Staff Member Data Protection Policy

This document sets out the policy of Insolvency Support Services Ltd (“the Company”) on the protection of information relating to staff members, workers, contractors, volunteers and interns (referred to as staff members). Protecting the confidentiality and integrity of personal data is a critical responsibility that the Company takes seriously at all times. The Company will ensure that data is always processed fairly, in accordance with the provisions of relevant data protection legislation (including the General Data Protection Regulation (GDPR) and Data Protection Act 2018.)

Data processing

Data processing is any activity that involves the use of personal data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transmitting or transferring personal data to third parties.

Personal data

Personal data is any information identifying a data subject (a living person to whom the data relates). It includes information relating to a data subject that can be identified (directly or indirectly) from that data alone or in combination with other identifiers the Company possesses or can reasonably access. Personal data can be factual (for example, a name, email address, location or date of birth) or an opinion about that person’s actions or behaviour.

Sensitive personal data

Sensitive personal data is a special category of information which relates to a data subject’s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data. It also includes personal data relating to criminal offences and convictions.

Privacy Notice

The Company’s Staff Member and Job Applicant Privacy Notice explains your rights in greater detail. This Privacy Notice, together with the information contained in the Data Processing Register, sets out the information the Company holds about staff members, the purpose for which this data is held and the lawful basis on which it is held. The Company may process personal information without staff members’ knowledge or consent, in compliance with this policy, where this is required or permitted by law.

The Staff Member and Job Applicant Privacy Notice and the Data Processing Register will be made available to staff members upon joining the Company. If the purpose for processing any piece of data about staff members should change, the company will update the Staff Member and Job Applicant Privacy Notice and the Data Processing Register with the new purpose(s) and the lawful basis for processing the data and will notify all staff members by email.

Fair processing principles

In processing Staff Members’ data the following principles will be adhered to. Personal data will be:

• Used lawfully, fairly and in a transparent way;
• Collected only for valid purposes that are clearly explained and not used in any way that is incompatible with those purposes;
• Relevant to specific purposes and limited only to those purposes;
• Accurate and kept up to date;
• Kept only as long as necessary for the specified purposes; and
• Kept securely.

Notification of changes

All employees must notify the Company of their permanent home address, telephone number, next of kin, bank branch and account number.

It is important that changes in your personal circumstances are notified as soon as reasonably practicable to the Office Manager. These include changes to your :

• Name
• Address/telephone number
• Dependants (e.g. for private medical insurance purposes)
• Beneficiaries (e.g. for death in service benefit)
• Persons to be notified in case of emergency
• Bank details for salary payment
• Tax code

Periodically you will be asked to check the personal data held by the Company remains accurate.

Your rights to access your data

In accordance with legislation, the information about you held by the Company will be made available to you on request, together with a description of the purposes for which the Company keeps this information and to whom it may be disclosed.

Full details about your rights can be found in the current Employee Privacy Notice and a list of the types of information we may hold about staff can be found in the Applicant and Employee Data Processing Register.

Staff members’ responsibility for compliance

All staff members, particularly those tasked with regularly handling personal data of colleagues or third parties, have responsibility for ensuring that data processing meets the standards set out in this and any other relevant policies.

All staff members should familiarize themselves with and observe the following policies:

• • Confidentiality and Data Security Policy
  • Data Breach Policy
  • Data Subject Access Policy
  • Data Retention & Destruction of Records Policy
  • Special Category Data Policy
  • Vulnerable Client Policy

Any breach of the above rules will be taken seriously and, depending on the severity of the matter, may constitute gross misconduct which could lead to summary termination of employment.

DECLARATION

I confirm that I have received a copy of this policy and that I have read and understood it.

Name: ______________________________

Signature: ___________________________

Date: _______________________________