The Manitowoc Company, Inc.

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "The Manitowoc Company, Inc."

Transcription

1 The Manitowoc Company, Inc. DATA PROTECTION POLICY 11FitzPatrick & Associates 4/5/04 1 Proprietary Material Version 4.0

2 CONTENTS PART 1 - Policy Statement PART 2 - Processing Personal Data PART 3 - Organisational Issues PART 4 - Specific Data Protection Policies and Procedure 11FitzPatrick & Associates 4/5/04 1 Proprietary Material Version 4.0

3 PART 1 Policy Statement 22FitzPatrick & Associates 4/5/04 2 Proprietary Material Version 4.0

4 PART 1 Policy Statement Introduction This policy deals with the roles and responsibilities of each company or location within The Manitowoc Company, Inc. ( Manitowoc ), and its respective staff with regard to the processing of personal data. Manitowoc is committed to compliance with all applicable data protection laws in the countries in which we do business and in which our employees hold citizenship. When the personal data on non-us employees is held, stored, maintained, processed, shared, and/or accessed in the US, Manitowoc will treat the personal data in accordance with the relevant laws. The personal data of US citizens is not subject to federal or state mandated data protection laws equal to those of the country-specific laws outside the US or the European Union Directive on Protection of Personal Data. However, the personal data of US citizens will be held in strict confidence and will be protected under the guidelines of this policy and Manitowoc s internal standards. For the purpose of this policy, the terms data privacy and data protection will be used interchangeably. Policy on Personal Data Manitowoc is committed to ensuring that employee personal data is processed in accordance with all worldwide data protection legislation in the countries in which we do business and in which our employees hold citizenship. It is also important to recognise that Manitowoc is bound by the legislation adopted in each specific country, as well as, the requirements of the EU Directive on Personal Data Privacy for all locations within the member countries of the European Union (EU). In most cases, the country-specific Data Protection Acts within the member countries incorporate the requirements of the Directive. However, if country-specific laws do not include a certain requirement and the Directive does, the Directive will take precedence. If there is a difference between country-specific laws and the Directive, the stricter of the two will be followed. Manitowoc has put in place systems of work and procedures to ensure that all departments within it comply with the data privacy laws and the EU Directive. Manitowoc aims to provide all employees with sufficient information, instruction and training as is necessary in order for them to identify personal data and process it appropriately. All Manitowoc employees should be fully aware of this policy and ensure that they comply with its directions. Competent resources, knowledgeable in the data protection laws, will be made available to all employees whenever the need arises. All employees have access to personal data in one way or another (e.g. access to the worldwide telephone directory and system) and should be familiar enough with the data privacy laws and the EU Directive (where applicable), to ensure compliance with such laws. This policy will be reviewed at regular intervals and revised when appropriate to reflect legislative changes, the introduction of new codes, and best practices. 33FitzPatrick & Associates 4/5/04 3 Proprietary Material Version 4.0

5 PART 2 Processing Personal Data 44FitzPatrick & Associates 4/5/04 4 Proprietary Material Version 4.0

6 PART 2 Processing Personal Data What is personal data? Personal data is any piece of information that can identify or is identifiable to an individual: from the data; or from that data and other information which is in the possession of or is likely to come into the possession of the data controller. Individuals about whom personal data is kept are known as data subjects. When Manitowoc collects, processes, accesses or transports data it is called a data controller. Particular rules apply to the processing of sensitive data which is a subset of personal data. Sensitive data relates to the racial or ethnic origin of the data subject, his political opinions, religious beliefs, trade union memberships, physical or mental health, sexual life or criminal offences. Sensitive data cannot be accessed and/or transported out of the country. It cannot be stored in the global HR system or any other system located out of country of origination. What is processing? You (and Manitowoc) will process personal data when you collect, record, process, hold or use personal data. All of the following activities, whether manual and/or electronic, constitute the processing of personal data: obtaining, organising, adapting or retrieving data; consulting with someone on the content of data or otherwise using it; disclosing data by transmitting it, disseminating it or otherwise making it available; and combining the data with other data, erasing or destroying it. How may I process personal data? Personal data must be processed in accordance with the data protection laws and the eight Data Protection Principles. These state that personal data must be: processed fairly and lawfully, meaning the data is absolutely mandatory for the management of the employment relationship; obtained for a specified and lawful purpose and processed compatibly with that purpose; adequate, relevant and not excessive for the purpose for which it is processed; accurate and up to date; kept no longer than necessary; processed in accordance with the rights of the data subject; 55FitzPatrick & Associates 4/5/04 5 Proprietary Material Version 4.0

