Privacy and security policy – Employees
McMurrays Haulage Ltd (the “Company”, “We”, “Us”, “Our”) is committed to protecting and respecting your privacy.
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it
For the purposes of the GDRP the data processor / controller is McMurrays Haulage Ltd at Bridge Street, Church, Accrington BB5
The GDPR (General Data Protection Regulation) is the most important development of Data Protection Law for decades. It will strengthen and ultimately replace the existing Data Protection Act (1998) and is designed to protect the personal data and privacy of citizens across Europe. GDPR will not be affected by the UK’s exit from the EU and the Regulation comes fully into effect on 25 May 2018.
In summary, under the GDPR, employees as data subjects have the following rights:
- the right to be informed, which encompasses the obligation on employers to provide transparency as to how personal data will be used;
- the right of access, similar to those rights under the DPA and encompassing the ever-popular subject access request;
- the right to rectification of data that is inaccurate or incomplete (again similar to the DPA);
- the right to be forgotten under certain circumstances;
- the right to block or suppress processing of personal data (similar to the DPA); and
- the new right to data portability which allows employees to obtain and reuse their personal data for their own purposes across different services under certain circumstances.
What information do we collect about you?
Pre-employment – Application forms and C.V’s (if provided).
Employment – Employment medical questionnaires, medical certificates (doctor’s notes), and bank details in order to pay wages, qualifications and certificated relevant to the role they perform, accident and incident investigations, accident book pages, disciplinary records.
How will we use the information about you?
The information we hold is used to;-
Ensure all wage related payments are made accurately.
Maintain FORS compliance
Maintain Operator Licence.
Maintain the skills of our workforce
Meet the contractual requirements of our customers.
Meet our legal responsibilities
Will we disclose your data?
We will not use or disclose your personal information for any other purpose which is not related (or in the case of sensitive information, directly related) to the above purposes without your consent, unless otherwise authorised, required or permitted under the laws of England and Wales.
Storage of your data, Archiving and Removal?
Your personal data is either securely stored on hard drive. All data held on the company’s computer system including emails are protected by our service provider.
Hard copies of the above data are stored in a locked filing cabinet, with keys held by the HR Dept.
Email addresses are stored on the company’s email system and phone numbers are stored on the mobile phone. This information is protected.
Any personal data held, is kept for no longer than necessary, when personal data is no longer required, (as defined by the legal retention times for relevant risk management documentation) it will be shredded.
Access to personal data shall be limited to personnel who need access and appropriate security is in place to avoid unauthorised sharing of information.
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, the Company shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the ICO (more information on the ICO website).
Access to your information and correction requests
You have a right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information please do so in writing to Mr David McMurray at McMurrays Limited. Bridge Street, Church, Accrington, BB5 4HU. We will ensure the relevant information is provided to you in a usable format within 1 month.
Identification will also be requested for security.
We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate or out of date.
All have a responsibility to protect personal data. The following points must be followed
May not access any personal data without the express permission of a senior manager
May not remove any personal data held be the company from the site, without permission for a senior manager.
Must not discuss personal data with any 3rd parties
Must report any breaches immediately to a senior manager.
All suspected breaches will be formally investigated.
The definition of personal data is personal data” shall mean any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity of that natural person. This includes all customers’ information.