COMPLIANCE
DATA PROTECTION POLICY
Euroside Construction Group is fully committed to ensuring compliance with the requirements of the General data protection regulation (“The Regulation”), and regards the lawful and correct treatment of personal data as important to its successful operations and maintaining confidence between us and those whom we interact.
Data protection compliance should be seen as an integral part of employment practiCe. It is important to develop a culture in which respect for private life, data protection, security and confidentiality of personal information is seen as the norm.
Scope
Additional policies and procedures have been established to ensure that all employees who have access to any personal data held by, or, on behalf of us are fully aware of, and abide by their duties under the regulation..
This policy applies to all employees of Euroside Construction Group.
All our employees should be aware of and work within their responsibilities for the personal data they hold about an individual.
Data
Data is information which is stored electronically or in paper based filing systems.
Personal data is any data relating to living person, who can be identified through this data. This can be a person, who can be identified through this data. This can be a personal email address, home address, date of birth, habits, lifestyle, computer IP address, education, and includes any expression of opinions about that person such as that held in probation reviews, PDRs.
Special Category Data: This data is sensitive personal data about the individual such as:
-
Physical or mental health
-
Sexual orientation
-
Racial or ethnic origin
-
Political Opinions
-
Religion or Beliefs
-
Trade Union Membership
In addition, while criminal record checks are separately categorised under the regulation they are treated in a similar way due to sensitivity of this data.
INDIVIDUAL RIGHTS PROTECTED UNDER THE REGULATION
-
The right to be informed
-
The right to access
-
The right to rectification
-
The right to be forgotten
-
The right to restrict processing
-
The right to object
-
The right to data portability
-
Rights in relation to automated decision making
REPORTING BREACHES
Any breaches of the regulation, whether deliberate or not, should be reported to the manager without delay. This will enable all necessary measures to be put in place to minimise and mitigate any breaches. Information should include factual information as possible as to the breach as taken place.
We encourage all those who have any concerns about how personal data is being processed, whether the breach has been made or not, to discuss this matter further. This will ensure any proactive measures such as training or procedural changes can be instigated and can prevent future breaches.
Any deliberate and malicious breach of an individual’s personal data will lead to disciplinary action undertaken.
SUBJECT ACCESS REQUEST
Under the regulation, an individual can request access to personal information about themselves which is controlled by the company. To do this you should email the office manager to retain the information.