7 subject to appropriate security measures; and only transferred outside of the country of origination if the country to which it is transferred has an adequate level of protection and the data subject has provided prior unambiguous written consent. Adequate level of protection is defined by the data protection authorities in each country and at the EU level. Do the laws only apply to computer records? The data privacy laws cover the processing of automated data (i.e. data kept on computer) and manual data (i.e. data kept on paper) where such data is held in a relevant filing system (see procedure on Manual Records in Part 4). A relevant filing system is a set of information about individuals that is structured either: by reference to the individual (either by name or by an individual s code); or by reference to criteria relating to individuals (e.g. age, type of job, holidays); such that specific information about an individual is readily available. This definition is widely drafted and it is difficult to envisage a useful filing system containing information about individuals that would not be covered by data privacy laws. 66FitzPatrick & Associates 4/5/04 6 Proprietary Material Version 4.0

8 PART 3 Organisational Issues 77FitzPatrick & Associates 4/5/04 7 Proprietary Material Version 4.0

9 PART 3 Organisational Issues Manitowoc has a duty to process personal data in accordance with the data privacy laws. Therefore, each employee who processes personal data must familiarise himself with the organisational requirements regarding data protection. Management Responsibility Management is responsible for ensuring the following: explaining to employees and all management team members the importance of data protection and compliance with all relevant data protection laws; providing employees and management with adequate training, information, instruction and supervision to ensure personal data is processed in accordance with the applicable data privacy laws. Since it is unrealistic to expect all employees to be experts in the laws in all relevant countries, documentation and resources will be made available; assuming overall responsibility for compliance with the data privacy laws; selecting someone to be responsible for ensuring compliance with the data privacy laws; ensuring that suitable contracts are in place with third parties engaged to process personal data on behalf of Manitowoc ( data processors ) (including situations where the data processor is another company within the Manitowoc group of companies); and maintaining a record of how personal data is kept and processed and notifying the Data Protection Commissioner in each relevant country and at the EU level in accordance with the data privacy laws. Employee Responsibility. Employees should: be aware of the issues regarding data protection; consider the rights of data subjects who may be affected by their actions; process personal data in accordance with this policy and any other instructions given to them from time to time; and report any data subject access requests or other questions regarding data protection to the relevant body, such as the internal data protection officer, compliance officer, or designated person. 88FitzPatrick & Associates 4/5/04 8 Proprietary Material Version 4.0

10 PART 4 Specific Data Protection Policies and Procedures 99FitzPatrick & Associates 4/5/04 9 Proprietary Material Version 4.0

11 PART 4 Specific Data Protection Policies and Procedures 1. Processing Personal Data 2. Information, Instruction and Supervision 3. Competence for Tasks and Training 4. Monitoring the Use of Personal Data 5. Handling and Storing Personal Data and Data Security 6. Processing Data Subject Access Requests 7. Manual Records 8. Sensitive Personal Data 9. Employee Data 10. Personal Data other than Employee Data 11. Disposal of data 12. Use of CCTV 1010FitzPatrick & Associates 4/5/04 10 Proprietary Material Version 4.0

12 1. Processing Personal Data 1.1 All personal data should be processed in accordance with the applicable data privacy laws and this policy. 1.2 Personal data is any piece of information that is identifiable to an individual or can identify an individual. It includes employee data. It does not include data relating to a company or organisation, although any data relating to individuals within companies or organisations is included. 1.3 Examples of personal data are employee details, including employment records (see section on Employee Data), names and addresses and other information related to individuals including supplier details, any third party data and any recorded information (in accordance with local laws) including any recorded telephone conversations or CCTV images. 1.4 Employees should assume that whatever they do with personal data will be considered to involve processing it in accordance with the data privacy laws and should therefore only process personal data: if they have explicit written consent to do so; or if it is necessary to fulfil a contractual obligation (of which the employee has consented in writing). Please see Part 2 for a more detailed explanation of data processing under the data privacy laws. 1.5 If paragraph 1.4 is not satisfied, employees should contact the Data Protection Officer before processing personal data. FitzPatrick & Associates Vs

