Scope of the Policy
The General Data Protection Regulations (GDPR) applies to ‘personal information’ and is defined as any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
The Diamond Metal Finishing Co Ltd (TDMFCL) recognises that the correct and lawful treatment of personal information will maintain confidence in the organisation and will provide for successful business operations.
Protecting the confidentiality and integrity of personal information is taken seriously at all times.
Information protection principles
TDMFCL will comply with information protection law, so personal information we hold must be:
1. Used lawfully, fairly and in a transparent way.
2. Collected only for valid purposes and not used in any way which is incompatible with those purposes.
3. Relevant to the purpose of use and limited only to those purposes.
4. Accurate and kept up to date.
5. Kept only as long as necessary for the purpose intended.
6. Kept securely.
Under the new GDPR we have a number of lawful reasons that we can use (or ‘process’) your personal information. One of the lawful reasons is called ‘legitimate interests’.
Broadly speaking Legitimate Interests means that we can process your personal information if:
We have a genuine and legitimate reason and we are not harming any of your rights and interests
So, what does this mean?
When you provide your personal details to us we use your information for our legitimate business interests to administer clients/customer account, fulfil orders, answer queries and provide quotes.
Purpose for collecting personal information
Companies: for the administration of the associated standard of work contracted to undertake
i.e. Surface treatments or any other related service employed to administer.
Suppliers and Sub-contractors: for the completion of orders or contracts in direct relation to the ongoing continuation of the business relationship.
Employees: for contract of employment and associated records and communication.
Personal information collected and retained
The following information may be collected and retained:
Clients, suppliers and sub-contractors: mainly through arranged site visits but also via e-mail, post or Marketing , by phone may include variations of names, positions, copies of qualification certificates and direct contact details i.e. e-mail addresses, phone numbers (company or private) etc
Employees: from direct contact, details may include the name, address, telephone number, e-mail address, date of birth, gender, marital status, salary, bank, pension, National Insurance, employment detail and any human resources administration i.e. disciplines, photographs, driving licenses etc.
Personal information will only be used for the purposes stated above, unless it is reasonably considered that there is a need to use it for another reason and that reason is compatible with the original purpose.
If it is required for an unrelated purpose, then TDMFCL will notify you and explain the legal basis which allows the company so to do. However, customer, supplier, sub-contractor and employee consent or otherwise is still required to use personal information in the present manner
Consent may also be withdrawn at any time with the agreement of all parties concerned.
Security Integrity and Confidentiality
Personal Information is secured and protected against unauthorised or unlawful processing and against accidental loss, destruction or damage.
Confidentiality & Availability:
only people who have a need to know and are authorised can access it.
– Integrity: that personal information is accurate and suitable for the purpose for which it is processed.
Access and sharing
Personal information is only used in communication between TDMFCL employees and the related company or individual as part of normal auditing, recording, reporting, analysis and research within the context of the agreement between the relevant parties.
Any company or individual has a right to request access to their personal information regarding correction, erasure, restriction, change of mind, to object to any processing or to request a transfer.
This allows a copy of the personal information held to be checked for detail and that TDMFCL is lawfully processing that information.
TDMFCL may need to request confirmation of identity to ensure a right to access the personal information.
Storage and Security
Storage: all personal information is only retained on the main TDMFCL Server for use for that particular company or contact or employee. Any hard copies are only temporarily retained for that particular company or individual until delivery at the next convenient time.
Back-ups on HD and USB are retained at the TDMFCL premises and only available to TDMFCL personnel.
Security: all third-party service providers are required to take appropriate security measures to protect your personal information in line with our policy and we do not allow our third-party service providers to use your personal information for their own purposes.
As a duty of confidentiality, measures are in place to protect the security of your information to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way altered or disclosed.
Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
Security Breaches: procedures to deal with any suspected information security breach are in place
including immediate communication to any relevant parties regarding the breach and any actions taken.
Personal information is only retained for as long as necessary to fulfil the purposes it was collected for, during the period of the contractual relationship and may include satisfying any legal, accounting, or reporting requirements. This appropriate retention period will also consider the purpose, amount, nature, sensitivity, potential risk of harm from unauthorised use or disclosure of personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
Hard Copies: these are shredded or disposed of in a manner that the details cannot be used
Computer Records: are deleted from the appropriate storage facility.
Changes to this privacy notice
TDMFCL reserves the right to review and update this privacy notice at any time.
For and on behalf of The Diamond Metal Finishing Co Ltd
Steve Pendleton Sales & Marketing Director
Dated: 18th May 2018