This policy is effective from 25 May 2018.
Data Protection Policy
This Data Protection Policy explains how we, at SJS, deal with personal data under the General Data Protection Regulations, whether we are in the process of dealing with an enquiry, working together on a project, continuing our ongoing customer relationship, receiving a service, requesting feedback, or dealing with visitors to our website.
It describes how we collect, use and process personal data, and how, in doing so, we comply with our legal obligations. Privacy is important to us, and we are committed to protecting and safeguarding people’s data privacy rights.
This Policy applies to the personal data of our Clients, Employees, Potential Clients, Consultants, Contractors, Suppliers and any Potential Employee.
What kind of personal data do we collect?
To provide the high-quality services we aspire to we require to process certain information. SJS will only ask for details that will assist us in the delivery of our service, such as name, job role, and contact details; including but not limited to: telephone number, email address, first and last name and a work address details. If a private client, then we may also ask for a home address.
We collect a minimum amount of data from our consultants/contractor/suppliers to ensure that we can easily communicate and process transactions. We will collect contact details for the main contact and any associate contacts within the business that we feel will assist us in processing transactions and delivering projects. Other information such as bank details so that we can pay for the services provided (if this is part of the contractual arrangements between us), will also be obtained.
We collect a minimum amount of data from our employees and Partners to ensure that we can easily communicate and process transactions. We require information such as your name, job role, and contact details; including but not limited to telephone number, email address, first and last name and your work address details. NI number and bank details so that we can pay you and reimburse you for expenses. Other information such as medical history to allow the business to make reasonable adjustments to ensure your health and well-being at work is a priority.
How do we collect personal data?
We collect client data directly from our clients.
We collect consultant/contractor/supplier data directly from our consultants and suppliers.
We collect client data directly from our employees.
How will we use your personal data?
The main reasons for retaining our clients’ personal details are to keep them informed of their project, keep them informed about our business through marketing and media updates.
The main reasons for retaining consultant/contractor/supplier personal data is to ensure that we can fulfil any contractual arrangements between parties, keep them advised on any potential projects and to keep them informed about our business through marketing and media updates.
If a potential employee sends us an application form, a CV or contacts us with personal information for employment purposes, we may store that information for 6 months. We do not share that information with any third parties and would only contact the potential employee within that 6 month period should a suitable post arise. Thereafter the information will be removed from the system.
The main reasons for retaining your personal details are to pay you and keep you informed about the business.
How do we safeguard personal data?
Protecting personal information is important to us, which is why we put in place appropriate measures that are designed to prevent unauthorised access to, and misuse of, personal data. These processes include but are not limited to; encrypted server access, Laptop and Tablet devices encryption, all antivirus and gateway security settings are up to date and monitored.
How long do we keep personal data for?
Data stored and processed in our Electronic Document Management system. If we have not had meaningful contact with the individual for a period of six years, we will remove their personal data from our systems unless we believe another processing requirement, such as legal or contractual regulation requires us to retain it.
How can the individual access, amend or remove the personal data that has been given to us?
The individual has the right to access, amend or have their personal information removed by writing to Marina Cockburn, SJS, Newhailes Road, Musselburgh, EH21 6SY or emailing us at firstname.lastname@example.org. We will process the changes/removal of the personal information within 10 days.
The individual’s rights also include:
Our legal basis for processing your data
Article 6(1)(f) of the GDPR states that we can process personal data where it “is necessary for the purposes of the legitimate interests pursued by [us] or by a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of [you] which require protection of personal data.”
We think it reasonable that if the individual has communicated with us in the past or we have had meaningful contact with the individual within the past 5 years that there is legitimate interest that the individual will continue to benefit from our continued communication. We want to provide potential clients with the opportunity to hear about our services and to have the ability to request additional information from ourselves.
• Contractor/Contractor/Supplier data
We store and process the personal information of individuals within interested organisations to facilitate the receipt of services from them as one of our consultants/contractors/suppliers. We may also hold financial details, so that we can pay for services provided. We deem all such activities to be necessary within legitimate interests.
Article 6(1)(b) gives us lawful basis for processing personal data where; “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”
In this context, a contract does not have to be a formal signed document, or even written down, if there is an agreement which meets the requirements of contract law. Broadly speaking, this means that the terms have been offered and accepted, both intend them to be legally binding, and there is an element of exchange (usually an exchange of goods or services for money, but this can be anything of value).
Where we have entered into a contractual agreement to deliver products and services with an individual we will process the appropriate and required information to do so. i.e. address details of the business.
Transmission of data and information via the Website or by email is not a secure or encrypted transmission method for sending your personal data, unless otherwise indicated on the Website or otherwise arranged between us. Accordingly, your attention is drawn to the fact that any information and personal data carried over the Internet is not secure. Information and personal data may be intercepted, lost, redirected, corrupted, changed and accessed by other people.
We set security standards to prevent any unauthorised access to your personal data once we have received it and wherever possible we will use adequate software and working procedures to ensure the security of your personal data. To prevent unauthorised access, maintain accuracy, and ensure proper use of personal data, we have employed physical, electronic, and managerial processes to safeguard and secure the information we collect online.
Third Party Websites
Parts of our Website contain links to third party websites not owned by SJS (‘Third Party Websites’) for your convenience and information. If you use these links, you will leave the Website. When you access a Third Party Website, please understand that we do not control the content of that Third Party Website and are not responsible for the privacy practices of that Third Party Website.