13 2. Information, Instruction and Supervision 2.1 A copy of Manitowoc s Data Protection Policy will be kept at each Manitowoc site around the world. 2.2 Data protection advice is available from the Data Protection Officer who will arrange for advice from external advisers if necessary. 2.3 All new staff, particularly those with access to employee or other personnel records, should be trained on Manitowoc s policy and the data protection laws as soon as possible after they are hired. Upon completion of the training, all employees will be asked to sign the associated data privacy documentation. The level of training for each individual member or employee will depend on the level of access and responsibility for processing personal data. Please also see section 3 on Competence for Tasks and Training. FitzPatrick & Associates Vs

14 3. Competence for Tasks and Training 3.1 Manitowoc recognises that staff members are integral to supporting the effective and efficient operation of the company. The continuing success of Manitowoc depends on the quality of its employees. Manitowoc therefore encourages training and development of its employees so that all data subjects can anticipate that their personal data will be processed in accordance with the data privacy laws. 3.2 In the first instance, employees will receive an on the job orientation into Manitowoc. The orientation will cover data protection, if relevant to the position. 3.3 All new employees who are identified as requiring particular training in relation to data protection issues will undertake a probationary period under the supervision of an experienced employee until they achieve the standards and efficiency required of a Manitowoc employee. Additional training on data protection issues may be provided as appropriate. 4. Monitoring the Use of Personal Data 4.1 Manitowoc is committed to ensuring that this Data Protection Policy is put into practice and that appropriate working practices are being followed. To this end, the following steps will be taken: All employees who deal with personal data are expected to be aware of data protection issues and to work towards continuous improvement of the proper processing of personal data; Employees who handle personal data on a regular basis or who process sensitive or other confidential personal data will be more closely monitored; All employees must evaluate the personal data they hold is being processed in accordance with this policy. Employees should ensure that inaccurate, excessive or out of date data is disposed of in accordance with this policy Legally mandated audits may be carried out by authorised Manitowoc representatives and/or data protection authorities; and The Data Protection Officer of each country, where applicable by law, shall submit to company management a report on, amongst other things, the level of compliance with or variance from good data protection practices. The Vice President of Human Resources and Administration s staff will consider what steps, if any, are necessary in order to improve data protection performance. 4.2 The Data Protection Officer of each country, where applicable by law, will be responsible for recording and assigning an external expert to investigate any complaints regarding the processing of personal data in order to see what improvements can be made to prevent recurrences of policy violations. The results of such investigations will be reported to the Data Protection Officer who will be responsible for arranging for any improvements to be carried out. The record should contain the following information: the name of the individual making the complaint; FitzPatrick & Associates Vs

15 the date of the complaint; the nature of the complaint; and the action, if any, taken as a result of the complaint. FitzPatrick & Associates Vs

16 5. Handling and Storing Personal Data and Data Security 5.1 Manitowoc should take appropriate technical and organisational measures to guard against unauthorised or unlawful processing of personal data. Manual records should be kept secure by the use of locked cabinets and rooms. Access to such records should be restricted. Where a manual record is in constant use, appropriate security measures should be taken. These could include securing such records whenever leaving the desk area, and during lunch breaks and after office hours. Computer files should be password protected at a minimum at initial login, and logout must occur whenever vacating the desk area where the computer is located. Fax machines that send and receive personal data should be in secure areas where access is made available only to those with a relevant and legal business need to know, who have been granted access rights to personal data based on their responsibilities. 5.2 These foregoing measures should guard against accidental loss, destruction of, or damage to personal data. The measures taken should be commensurate with the harm that would be caused by such accidental loss, destruction or damage. Therefore, particular care should be taken of records containing sensitive data, such as any employment records. 5.3 Personal data should be stored in a manner that enables it to be processed in accordance with the data privacy laws. Files should indicate what information they contain and should be readily accessible (provided appropriate security measures are taken) to enable data subject access requests to be handled in accordance with this policy (see section 6 regarding Processing Data Subject Access Requests). 5.4 Manitowoc should ensure that staff who handles personal data are adequately trained and monitored. 5.5 Manitowoc should ensure that passwords and physical security measures are in place to guard against unauthorised disclosures. 5.6 Particular care should be taken of sensitive data in the home country and security measures should reflect the importance of keeping such sensitive data secure (see section 8 covering Sensitive Data). Under no circumstances should sensitive data be made accessible in any format to any individual outside of the home country or to anyone unauthorised to access the data. 5.7 All security policies and procedures should be regularly monitored and reviewed to ensure that they are keeping data secure. Where policies and procedures are found to be inadequate, prompt and appropriate action should be taken in order to rectify such inadequacies. This should include a review of the security arrangements and the submission of options to rectify such inadequacies. 5.8 Where personal data needs to be deleted or destroyed, adequate measures should be taken to ensure that such data is properly and securely disposed of. This includes the destruction of files and back up files, and the physical destruction of manual files. Particular care should be taken of the destruction of manual sensitive data (written records) and this may include shredding or giving it to specialist contractors. FitzPatrick & Associates Vs

