Beighton Construction

DATA PROTECTION POLICY

 

Introduction

Beighton Construction Ltd needs to gather and use certain information about individuals including Clients, suppliers, business contacts, employees and other people that the company has a relationship with or may need to contact in the course of business.

This data protection policy ensures that Beighton Construction Ltd;

  • Complies with data protection law and follows good practice
  • Protects the rights of staff, customers and other associates
  • Is open about how it stores and processes individuals’ data
  • Protects itself from the risk of a data breach

Data Protection Law

The Data Protection Act 1998 describes how organisations including Beighton Construction Ltd must collect, handle and store personal information.

These rules apply regardless of whether date is stored electronically, on paper or on other materials.

To comply with the Law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully.

The Data Protection Act is underpinned by eight important principles. These say that personal data must:

  1. Be processed fairly and lawfully
  2. Be obtained only for specific, lawful purposes
  3. Be adequate, relevant and not excessive
  4. Be accurate and kept up to date
  5. Not be held for longer than necessary
  6. Be processed in accordance with the rights of data subjects
  7. Be protected in appropriate ways
  8. Not be transferred outside of the European Economic Area (EEA), unl;ess that country or territory also ensures an adequate level of protection

This policy applies to:

  • Beighton Construction Ltd offices located on Dunston Road, Chesterfield, S41 8XA
  • All staff and associates of Beighton Construction Ltd
  • All contractors, suppliers and others working on behalf of Beighton Construction Ltd

It applies to all data that the company holds relating to identifiable individuals. This can include:

  • Names of individuals
  • Postal addresses
  • Email addresses
  • Telephone numbers
  • Plus any other personal information relating to individuals

THIS POLICY HELPS TO PROTECT Beighton Construction Ltd from some very real data security risks, including:

  • Breaches of confidentiality. For instance, information being given out inappropriately.
  • Failing to offer choice. For instance, all individuals should be free to choose how the company uses data relating to them.
  • Reputational damage. For instance, the company could suffer if hackers successfully gained access to sensitive data.

Responsibilities

Everyone who works for or with Beighton Construction Ltd has some responsibility for ensuring data is collected, stored and handled appropriately.

However, these people have key areas of responsibility:

  • The board of directors is ultimately responsible for ensuring that Beighton Construction Ltd meets its legal obligations.
  • The Data Protection Officer, PETER BEIGHTON is responsible for:
  • Keeping the board updated about data protection responsibilities, risks and issues.
  • Reviewing data protection procedures regularly
  • Arranging data protection training and advice for the people covered by this policy
  • Dealing with requests from individuals to see the data that Beighton Construction holds about them
  • Checking and approving any contracts with third parties that may handle the company’s sensitive data.

This company has retained the services of a specialist computer management team provided by

H W Dansies Ltd, 409 Chatsworth Road, Chesterfield, S40 2DH to ensure that:

  • All systems, services and equipment used for storing data meet acceptable security standards.
  • They perform regular checks and scans to ensure security hardware and software is performing properly.
  • They will provide evaluations of any third party services the company is considering using to store or process data. For instance, cloud computing services.
  • They will ensure that all computers at Beighton Construction are protected by approved security software and a firewall.

General Staff Guidelines

  • The only people able to access data covered by this policy are those who need it for their work.
  • Data should not be shared informally.
  • Employees should keep all data secure, in particular, strong passwords must be used and never shared.
  • Personal information should never be disclosed to unauthorised people, either within the company or externally, especially via the telephone.
  • Data should be regularly updated and if no longer required, it should be deleted and/or shredded.

Data Storage

These rules describe how and where data should be safely stored.

When data is stored on paper, it should be kept in a secure place where unauthorised people cannot see it. When not in use, the paper /files are to be kept in a locked drawer or filing cabinet.

Printouts are not to be left where unauthorised people can see them, like on a printer, fax or copy machines.

Data printouts must be shredded and disposed of securely after use.

When data is stored electronically, it must be protected from unauthorised access, accidental deletion and malicious hacking attempts.

  • Data should be protected by strong passwords, changed regularly and never shared between employees.
  • If data is stored on removable media such as DVD or CD; these must be locked away securely when not in use.
  • Data should be backed up daily. These backups are to be tested regularly.
  • Data should never be saved directly to laptops, tablets or smartphones.

Data Accuracy

The Law requires Beighton Construction Ltd to take reasonable steps to ensure data is kept accurate and up to date. This is the responsibility of all employees at Beighton Construction Ltd.

Data will be held in as few places as necessary, Staff are not to create additional data sets.

Staff should take every opportunity to ensure data is updated, by confirming addresses, telephone numbers etc.

When you Visit a Website

You can visit our website without giving away your personal information. Beighton Construction uses Google Analytics in order to improve our service, user experience and analyse how the website is used. Aside from the approximate location (IP address), the information collected by Google Analytics is mostly anonymous traffic data including browser information, device information, language. We do not collect additional information, such as your age, gender, interests, bank details or clickstream. The collected information is used to provide an overview of how people are accessing and using the Beighton Construction website. It is not used for any additional purpose, such as to profile those who access our website.

Access Requests

All individuals are entitled to:

  • Ask what information the company holds about them and why.
  • Ask how to gain access to it.
  • Be informed how to keep it up to date
  • Be informed how the company is meeting its data protection obligations.

Subject access requests from individuals should be made in person through normal communication channels and a suitable opportunity to see relevant files will be offered free of charge.

Disclosing Data for Other Reasons

In certain circumstances, the Data Protection Act allows personal data to be disclosed to law enforcement agencies without the consent of the data subject.

Under these circumstances the company will disclose requested data after ascertaining that the request is legitimate, and under advisement from the board of directors and/or the company’s legal advisors.