Data Protection Policy
Procedure Number: 010
Data Protection Policy
Date of Last Update:
Date of Last Review:
Date of Next Review:
As an accredited learning and training provider, Betterweld Groupd Ltd and must keep certain information on its employees, learners, students and visitors. This information is required so that we are able to recruit and pay our employees on time, to monitor risks in regards to Health and Safety and to comply with our legal obligations to funding bodies and the government. In order to do this, we must process this information fairly and safely in accordance with the Data Protection Act 1998. The act came into force to control how personal data is stored about individuals in organisations. It covers 8 key principles and stipulates that:
- All data must be processed fairly and lawfully
- Data must be obtained only for specified and lawful purposes
- The data must be adequate, relevant and not excessive
- All information should be accurate and kept up to date
- It should not be kept longer than necessary
- Data should be processed in accordance with the data subjects
- It should be protected by appropriate security measures
- No data should be transferred to countries which do not have adequate data security control.
All employees of Betterweld Groupd Ltd and Canal Training Academy who process or use information must comply with the Data Protection Act 1998 and its 8 key principles at all times.
The purpose of the policy is to ensure that we remain compliant as an organisation and remain within our legal obligations. As a training provider, certain obligations are placed on the company to store data regarding our learners. Since our learners may be under the age of 18 this places further obligations on the company to protect any minors under its supervision and on whom it may hold data or information.
This policy covers data which may be held by Betterweld Groupd Ltd, its holding company; John Lord Holdings Ltd or any of its subsidiary companies. The policy does not form part of our employees contract of employment, however, all employees are expected to abide by the policies and any amendments to the policy made by Betterweld Groupd Ltd or Canal Training Academy. Therefore, any potential breach of the policy may result in the companys disciplinary procedure being invoked. If any member of staff has concerns regarding use of their own data or information, they may raise the matter with their line manager firstly.
Should the matter not be resolved, then the company’s standard grievance procedure may be used.
2.0 DATA HELD ON FILE
2.1 TYPES OF DATA
2.1.1 Betterweld Groupd Ltd
As an employer, Betterweld will hold on file confidential information regarding its employees. The types of information held on file may include:
- Names, Addresses and contact information including telephone numbers
- Bank details for salary payment
- Where appropriate, details of any driving convictions or endorsements
- Legal documents such as those proving one’s right to live and work in the United Kingdom
- Details may be held on record of any disciplinary offences incurred that have not expired
- Where required, the company may be required to obtain a DBS Check (Data Barring Service, formerly known as a CRB Check)
- Details of any grievances raised in the past
- Application forms and CV’s and/or previous qualification certificates
- Any necessary health and safety information such as:
- Mental or physical health, including disability or any dates of absence from work due to illness and the reason for the absence.
- Matters relating to pregnancy and maternity leave.
- Criminal convictions.
- Race or ethnic origin.
- Pensionable pay or contributions.
- Age and years of service.
- Membership of recognised trade union.
Such information will only be gathered and used for the specified purpose of ensuring employees health, safety and wellbeing, or to ensure Canal Engineering comply with their legal duties. This list provides examples only and is not exhaustive.
As a training provider, Betterweld will also hold on file confidential information regarding its students. This may include:
- Exam results and/or expected results
- Names, Addresses and contact information including telephone numbers
- Any legal documents required such as proof of age
- Any application forms
- Details about class attendance, coursework marks, grades or associated comments
- Any necessary health and safety information such as a student’s disability or pregnancy. Such information will only be gathered and used for the specified purpose of ensuring students health,
safety and wellbeing, or to ensure Canal Training Academy comply with any legal duties placed upon them.