17 6. Processing Data Subject Access Requests 6.1 A data subject access request is any written request from a data subject that indicates that the person wants to know what information is kept about him or her. 6.2 All staff need to be trained to recognise a data subject access request. All data subject access requests shall be passed to the Data Protection Officer for processing. 6.3 Data subject access requests must be complied with promptly, and in within the timeframes defined by local data privacy laws and/or the EU Directive. Exceptions can be made if the individual responsible for providing the information to the requestor is out of the office for any period of time. If all reasonable measures have been taken and the time frames cannot be met, the requestor and the person responsible for processing the request must agree on an alternate date for complying with the request. 6.4 Generally, Manitowoc will not charge a fee for processing a data subject access request. However, a fee, not to exceed 10 (including VAT) is allowed in the UK. 6.5 Manitowoc will establish a standard response letter to deal with various subject access requests. 6.6 When a written data subject access request is received, provided the data subject has paid the fee, if any, the individual should: be told whether Manitowoc or a third party is processing the individual s personal data; be given a description of: (a) the personal data; (b) the purposes for which it is being processed; (c) those people and organisations who the personal data may be disclosed to; and (d) be provided with a copy of the information in an intelligible form. 6.7 All personal data relating to an individual should be examined to confirm that it is data held within a relevant filing system. The person handling the data, the relevant data protection authority, or a Works Council representative nominated by the full Works Council may do this examination. 6.8 Internal data subject access requests (i.e. data subject access requests from Manitowoc employees) will be treated as being of equal importance to external data subject access requests. 6.9 When Manitowoc receives a data subject access request that refers to another individual, Manitowoc shall use reasonable endeavours, including contact by telephone, and a letter to any known contact point of the other individual to contact such individual to obtain his/her written consent. No information will be disseminated without the explicit consent of the data subject. Manitowoc will not divulge any personal data to another individual (who has not previously been approved to have such information) without the explicit consent of the data subject. This has particular relevance when the individual requesting the information is a FitzPatrick & Associates Vs

18 third party such as a financial institution, mortgage lender, and verification of employment beyond the confirmation of time worked, etc.) In responding to data subject access requests, the Data Protection Officer will ensure information relating to an individual, other than the data subject who is making the request, is not disclosed unless: the other individual has consented to such disclosure, in which case written evidence of this must be obtained and kept; it is reasonable under the circumstances to comply with such request without any consent. This may be the case only when the information is already available to the public or if related to a possible criminal activity or to ensure the safety of the country; or the request for information comes from a court of law pertaining to a potential legal or criminal case, or from a governmental office in an official capacity related to a legal requirement In considering what is reasonable, the Data Protection Officer should consider: any confidentiality owed to the other individual; the steps taken to get consent; if the individual concerned can give consent; and any express refusal by such individual to give consent (in this case, personal data cannot be made available, unless mandated by law) Where copies of the information are requested, due regard may be given to the amount of effort that would be required to copy the information. If the effort is disproportionate due to the sheer size or magnitude of the data, Manitowoc may inform the data subject that copies will not be provided, but information will be given by other means such as by telephone, or by inviting the data subject to come to Manitowoc s premises to view the files All data subject access requests shall be recorded. The record shall contain the following details: the name of the person making the request; the date of the request; the method by which the request was made (e.g. , letter); and the nature of the request (i.e. a request for all information or a request in relation to a specific piece of information) Where Manitowoc has previously responded to a data subject access request, Manitowoc is not obliged to answer a subsequent similar request by that individual until a period of 3-6 months (depending on local law) has elapsed. This period may vary on the circumstances of the request. Any variation of such period should be referred to the Data Protection Officer for approval. FitzPatrick & Associates Vs

