Bearings & Drives Ltd recognise that the correct and lawful treatment of Personal Information will maintain confidence in the organisation and will provide for successful business operations.
Protecting the confidentiality and integrity of Personal Information is taken seriously at all times
Scope of the Policy
The GDPR applies to ‘personal information’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
Information protection principles
BDL will comply with information protection law, so personal information we hold must be:
1. Used lawfully, fairly and in a transparent way.
2. Collected only for valid purposes and not used in any way that is incompatible with those purposes.
3. Relevant to the purpose of use and limited only to those purposes.
4. Accurate and kept up to date.
5. Kept only as long as necessary for the purpose intended.
6. Kept securely.
Purpose for collecting personal information
Personal information is collected and retained for the following purposes:
- Customers: We will collect personal data with the overall aim of providing a better service and to enable
us to perform the necessary administration of the associated standard of work contracted to undertake.
- Suppliers and Sub-contractors: for the completion of orders or contracts in direct relation to the on-going continuation of the business relationship.
- Employees: for contract of employment and associated records and communication.
Personal information collected and retained
The following information may be collected and retained:
- Clients, suppliers and sub-contractors: mainly through arranged site visits but also via e-mail, post or by phone may include variations of names, positions, copies of qualification certificates and direct contact details i.e. e-mail addresses, phone numbers (company or private) etc
- Employees: from direct contact, details may include the name, address, telephone number, e-mail address, date of birth, gender, marital status, salary, bank, pension, national insurance, employment detail and any human resources administration i.e. discipline’s, photographs etc
Your right to withdraw consent
Personal information will only be used for the purposes stated above, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
You have the right to withdraw your consent at any time.
To withdraw your consent you can speak to a member of staff on 01260 299744 who will put you in contact with the data protection manager or email firstname.lastname@example.org.
Once we have received notification that you have withdrawn your consent, we will no longer process your data for the purpose or purposes you originally agreed to.
Security Integrity and Confidentiality
Personal Information is secured and protected against unauthorised or unlawful processing and against accidental loss, destruction or damage.
- Confidentiality & Availability: only people who have a need to know and are authorised can access it.
- Integrity: that personal information is accurate and suitable for the purpose for which it is processed.
Page 1 of 2
Access and sharing
The information is only used in communication between BDL employees and the related company or individual as part of normal auditing, recording, reporting, analysis and research within the context of the agreement between the relevant parties.
Any company or individual has a right to request access to their personal information regarding correction, erasure, restriction, for a change your mind, to object to any processing or to request a transfer.
This allows a copy of the personal information held to be checked for detail and that BDL are lawfully processing that information.
BDL may need to request confirmation of identity to ensure a right to access the personal information.
Storage and Security
- Storage: all personal information is only retained the main BDL computer for use for that particular company or contact. Any hard copies are only retained for delivery at the next convenient time.
Back-ups on HD and USB are retained at the BDL premises and only available to BDL personnel.
- Security: all third-party service providers are required to take appropriate security measures to protect your personal information in line with our policy and we do not allow our third-party service providers to use your personal information for their own purposes
As a duty of confidentiality, measures are in place to protect the security of your information (available on request) to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure
- Security Breaches: procedures to deal with any suspected information security breach are in place including immediate communication to any relevant parties regarding the breach and any actions taken..
Personal information is only retained for as long as necessary to fulfil the purposes it was collected for, during the period of the contractual relationship and may include satisfying any legal, accounting, or reporting requirements. This appropriate retention period will also consider the purpose, amount, nature, sensitivity, potential risk of harm from unauthorised use or disclosure of personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
- Hard Copies: these are shredded or disposed of in a manner that the details cannot be used
- Computer Records: are deleted from the appropriate storage facility
Changes to this privacy notice
Page 2 of 2
This policy was last updated on May 18, 2018