This policy is designed to clarify and provide guidance on the Data Protection Laws, and sets out to show that Stanza Style Interiors are committed to abiding by these laws. This policy will be reviewed in line with any changes to the laws and redistributed where required.
Stanza Style Interiors Ltd has separate privacy notices in place in respect of employees, customers/clients, and other categories of data subject, the privacy notices will always be communicated clearly, and will inform the data subject of how their data will be processed and the reasons for processing that data. A copy of the Stanza Style Interiors privacy notice can be obtained via the website or upon request from the DPO.
It is Stanza Style Interiors approach that personal information is: -
• Used fairly and lawfully;
• Used for limited specifically stated purposes;
• Used in a way that is adequate, relevant and not excessive;
• Kept for no longer than is absolutely necessary;
• Kept safe and secure;
• Not transferred outside the UK without adequate protection.
This is in line with all Data Protection Laws and the principles contained within these laws Stanza Style Interiors is accountable for these principles and must be able to demonstrate and maintain compliance with these principles and laws at all times.
The rules in this policy apply to all employees, contractors, sub-contractors and temporary workers that work for Stanza Style Interiors Ltd.
Everybody that is employed by Stanza Style Interiors Ltd that handles personal data must ensure that it is handled and processed in line with this policy and data protection principles.
Staff processing personal data on behalf of Stanza Style Interiors Ltd have a responsibility to treat such data in line with Data Protection Laws and as directed by Stanza Style Interiors Ltd (the Data controller in relation to employees data and the Data Processor in relation to customer data). Stanza Style Interiors Ltd will comply with its obligations under the Data
Definition of Personal Data
Personal Data is information about a living person who can be identified by that information, or by other information which is in the possession of Stanza Style Interiors Ltd. Information includes any expression of opinion about the individual, and any indication of the intentions of the Company, or another person about the individual. Within Stanza Style Interiors Ltd this can include information about employees or workers with Stanza Style Interiors Ltd, or customer information and records or any other Personal Data.
The Data Protection laws apply whether the information is in removable media, hardcopy or electronic format.
Roles & Responsibilities
"Processing" personal data includes obtaining, recording, organising, adapting, altering, retrieving, consulting, using, holding, disclosing, publishing, aligning, combining, blocking, erasing or destroying personal data.
The 6 lawful bases for the use of data under GDPR are that:
The data subject has given consent to the processing
Processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering the contract
Processing is necessary for compliance with a legal obligation to which the controller is subject
Processing is necessary in order to protect the vital interests of the data subject of another natural person
Processing is necessary for the performance of a task carried out in the public interest or
Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Everyone that works for or with Stanza Style Interiors Ltd has a responsibility for ensuring that data is collected, stored and handled appropriately. Everyone and anybody that handles personal data must ensure that it is handled and processed in line with policy and data protection principles. However, the following people have key areas of responsibility:
1, The Management Team is ultimately responsible for ensuring that Stanza Style Interiors Ltd meets its legal obligations, The data protection officer (DPO), Alex Egan is responsible for:
2,Keeping the management updated about data protection responsibilities, risks and issues.
Reviewing all data protection procedures and related policies, in line with an agreed schedule.
Arranging data protection training and advice for the people covered by this policy.
Handling data protection questions from staff and anyone else covered by this policy.
Dealing with requests from individuals to see the data Stanza Style Interiors Ltd holds.
Checking and approving any contracts or agreements with third parties that may handle the
company’s sensitive data. The Managing Director, Alex Egan is responsible for:
Ensuring all systems, services and equipment used for storing data meet acceptable security
standards. Performing regular checks and scans to ensure security hardware and software is
functioning properly. Evaluating any third-party services, the company is considering using to store or process data
If you become aware or have reason to suspect that personal data has been released or compromised in any way, or there has been a potential breach of the Data Protection Laws, you should contact the Stanza Style Interiors Ltd immediately. You will receive advice on what to do next.
Staff processing Personal Data on behalf of Stanza Style Interiors Ltd have a responsibility to treat such data in line with the Data Protection Laws and as directed by Stanza Style Interiors Ltd. Personal data staff may come into contact with during their working responsibilities must be kept secure and confidential at all times.
