Flexiform Business Furniture Limited is committed to ensuring the privacy of its employees and customers and takes appropriate security measures to safeguard the transfer and storage of personal data.
During the course of our activities we, Flexiform Business Furniture Limited, will process personal data (which may be held on paper, electronically, or otherwise) about you as an employee. We recognise the need to treat this information in an appropriate and lawful manner, in accordance with the General Data Protection Regulations (GDPR).
The purpose of this policy is to make you aware of how we will handle your personal data.
What is personal data and what is the processing of personal data
Personal data refers to any recorded information we hold about you. It may include contact details, other personal information, photograph, and expressions of opinion about you or indications as to our intentions about you.
“Processing” means doing anything with the data, such as accessing, disclosing, destroying or using the data in any way.
What regulations cover the processing of your personal data?
We are obliged to comply with the General Data Protection Regulations when processing any personal data. When using IT applications, personal data may be stored outside of the UK. Further information on this is available upon request.
Who is our Data Protection Officer (DPO) - Who is responsible for protecting your data?
The Nominated Directors, Nick Hewitt and James Downs assume all responsibility for ensuring that your data is protected and used appropriately. They can be contacted via the usual channels of communication, i.e. email, telephone or in writing addressed to the business at 1392 Leeds Road, Bradford, West Yorkshire, BD3 7AE. Email addresses: firstname.lastname@example.org and email@example.com. Telephone numbers: Nick Hewitt 01274 706203 and James Downs 01274 706210.
How do we obtain personal data
In many situations you will provide us with your personal data when commencing employment at Flexiform Business Furniture Ltd. This will include your name, address and contact details, date of birth and National Insurance number and bank details. You will also provide confirmation of your ID, such as a copy of your passport. This information is used in order that we meet our legal obligations in employing individuals. You may also provide information on your health if it is deemed appropriate in order to ensure your health and safety within the work environment, in accordance with our legal obligations to you as your employer. We will also maintain a record of any absence you have in order to support and manage your employment. You will also be required to provide contact details for your emergency contact in order that we can contact them if for example there is a medical emergency.
Prior to commencing employment with us, we may request references from your previous employers. We will only contact these individuals where you have given prior consent.
We may also, during the course of your employment, request information from third parties about you.
How we will use your personal data
We will act as a data controller and processor in order to use your personal data to manage and administer your employment with Flexiform Business Furniture Limited. Data will be processed under a legitimate interest basis and in order to comply with our legal obligations as an employer. For example, ensuring that you pay tax and national insurance contributions as set out by HMRC. Details of the data stored about you, where it is stored and how long for, is available upon request.
We may also use your photo and name for marketing, promotion and internal communication purposes. Please inform us immediately if you do not consent to your data being used for this purpose.
We will keep information about you confidential however there may be times when we are required to share your data with third parties. Your information will be disclosed to some, if not all, of the following third parties as part of our requirements to meet statutory regulations”
- The Pension Regulator
- Pension providers
- Legal or crime prevention agencies as required by law
- Anyone to whom we may transfer our right and duties under any agreement we have with you
How long do we keep this information about you
We will not keep your personal data for longer than is necessary. This means that data will be destroyed or erased from our systems when it is no longer required.
More information on specific retention periods is available upon request.
Customer/contact personal data
You should also ensure you are aware of and understand our ‘How to Report a Data Breach and Subject Access Request (SAR)’ policies. These can be found in our policy file on the Group file.
GDPR allows the data subject (the person to whom the data refers) certain rights in order to ensure that the data held on you is accurate and being processed in accordance with legislation. In some instances it allows for you to request the deletion of such data from our systems.
You have the right to:
a) Request access to any personal data we hold about you by making a Subject Access Request (SAR) to a nominated Director of the Company.
b) Restrict the processing of your data where you contest the accuracy of the data, believe the processing of data is unlawful or object to the process of the data until you are satisfied with the legitimate grounds for us doing so.
c) Ask to have inaccurate data held about you amended without undue delay.
d) Object to processing that is likely to cause unwarranted substantial damage or distress to you or to anyone else.
e) Object to any decision that significantly affects you, being taken solely by a computer or other automated process.
f) Request for data held about you to be forgotten (deleted) where it is not required to be held for legal or regulatory purposes. Further information is available upon request to a nominated director.
g) Move, copy or transfer your personal data easily from one IT environment to another under the right to data portability.
If you would like to instigate any of your rights, you should contact a nominated Director of the Company.
Breach of this policy
If you consider that there has been a breach of your rights or of the rights of any customer/contact under GDPR you should raise the matter with a nominated Director.
Any breach of the GDPR which is likely to result in a high risk to the rights and freedoms of you as an individual or any of our customers/contacts will be reported to the Information Commissioners Office (ICO) without undue delay and where feasible within 72 hours of us becoming aware of the suspected breach.
For example, if a breach may result in discrimination against an individual or a loss of confidentiality this should be reported to a nominated Director who will then notify the ICO as appropriate. You should report any suspected breach in line with How to Report a Data Breach Policy.
As set out above, our policy on processing customer/contact personal data can be found on the Group drive. All employees who are processing such data must familiarise themselves with the policies and ensure that you comply with them at all times.
Any employee who is found to have breached our policies relating to confidentiality and data protection may be subject to disciplinary action in accordance with our disciplinary policy, up to and including dismissal on grounds of gross misconduct in appropriate circumstances.
This policy is subject to ongoing review in order to ensure we remain compliant with GDPR and maintain the security of your personal data. We reserve the right to update or amend this policy. Any significant changes to the policy will be notified to you in writing.
- Subject Access Request Policy
- How to Report a Data Breach
- Company Handbook