T: 01225 308778 W: www.neptuneaquatics.co.uk E:info@neptuneaquatics.co.uk
Policy Document
Introduction
This policy applies to any record containing personal data about a job applicant, an employee, ex-employee or a service user, regardless of whether it is a computerised record or a handwritten record for the purposes of the GDPR 2016
This policy will cover how information relating to individuals is gathered, used and stored.
Section 1 – Policy on the processing of personal information
Policy Statement
The Company recognises its responsibilities under GDPR and will seek to put in place arrangements which ensure compliance with its obligations.
In particular The Company will ensure that all data and/or personal information:
Responsibilities | Name | Role |
Data Controller/Data Protection Officer (DPO) | David Westbrook | Managing Director |
Implementing the policy
Data Controller/Data Protection Officer (DPO)
They have the following responsibilities:
The Data Controller/Data Protection Officer (DPO) will be provided with sufficient training, information and time to carry out his/her responsibilities and will have the authority to enforce the requirements made under this policy or under any relevant piece of legislation where this supersedes the Company Policy.
The Data Controller/Data Protection Officer (DPO) is charged with ensuring that the Company complies with its obligations on data protection. To enable this, the Data Controller/Data Protection Officer (DPO) will have authority to inspect any system for gathering or storing data relating to either staff or customers.
Section 2 - Requirements for processing personal data
Data Principles
Anyone processing personal data must comply with the eight enforceable principles of good practice contained within the the Act contains eight basic principles, which state that personal data must:
There are now a number of rights of the individual:
Personal data covers both facts and opinions about the individual. It also includes information regarding the intentions of the data controller towards the individual.
The data we collect
Area of the company | How is consent gained | How it data Stored | How is data used | How long is data kept |
Contact us form | At time of use | Jotforms - Online Facebook - Online | To respond to any comments or questions | Every 12 weeks |
Swimming Lessons Booking forms Leavers form Update forms | At time of booking, Can be found on homeportal | Jotforms - Online Coursepro - Online | To provide information about swimming lessons | Destroyed 12 weeks after leaving |
N.B. Please be aware that all emails from coursepro booking system are considered service emails and therefore are not covered by GDPR | ||||
Hydrotherapy Pool Booking forms | At time of booking, | BookWhen - Online | To allow individuals to book sessions at the relevant pool | Destroyed after 5 years from last visit |
N.B. Please be aware that all emails from coursepro booking system are considered service emails and therefore are not covered by GDPR | ||||
Training Courses Booking forms Evaluation forms | At time of booking, | Jotforms - Online STAonline - Online GoogleDrive - Online | To provide details about the individuals for Awarding body assessment | Destroyed after 5 years after end date of course |
Swim Shop | As they make a purchase the agree to our Term and conditions | Shopify - online | To record products ordered and to ensure products are sent to correct address | Destroyed after 5 years from the last order being placed |
As an employee you have both rights and obligations under Data Protection legislation. Reading this policy and guidance will help you understand some of these rights and obligations. If you have any queries about these you should contact the Data Protection Officer. The guidance provided in this section is of a general nature and will act as a framework.
Obtaining information
Whenever you need to collect personal information, including sensitive personal information ask yourself:
Retention of data
It is not in the interest either of data subjects or of the Company to retain unnecessary or duplicative information. The Company does, however, retain some data relating to former staff and customers partly in order to comply with statutory requirements but also as a way of maintaining a complete historical record. Nonetheless, it is Company policy to discourage the retention of personal data within files for longer than stated in the ‘data we collect’ chart (found above).
Access to data
Staff, customers and others in contact with the Company will have the right to access personal data, about them, that is being kept about them either on computer or in manual files. This will normally be provided by way of time to view the data held and to have copies of the personal data or a report of the data held, depending on the type and format of the original data.
Any person who wishes to exercise this right should make a written request to the Data Protection Officer. The Company reserves the right to levy a charge of £10 on each occasion that access is requested to cover the administrative time and cost of making photocopies, this charge will not apply if the documents are sent electronically.
The Company aims to comply with requests for access to personal information from data subjects as quickly as possible, but will ensure that it is provided within 1 month from the date of the request.
Storing Information and security of data
All staff must ensure that:
Staff should note that unauthorised disclosure may be a disciplinary matter, and could be considered gross misconduct in certain cases.
Additionally, staff must ensure that, where a third party processes data on the Neptune Aquatic Solutions behalf (a partner Company, for example) there is a written contract between the parties which specifies that the processor agrees to act on the Neptune Aquatic Solutions instructions and to abide by the provisions of the Act in connection with data security.
Staff should make reasonable efforts to ensure that all personal information is kept securely but should pay particular attention to the security of sensitive data. All personal data should be accessible only by those who need to use it and sensitive data must be either kept in a lockable room with controlled access, or:
Staff need to take appropriate security precautions in respect of day-to-day PC usage. Care must be taken to ensure that PCs and terminals are not visible except to authorised staff and that computer passwords are used and kept confidential.
Neptune Aquatic Solutions Page of
Neptune Aquatic Solutions
Neptune Aquatic Solutions Ltd is a registered company in England
Company Number: 8486645 VAT number: 159 8308 71
Neptune Aquatic Solutions,Office 1, 11a Church Street, Melksham, Wiltshire SN12 6LS