Rear Elevation

E. J. Taylor & Sons Limited, Quinlan Court

Latest Project

McCarthy & Stone (Developments) Limited
Butt Road Development

View other ongoing projects »

Trades Person?

Sign up to our database and we will contact you if opportunity arrises.
Sign Up »

Taylor Woodrow Ltd - Abbortsford Park, Bury St Edmunds, Suffolk Aldi Store, Colchester Countryside Properties - Fortuna Park, Colchester Roberge Site Management City & Country Ltd - South Building, Warley Hospital Site, Brentwood

Latest News from Roberge

Data Protection Policy Items 17-21 of 26

Posted: 23/05/18 09:33

Data Protection Policy Items 17-21 of 26

17.             Personal Data Collected, Held, and Processed

The following personal data is collected, held, and processed by the Company (for details of data retention, please refer to the Company’s Data Retention Policy):

 

Data Ref.

Type of Data

Purpose of Data

Full Name

Words

For Contact and CIS Tax Verification

Address

Words

For postal correspondence

Mobile Number

Numbers

For direct contact and payment notifications

Email Address

Words and Numbers

For electronic correspondence purposes

UTR Number

10 Numbers

For CIS Tax Verification

National Insurance Number

Letters and Numbers

For CIS Tax Verification

Date of Birth

Date

Age requirement for Health & Safety purposes

Bank Account Details

Words and Numbers

Required for payment purposes consisting of Account Name, Account Number & Sort-code

<>

<>

<>

<>

<>

<>

 

18.     Data Security - Transferring Personal Data and Communications

The Company shall ensure that the following measures are taken with respect to all communications and other transfers involving personal data:

18.1           All emails containing personal data must be encrypted [using SSL];

18.2           All emails containing personal data must be marked “confidential”;

18.3           Personal data may be transmitted over secure networks only; transmission over unsecured networks is not permitted in any circumstances;

18.4           Personal data may not be transmitted over a wireless network if there is a wired alternative that is reasonably practicable;

18.5           Personal data contained in the body of an email, whether sent or received, should be copied from the body of that email and stored securely. The email itself should be deleted. All temporary files associated therewith should also be delete;

18.6           Where personal data is to be sent by facsimile transmission the recipient should be informed in advance of the transmission and should be waiting by the fax machine to receive the data;

18.7           Where personal data is to be transferred in hardcopy form it should be passed directly to the recipient; and

18.8           All personal data to be transferred physically, whether in hardcopy form or on removable electronic media shall be transferred in a suitable container marked “confidential”.

 

19.     Data Security - Storage

The Company shall ensure that the following measures are taken with respect to the storage of personal data:

19.1           All electronic copies of personal data should be stored securely using passwords and data encryption;

19.2           All hardcopies of personal data, along with any electronic copies stored on physical, removable media should be stored securely in a locked box, drawer, cabinet, or similar;

19.3           All personal data stored electronically should be backed up  with backups stored [onsite] AND/OR [offsite]. All backups should be encrypted [using passwords];

19.4           No personal data should be stored on any mobile device (including, but not limited to, laptops, tablets, and smartphones), whether such device belongs to the Company or otherwise [without the formal written approval of Ben Himsworth and, in the event of such approval, strictly in accordance with all instructions and limitations described at the time the approval is given, and for no longer than is absolutely necessary]; and

19.5           No personal data should be transferred to any device personally belonging to an employee and personal data may only be transferred to devices belonging to agents, contractors, or other parties working on behalf of the Company where the party in question has agreed to comply fully with the letter and spirit of this Policy and of the GDPR (which may include demonstrating to the Company that all suitable technical and organisational measures have been taken).

 

20.     Data Security - Disposal

When any personal data is to be erased or otherwise disposed of for any reason (including where copies have been made and are no longer needed), it should be securely deleted and disposed of. For further information on the deletion and disposal of personal data, please refer to the Company’s Data Retention Policy.

 

21.     Data Security - Use of Personal Data

The Company shall ensure that the following measures are taken with respect to the use of personal data:

21.1           No personal data may be shared informally and if an employee, agent, sub-contractor, or other party working on behalf of the Company requires access to any personal data that they do not already have access to, such access should be formally requested from The Data Protection Officer;

21.2           No personal data may be transferred to any employees, agents, contractors, or other parties, whether such parties are working on behalf of the Company or not, without the authorisation of The Company’s Data Protection Officer;

21.3           Personal data must be handled with care at all times and should not be left unattended or on view to unauthorised employees, agents, sub-contractors, or other parties at any time;

21.4           If personal data is being viewed on a computer screen and the computer in question is to be left unattended for any period of time, the user must lock the computer and screen before leaving it; and

21.5           Where personal data held by the Company is used for marketing purposes, it shall be the responsibility of The Company’s Data Protection Officer to ensure that the appropriate consent is obtained and that no data subjects have opted out, whether directly or via a third-party service such as the TPS.

 Next