Policy Statement
McCloy Consulting Ltd collects and uses information about people with whom it communicates. This personal information must be dealt with properly and securely however it is collected, recorded and used – whether on paper, in a computer, or recorded on other material – and there are safeguards to ensure this in the Data Protection Act 1998.
McCloy Consulting Ltd regards the lawful and correct treatment of personal information as very important to the successful and efficient performance of its functions, and to maintain confidence between those with whom it deals.
To this end McCloy Consulting fully endorses and adheres to the Principles of Data Protection, as set out in the Data Protection Act 1998.
The Company is also committed to processing data in accordance with its responsibilities under the General Data Protection Regulation (GDPR).
Principles
The Data Protection Act 1998 regulates the processing of information relating to living and identifiable individuals (data subjects). This includes the obtaining, holding, using or disclosing of such information, and covers computerised records as well as manual filing systems and card indexes.
Data users must comply with the data protection principles of good practice which underpin the Act. To comply with the law, information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully.
To do this McCloy Consulting follows the eight Data Protection Principles outlined in the Data Protection Act 1998, which are summarised below:
I. Personal data will be processed fairly and lawfully
II. Data will only be collected and used for specified purposes
III. Data will be adequate, relevant and not excessive
IV. Data will be accurate and up to date
V. Data will not be held any longer than necessary
VI. Data subject’s rights will be respected
VII. Data will be kept safe from unauthorised access, accidental loss or damage
VIII. Data will not be transferred to a country outside the European Economic Area, unless that country has equivalent levels of protection for personal data.
The principles apply to “personal data” which is information held on computer or in manual filing systems from which they are identifiable. McCloy Consulting’s employees who process or use any personal information in the course of their duties will ensure that these principles are followed at all times.
Purposes
McCloy Consulting obtains personal data (such as names, addresses, and phone numbers) from customers/clients. This data is obtained, stored and processed solely to assist staff in the efficient running of services. Personal details supplied are only used to send material that is potentially useful. Most of this information is stored on the organisation’s central server.
By using our website or providing us with your personal information you are agreeing to this policy.
This Policy only relates to personal information collected by us via our websites or from:
- Purchasing goods or services from us
- Participation in a collaborative activity
- Participation in joint project
- Applying for a job
- Phoning us
- Writing to us
- Sending us an email.
This Privacy Policy does not apply to personal information provided to us via any other website. Users should be aware that if they access other websites, using the links provided, these are outside our control. If you provide personal information to other companies, the privacy polices of those companies determine how the information is used and our Privacy Policy will no longer apply.
Consent
Data is collected over the phone and using other methods such as e-mail. Written consent is not requested as it is assumed that the consent has been granted when an individual freely gives their own details.
Personal Data held or stored by McCloy Consulting will not be passed on to anyone outside the organisation without explicit consent from the data owner unless there is a legal duty of disclosure under other legislation, in which case the Director will discuss and agree disclosure.
Access
Only the organisation’s staff will normally have access to personal data. All staff are made aware of the Data Protection Policy and their obligation not to disclose personal data to anyone who is not supposed to have it.
Information supplied is kept in a secure filing, paper and electronic system and is only accessed by those individuals involved in the delivery of the service.
Individuals will be supplied with a copy of any of their personal data held by the organisation if a request is made.
All confidential post will be opened by the addressee only.
Accuracy
McCloy Consulting will take reasonable steps to keep personal data up to date and accurate. Personal data will be stored for as long as the data owner/ client/ member uses our services and normally longer. Where an individual ceases to use our services and it is not deemed appropriate to keep their records, their records will be destroyed. However, unless we are specifically asked by an individual to destroy their details, we will normally keep them on file for future reference.
If a request is received from an organisation/ individual to destroy their records, we will remove their files from the database and request that all staff holding paper or electronic details for the organisation destroy them.
This procedure applies if McCloy Consulting is informed that an organisation ceases to exist.
Storage
Personal data may be kept in paper-based systems and on a password-protected computer system. Paper-based data are stored in organised and secure systems.
Use of Photographs
Where practicable, McCloy Consulting will seek consent of members/ individuals before displaying photographs in which they appear. If this is not possible (for example, a large group photo), the organisation will remove any photograph if a complaint is received. This policy also applies to photographs published on the organisation’s website or newsletters.
Criminal Records Bureau
McCloy Consulting will act in accordance with the CRB’s code of practice.
Copies of disclosures are kept for no longer than is required. In most cases this is no longer than 6 months in accordance with the CRB Code of Practice. There may be circumstance where it is deemed appropriate to exceed this limit e.g. in the case of disputes.
Responsibilities of staff
During the course of their duties with McCloy Consulting, staff will be dealing with information such as names/addresses/phone numbers/e-mail addresses of clients and others involved with project related correspondence. They may be told or overhear sensitive information while working for McCloy Consulting. The Data Protection Act (1988) gives specific guidance on how this information should be dealt with. In short to comply with the law, personal information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully. All staff must abide by this policy.
Compliance
Compliance with the Act is the responsibility of all staff. McCloy Consulting will regard any unlawful breach of any provision of the Act by any staff, paid or unpaid, as a serious matter which will result in disciplinary action. Any employee who breaches this policy statement will be dealt with under the disciplinary procedure which may result in dismissal for gross misconduct. Any such breach could also lead to criminal prosecution.
Any questions or concerns about the interpretation or operation of this policy statement should in the first instance be referred to the line manager.
Retention of Data
No documents will be stored for longer than is necessary. All documents containing personal data will be disposed of securely in accordance with the Data Protection principles, this includes shedding paper copies of confidential or sensitive information.