Published using Google Docs
Policy.General Data Protection Regulations (GDPR)
Updated automatically every 5 minutes

T: 01225 308778             W: www.neptuneaquatics.co.uk             E:info@neptuneaquatics.co.uk

Policy Document

General Data Protection Regulations (GDPR)

General Data Protection Regulations (GDPR)

Introduction

This policy applies to any record containing personal data about a job applicant, an employee, ex-employee or a service user, regardless of whether it is a computerised record or a handwritten record for the purposes of the GDPR 2016

This policy will cover how information relating to individuals is gathered, used and stored.

Section 1 – Policy on the processing of personal information

Policy Statement

The Company recognises its responsibilities under GDPR and will seek to put in place arrangements which ensure compliance with its obligations.

 In particular The Company will ensure that all data and/or personal information:

Responsibilities

Name

Role

Data Controller/Data Protection Officer (DPO)

David Westbrook

Managing Director

Implementing the policy

Data Controller/Data Protection Officer (DPO)

They have the following responsibilities:

The Data Controller/Data Protection Officer (DPO) will be provided with sufficient training, information and time to carry out his/her responsibilities and will have the authority to enforce the requirements made under this policy or under any relevant piece of legislation where this supersedes the Company Policy.

 

The Data Controller/Data Protection Officer (DPO) is charged with ensuring that the Company complies with its obligations on data protection.  To enable this, the Data Controller/Data Protection Officer (DPO) will have authority to inspect any system for gathering or storing data relating to either staff or customers.

Section 2 - Requirements for processing personal data

Data Principles

Anyone processing personal data must comply with the eight enforceable principles of good practice contained within the the Act contains eight basic principles, which state that personal data must:

There are now a number of rights of the individual:

Personal data covers both facts and opinions about the individual. It also includes information regarding the intentions of the data controller towards the individual.

The data we collect

Area of the company

How is consent gained

How it data Stored

How is data used

How long is data kept

Contact us form

At time of use

Jotforms - Online

Facebook - Online

To respond to any comments or questions

Every 12 weeks

Swimming Lessons

Booking forms

Leavers form

Update forms

At time of booking,

Can be found on homeportal

Jotforms - Online

Coursepro - Online

To provide information about swimming lessons

Destroyed 12 weeks after leaving

N.B. Please be aware that all emails from coursepro booking system are considered service emails and therefore are not covered by GDPR

Hydrotherapy Pool

Booking forms

At time of booking,

BookWhen - Online

To allow individuals to book sessions at the relevant pool

Destroyed after 5 years from last visit

N.B. Please be aware that all emails from coursepro booking system are considered service emails and therefore are not covered by GDPR

Training Courses

Booking forms

Evaluation forms

At time of booking,

Jotforms - Online

STAonline - Online

GoogleDrive - Online

To provide details about the individuals for Awarding body assessment

Destroyed after 5 years after end date of course

Swim Shop

As they make a purchase the agree to our Term and conditions

Shopify - online

To record products ordered and to ensure products are sent to correct address

Destroyed after 5 years from the last order being placed

Guidance for staff members

As an employee you have both rights and obligations under Data Protection legislation.  Reading this policy and guidance will help you understand some of these rights and obligations.  If you have any queries about these you should contact the Data Protection Officer.  The guidance provided in this section is of a general nature and will act as a framework.

Obtaining information

Whenever you need to collect personal information, including sensitive personal information ask yourself:

Retention of data

It is not in the interest either of data subjects or of the Company to retain unnecessary or duplicative information.  The Company does, however, retain some data relating to former staff and customers partly in order to comply with statutory requirements but also as a way of maintaining a complete historical record.  Nonetheless, it is Company policy to discourage the retention of personal data within files for longer than stated in the ‘data we collect’ chart (found above).

Access to data

Staff, customers and others in contact with the Company will have the right to access personal data, about them, that is being kept about them either on computer or in manual files.  This will normally be provided by way of time to view the data held and to have copies of the personal data or a report of the data held, depending on the type and format of the original data.  

Any person who wishes to exercise this right should make a written request to the Data Protection Officer.  The Company reserves the right to levy a charge of £10 on each occasion that access is requested to cover the administrative time and cost of making photocopies, this charge will not apply if the documents are sent electronically.

The Company aims to comply with requests for access to personal information from data subjects as quickly as possible, but will ensure that it is provided within 1 month  from the date of the request.

Storing Information and security of data

All staff must ensure that:

Staff should note that unauthorised disclosure may be a disciplinary matter, and could be considered gross misconduct in certain cases.

Additionally, staff must ensure that, where a third party processes data on the Neptune Aquatic Solutions behalf (a partner Company, for example) there is a written contract between the parties which specifies that the processor agrees to act on the Neptune Aquatic Solutions instructions and to abide by the provisions of the Act in connection with data security.

Staff should make reasonable efforts to ensure that all personal information is kept securely but should pay particular attention to the security of sensitive data.  All personal data should be accessible only by those who need to use it and sensitive data must be either kept in a lockable room with controlled access, or:

Staff need to take appropriate security precautions in respect of day-to-day PC usage.  Care must be taken to ensure that PCs and terminals are not visible except to authorised staff and that computer passwords are used and kept confidential.  


Neptune Aquatic Solutions                Page  of

Neptune Aquatic Solutions

Neptune Aquatic Solutions Ltd is a registered company in England

Company Number:  8486645         VAT number: 159 8308 71

Neptune Aquatic Solutions,Office 1, 11a Church Street, Melksham, Wiltshire SN12 6LS