1.1.1 Satsafe Limited (the Company) is a private limited company registered in England and Wales no.: 08415883 and has a requirement to collect personal information about people with whom it deals in order to carry out its business and provide its services. Such people include customers, clients, employees (present, past and prospective), suppliers and other business contacts. The information may include name, address, email address, date of birth, private and confidential information and sensitive information. In addition, we may occasionally be required to collect and use certain types of such personal information to comply with the requirements of the law. No matter how it is collected, recorded and used (e.g. on a computer or hard copy) this personal information must be dealt with properly to ensure compliance with the Data Protection Act 1998 (the Act).
1.1.2 Satsafe Limited is registered with the Information Commissioner’s Office under registration reference: ZA241426. For the purpose of the Data Protection Act, the data controller is Satsafe Limited, 20 Crewe Road, Sandbach CW11 4NE and the Company’s nominated representative for the purpose of the Act is Stuart Millward.
1.1.3 The lawful and proper treatment of personal information by the Company is extremely important to the success of our business and in order to maintain the privacy of our service users and employees. We ensure that the Company treats personal information lawfully and correctly.
1.2 Data Protection Principles
The Company fully supports and complies with the eight principles of the Act which are summarised below:
1. Personal data shall be processed fairly and lawfully
2. Personal data shall be obtained/processed for specific lawful purposes
3. Personal data held must be adequate, relevant and not excessive
4. Personal data must be accurate and kept up to date
5. Personal data shall not be kept for longer than necessary
6. Personal data shall be processed in accordance with rights of data subjects
7. Personal data must be kept secure
8. Personal data shall not be transferred outside the European Economic Area (EEA) unless there is adequate protection
2.1 All Company Staff, employees, Directors and consultants are within the scope of this document including staff working in or on behalf of the Company (this includes sub-contractors, temporary staff and all permanent employees).
3. Roles and Responsibilities
3.1 The Company:
3.1.1 The Company shall
- Ensure that there is always one person with overall responsibility for data protection, currently this person is the Company Operations Director
- Provide clear lines of report and supervision for compliance with data protection
- Carry out regular checks to monitor and assess new processing of personal data and to ensure the Company notification to the Information Commissioner is updated to take account of any changes in processing of personal data
- Develop and maintain DPA procedures to include: roles and responsibilities, notification, subject access, training and compliance testing
3.2.1 All employees will, through appropriate training and responsible management:
- Observe all forms of guidance, codes of practice and procedures about the collection and use of personal information.
- Understand fully the purposes for which the Company uses personal information.
- Collect and process appropriate information, and only in accordance with the purposes for which it is to be used by the Company to meet its service needs or legal requirements.
- Ensure the information is correctly input into the Company systems.
- Ensure the information is destroyed (in accordance with the provisions of the Act) when it is no longer required.
- On receipt of a request from an individual for information held about them by or on behalf of immediately notify their line manager.
- Not send any personal information outside of the United Kingdom
- Understand that breaches of this Policy may result in disciplinary action, including dismissal.
4. Distribution and Implementation
4.1 Distribution Plan
4.1.1 This document will be made available to all Staff on-line via the Company’s websites.
4.1.2 A global notice will be sent to all Staff notifying them of the release of this document.
4.1.3 A link to this document will be provided online.
4.2 Training Plan
4.2.1 A training needs analysis will be undertaken with Staff affected by this document.
4.2.2 Based on the findings of that analysis appropriate training will be provided to Staff as necessary.
5.1 Compliance with the policies and procedures laid down in this document will be monitored via the Information Governance team, together with independent reviews by both Internal and External Audit.
5.2 The Operations Director is responsible for the monitoring, revision and updating of this document on a 3 yearly basis or sooner if the need arises.
6. Equality Impact Assessment
6.1 This Data Protection Policy forms part of Satsafe’s commitment to create a positive culture of respect for all staff, clients and service users. The intention is to identify, remove or minimise discriminatory practice in relation to the protected characteristics (race, disability, gender, sexual orientation, age, religious or other belief, marriage and civil partnership, gender reassignment and pregnancy and maternity), as well as to promote positive practice and value the diversity of all individuals and communities.
6.2 As part of its development this document and its impact on equality has been analysed and no detriment has been identified.
7. Associated Documents
7.1 The following documents will provide additional information: