be made in writing. If you receive such a request you should forward it immediately to the person responsible for data protection who will coordinate a response.

11.2 If you would like to make a SAR in relation to your own personal data you should make this in writing to (Mark Broomhead). We must respond within one month unless the request is complex or numerous in which case the period in which we must respond can be extended by a further two months.

11.3 There is no fee for making a SAR. However, if your request is manifestly unfounded or excessive we may charge a reasonable administrative fee or refuse to respond to your request.

12 Your data subject rights
12.1 You have the right to information about what personal data we process, how and on what basis as set out in this policy.

12.2 You have the right to access your own personal data by way of a subject access request (see above).

12.3 You can correct any inaccuracies in your personal data. To do you should contact the person responsible for data (Mark Broomhead).

12.4 You have the right to request that we erase your personal data where we were not entitled under the law to process it or it is no longer necessary to process it for the purpose it was collected. To do so you should contact Mark Broomhead.

12.5 While you are requesting that your personal data is corrected or erased or are contesting the lawfulness of our processing, you can apply for its use to be restricted while the application is made. To do so you should contact Mark Broomhead.

12.6 You have the right to object to data processing where we are relying on a legitimate interest to do so and you think that your rights and interests outweigh our own and you wish us to stop.

12.7 You have the right to object if we process your personal data for the purposes of direct marketing.

12.8 You have the right to receive a copy of your personal data and to transfer your personal data to another data controller. We will not charge for this and will in most cases aim to do this within one month.

12.9 With some exceptions, you have the right not to be subjected to automated decision-making.

12.10 You have the right to be notified of a data security breach concerning your personal data.

12.11 In most situations we will not rely on your consent as a lawful ground to process your data. If we do however request your consent to the processing of your personal data for a specific purpose, you have the right not to consent or to withdraw your consent later. To withdraw your consent, you should contact Mark Broomhead.

12.12 You have the right to complain to the Information Commissioner. You can do this be contacting the Information Commissioner’s Office directly. Full contact details including a helpline number can be found on the Information Commissioner’s Office website (www.ico.org.uk). This website has further information on your rights and our obligations.

Featured Articles