Cocksedge Building Contractors needs to gather and use certain personal information about individuals. This may include categories such as customers, suppliers, business contacts, employees; sub-contractors, professional advisers and others with whom it does business.
This Personal Information Protection Policy Statement describes how an individual’s personal data must be collected, handled and stored to meet its legal compliance obligations under the General Data Protection Regulation (GPDR).
This Policy ensures that Cocksedge Building Contractors
- • Complies with the requirements of the GDPR and best practice
- • Protects the rights of all those whose personal information Cocksedge Building Contractors processes
- • Is open as to how it stores and processes an individual’s personal information
- • Protects itself from the risk of breaching the requirements of the GDPR
Protection of Personal Information
A senior member of staff is appointed to advise Cocksedge Building Contractors employees on the rules needed to ensure compliance with data protection laws. Its employees know who to approach if they have any questions regarding this Policy or anything related to the processing of personal information.
Processing of Personal Information
All Cocksedge Building Contractors employees are trained in the need to ensure security of personal information and in particular heads of departments who are those responsible for day-to-day control of personal information. These responsibilities and categories are clearly defined in separate documentation within our Business Management System which complies with BS EN ISO 9001:2015.
Processing Sensitive Personal Information
Employees are aware of how to identify sensitive personal information and how to process it lawfully and according to Cocksedge Building Contractors policy.
Subject Access Requests
Subject access requests will be dealt with promptly and certainly within 1 month of the request. The information with be provided in a Personal Information Notice which will be in appropriate and clear language and will provide the information necessary for the enquirer to understand the nature and content of any personal information Cocksedge Building Contractors retains on that individual.
Breaches in Personal Information Protection
All staff members have an obligation to report data protection breaches to a senior member of Cocksedge Building Contractors staff such as a director or contact the ICO if they have concerns relating to a breach. This will allow the appropriate personnel to investigate further and take the necessary steps to rectify the issue in a timely manner.
Cocksedge Building Contractors employees are trained in personal information data protection, the requirements of the GDPR and the actions they are required to undertake. Training is delivered to all employees upon induction into Cocksedge Building Contractors and refresher training will be delivered regularly and on any such occasion that the requirements of the GDPR change.
A privacy notice is published on the Cocksedge Building Contractors web-site.
Consequences of Failing to Comply with This Policy
The consequences of failing to comply with this Policy and for any breaches of the GDPR are clearly outlined in the Cocksedge Building Contractors hand-book and may, in extreme cases, result in disciplinary action leading to dismissal.
This Personal Information Protection Policy is endorsed, maintained and reviewed annually by the Board of Directors of Cocksedge Building Contractors.
A copy of this document can be downloaded here