3.0 ACCESS TO PERSONAL DATA
3.1 SUBJECT ACCESS REQUEST
At any time, an individual may request to see the information which we hold on file for them. The cost of such a request is £10 and must be made in writing to the Human Resources Officer. For the purposes of other individual’s data protection, Betterweld Groupd Ltd reserve the right to amend, alter or hide any information held on file which has been used as a witness statement for the purposes of any previous disciplinary or grievance procedure if by declaring this to the individual would expose another employee, visitor or student to a data protection breach. We aim to comply with requests for access to personal information as quickly as possible but will ensure that it is provided within 21 days unless there is good reason for delay. In such cases, the reason for delay will be explained in writing to the data subject making the request.
4.0 EXAMINATION MARKS AND COURSEWORK
The Academy may hold on file information regarding its students such as examination results, predicted results or coursework grades however, such examples may take longer to process. We may decide to withhold any certificates, references or accreditation if students fail to return any Betterweld equipment or fees.
5.00 RETENTION AND DISPOSAL OF DATA
5.1 RETENTION OF DATA
As both an employer and a training provider, we will keep certain necessary information regarding our employees and students. Some information may be kept for longer than others. Data is retained according to the suggested retention periods published by Buzzacott:
http://www.buzzacott.co.uk/uploads/insights/Buzzacott%20Insight%20Retention%20of%20Account%20Updated.pdf Retention of Accounting Records (Insights July 2009.) A copy of this article can be found by following the above link. Alternatively, a copy can provided upon request to the line manager or the Training Academy Manager.
5.2 DISPOSAL OF DATA
In line with our archiving guidelines, we are unable to store data indefinitely. Please see the retention and disposal guidelines by Buzzacot for specific times.
Hard copies of data held on file will be shred to an illegible size and electronic copies of data will be removed from all drivers and servers.
6.0 STAFF AND STUDENT RESPONSIBILITIES/OBLIGATIONS
6.1 STAFF RESPONSIBILITIES
Although this policy does not form part of our employees contract of employment, failure to follow this policy or deliberate and/or repeated attempts to ignore this policy may result in the company’s disciplinary procedure being invoked. Any unauthorised disclosure of data may be considered a disciplinary matter and may be considered gross misconduct. All staff are responsible for ensuring that:
- Any data we hold is kept up to date
- Any personal data they hold is kept securely locked away or in password protected folders.
- For the purposes of this policy; “locked” means, locked away in filing cabinets, kept in a locked drawer, or kept only on discs which are themselves secure
- No personal information is disclosed to any 3rd parties verbally, in hard copy or by any other means accidentally
6.2 STUDENT RESPONSIBILITIES
All students of Betterweld Groupd Ltd must ensure that they keep any data held on them up to date. This includes contact numbers and addresses, as well as next of kin.
7.0 EMERGENCY ARRANGEMENTS
If, despite the current security arrangements already in place, there is a potential or confirmed security breach, employees must ensure that they follow the contingency procedure. The breach may arise from a theft, a deliberate hacking of our systems, the unauthorised use of personal data by a member of staff, student or visitor, by accidental loss, or through equipment failure. In any case the following procedure should be followed:
- Inform the line manager immediately, where this is not applicable, the Training Academy Manager should be informed.
- The Office Manager should be made aware with immediate effect.
- The Office Manager will put together a recovery plan, including damage limitation, assess the risks associated with the breach and inform the appropriate people and organisations that the breach has occurred; this may mean re-setting systems, passwords and processes on the server if the breach has been made electronically to prevent any further access.
- The Office Manager will assess the severity of the breach in order to gauge the potential adverse consequences for individuals or the organisation
- If necessary, and if the breach is deemed serious enough, the Office Manager or the Financial Director will notify any 3rd parties including (where appropriate) the individuals concerned; any regulatory bodies; other third parties such as the police and the banks; or the media.
- After such a breach a full root cause investigation of the breach and an evaluation of our response to it will be carried out. Once completed, any
required changes to our policies and procedures will be made accordingly.
Compliance with the Data Protection Act 1998 is the responsibility of all employees, visitors’ and students of Betterweld Groupd Ltd.
Pages / Sections
First issue of procedure