Penalties for Breach of Data Protection Laws
Stanza Style Interiors Ltd itself and individual employees may be personally liable to fines and criminal prosecution in the event of a breach of data protection regulations. Fines for breaches of data protection are potentially unlimited in the Crown Court and have been increasing both for Companies and individuals in recent years, as the Government and Courts Regulation (GDPR) (EU) 2016/679.approach the issue. This approach has only been reinforced with the introduction of the General Data Protection Regulation. There are two levels of potential fines that can be levied;
• Up to €10 million, or 2% annual global turnover – whichever is greater; • Up to €20 million, or 4% annual global turnover – whichever is greater.
Access to Personal Data
Employees and others about whom Stanza Style Interiors Ltd holds Personal Data (Data Subjects) may request to inspect personal information (a Subject Access Request) which Stanza Style Interiors Ltd holds in relation to them and request that any inaccuracies are corrected. All procedures and policies regarding employee information can be found in our Data Protection Compliance Statement (Privacy Notice) For Employees.
Additionally, Subject Access Requests can be made by other organisations, in particular where illegality or criminality of the Data Subject is suspected.
Request from clients or customers of the clients should be sent to firstname.lastname@example.org
Transmitting Personal Information
All employees should be aware of the risks when transmitting Personal Data. Particular care must be taken over customer records and personal data should only be transmitted to fulfil a contract with our customer.
The following guidance is for employees responsible for Personal Data: -
• Emails that hold personal data for customers should only be sent internally to personnel that need to know. The email then needs to be filed in the customer secure folder that is password protected.
• Personal data should only ever be transmitted through our secure network and the data should be uploaded to our third party’s secure database which is only assessable with log in and password details.
• Log in and password information should only be used by authorised personnel and should not be shared.
• No personal data should ever be sent externally by e-mail.
• Envelopes must be securely sealed, clearly addressed to a known contact and marked “confidential” and “addressee only”. A return postal address should also be marked on the envelope.
• No information should be shared with any other party other than the approved third parties.
• Service reports from approved technicians need to have the personal details removed from them before the report can be downloaded. Only then can the report be e-mailed to our customer.
Securing Personal Data
Employees should only access personal data within Stanza Style Interiors Ltd if it is required for the performance of their workplace duties, and only if they have the authorisation to do so by a line manager. On this point, it is important to note that personal data should only be used for the specified lawful purpose for which it was obtained.
• Personal data must never be shared informally.
• Employees should keep all data secure by taking sensible precautions and following the guidelines below.
• In particular, strong passwords must be used and they should never be shared.
• Employees have a responsibility to keep personal data secure and not share it with unauthorised people.
• Employees should not make unnecessary copies of personal data and they must dispose of any copies securely. They must lock their computer screens when not at their desk in accordance with the Clear Desk, Clear Screen policy.
• They should not save personal data to their own personal computers or other devices or their local laptop/PC drive.
• Employees should lock drawers and filing cabinets if they contain personal data and they should not leave paper with personal data lying about in accordance with the Clear Desk, Clear Screen policy.
• Employees should not take personal data away from Stanza Style’s premises.
• Personal data should be shredded when no longer required.
• Data should be regularly reviewed and updated if it is found to be out of date or no longer required, it should be deleted or shredded.
• Employees should ask for help from their line manager or the DPO if they are unsure about data protection or if they notice any areas of data protection or security that Stanza Style Interiors Ltd can improve upon.
Stanza Style Interiors Ltd monitors emails and telephone calls but strictly in accordance with what is permitted under the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000. Employees have consented to this by a term in the employment contract.
Any data protection queries should be addressed to the DPO. Enforcement Any deliberate or negligent breach of this policy by employees may result in disciplinary action in accordance with Stanza Style’s disciplinary procedure, and it is important that employees are aware that any such deliberate or negligent actions may amount to Gross Misconduct and could result in their dismissal. It is a criminal offence to conceal or destroy personal data which is part of a subject access request. This conduct would also amount to gross misconduct under our disciplinary procedure, which could result in dismissal.