Issue 1 – Updated May 2018
We may have to collect and use information about people with whom we work. These may include members, current, past and prospective employees, clients, and suppliers. This personal information must be handled and dealt with properly, however it is collected, recorded and used, and whether it be on paper, in computer records or recorded by any other means.
We regard the lawful and correct treatment of personal information as very important to our successful operation and to maintaining confidence between us and those with whom we carry out business. We will ensure that we treat personal information lawfully and correctly.
To this end we fully endorse and adhere to the principles of the General Data Protection Regulation (GDPR).
This policy applies to the processing of personal data in manual and electronic records kept by us in connection with its human resources function as described below. It also covers our response to any data breach and other rights under the GDPR.
This policy applies to the personal data of job applicants, existing and former employees, apprentices, volunteers, placement students, workers and self-employed contractors. These are referred to in this policy as relevant individuals.
We may collect and process the following data about you:
- Information you give us. This may arise from you filling in quote forms. Job applications on our website or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you complete the job application form, when you change/update your personal details, contact preferences etc. and when you report a problem with our site. The information you give us may include your name, address, e-mail address and phone number, financial.
- Information we receive from other sources. With regard to information we are legally obliged to check as a Transport Operator we collect the following information:
– Driving licence checks;
– PCO Licence checks;
– Enhanced Criminal Record Check.
We use information held about you in the following ways:
- Information you give to us. We will use this information:
– to review your job application;
– to submit your application for a PCO Licence;
– providing always that you have given to us the necessary consent, share with our contracting clients and customers;
– to notify you about changes to our service;
– to communicate with you notices of importance.
- Information we receive from other sources. We may combine this information with information you give to us and information we collect about you to ensure you have the necessary and legally required licences to operate as an employee for Cruise Minibuses Ltd.
Disclosure of your information
Provided always that you have provided the necessary consent(s), legally we are required to share your information with selected third parties including:
Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you; and Licensing authorities.
We may disclose your personal information to third parties:
If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or to protect the rights, property, or safety of Cruise Minibuses Ltd, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Where we store your personal data
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
While we use strong encryption, both when your information is moving to or from our web services and also whilst your information is held by us, unfortunately the transmission of information via the internet can never be completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
All our employees are aware that personal information should be kept in a locked filing cabinet, drawer, or safe.
Employees are aware of their roles and responsibilities when their role involves the processing of data. All employees are instructed to store files or written information of a confidential nature in a secure manner so that are only accessed by people who have a need and a right to access them and to ensure that screen locks are implemented on all PCs, laptops etc when unattended. No files or written information of a confidential nature are to be left where they can be read by unauthorised people.
Where data is computerised, it should be coded, encrypted or password protected both on a local hard drive and on a network drive that is regularly backed up. If a copy is kept on removable storage media, that media must itself be kept in a locked filing cabinet, drawer, or safe.
Employees must always use the passwords provided to access the computer system and not abuse them by passing them on to people who should not have them.
Failure to follow the Company’s rules on data security may be dealt with via the Company’s disciplinary procedure. Appropriate sanctions include dismissal with or without notice dependent on the severity of the failure.
Requirement to notify breaches
All data breaches will be recorded on our Data Breach Register. Where legally required, we will report a breach to the Information Commissioner within 72 hours of discovery. In addition, where legally required, we will inform the individual whose data was subject to breach. More information on breach notification is available in our Breach Notification policy.
You have the following rights in relation to the personal data we hold on you:
-the right to be informed about the data we hold on you and what we do with it;
-the right of access to the data we hold on you. More information on this can be found in the section headed “Access to Data” below and in our separate policy on Subject Access Requests”;
– the right for any inaccuracies in the data we hold on you, however they come to light, to be corrected. This is also known as ‘rectification’;
– the right to have data deleted in certain circumstances. This is also known as ‘erasure’;
– the right to restrict the processing of the data;
– the right to transfer the data we hold on you to another party. This is also known as ‘portability’;
– the right to object to the inclusion of any information;
– the right to regulate any automated decision-making and profiling of personal data.