19 6.15 All personal data should be stored in a manner that enables the Data Protection Officer to provide a data subject with details of such personal data promptly, and in any event within the time period provided for by the privacy laws (see section 5 on Handling and Storing Personal Data and Data Security). FitzPatrick & Associates Vs

20 7. Manual Records 7.1 Manual data means personal data in a written form that is recorded as part of a relevant filing system or with the intention that it should form part of such a system. 7.2 A relevant filing system is any set of information relating to individuals that is structured either by reference to individuals or by reference to criteria relating to individuals in such a way that specific information relating to a particular individual is readily accessible. For example, this will include employment records and records relating to customers. 7.3 Periodically all written records containing personal data should be reviewed and a listing kept of all such personal data records. 7.4 Manual records containing personal data should be reviewed in order to ensure that the data contained within them is accurate, not excessive, up to date and adequate for their purpose. All files should be reviewed at a minimum every two years. FitzPatrick & Associates Vs

21 8. Sensitive Data 8.1 Sensitive personal data includes all information relating to an individual which deals with: the racial or ethnic origin of the data subject; his political opinions; his religious beliefs; his trade union membership; his physical or mental health or conditions; his sexual orientation; the commission or alleged commission by him of any offence; and any proceedings for any offence committed or alleged to have been committed by him. Normal practice within Manitowoc is not to collect this information unless required by local law. 8.2 Particular care should be taken of sensitive personal data, and all staff who have access to such sensitive data shall take particular care to process it properly and in accordance with the privacy laws. Employees should make sure that they obtain the explicit consent of an individual before processing sensitive data relating to them. All sensitive personal data should be stored with adequate security measures to prevent unauthorised disclosure. Such measures should include lockable cabinets and password protection of automated data, at a minimum. Sensitive personal data may not be stored in a global system or made accessible outside of the country of origination. If a foreign national from one country is hired by another country, access to sensitive personal data is not allowed unless the data subject has given explicit written consent or the sensitive data is needed by law to protect the interest of the country. 8.3 All requests by external bodies, agencies or individuals for access to sensitive personal data shall be processed by the Data/Protection Officer. All such requests shall be recorded by such persons in an appropriate system. The record should state who made the request, when they made it, what the request was and to whom it related. FitzPatrick & Associates Vs

22 9. Employee Data 9.1 All employee data has the potential to be personal data covered by the data privacy laws. 9.2 All employment records, including application forms, interview notes, sickness notes, annual leave records, promotion and appraisal notes, training records, disciplinary and dismissal notes and reports, references (whether confidential or otherwise and whether given or received) and general personnel file notes must be processed in accordance with the data privacy laws. 9.3 All recruitment advertisements must contain information that enables applicants to identify Manitowoc. 9.4 The interview notes about all applications should be written with the knowledge that these will amount to personal data under the data privacy laws. All interview notes should therefore be a fair and accurate representation of the interview. Any opinions expressed should be included in a manner that recognises that they may be disclosable at a later date. 9.5 Where an individual candidate is interviewed but Manitowoc wishes to offer the individual employment other than in the position that the individual has applied for, care must be taken to ensure that the individual has consented to his personal data being used for this purpose. 9.6 Where an individual candidate makes an application to Manitowoc, that applicant s details may be shared with other companies within the Manitowoc group of companies per the specific informed consent of the applicant. This consent can be obtained at the time the application and or resume/cv is submitted, and can easily be obtained when recruitment is done online. 9.7 Any decision to shortlist or bypass candidates at a particular time, where such decisionmaking is made in writing, should be done in a manner that is fair and lawful. 9.8 Newly appointed staff should be informed what information will be kept about them, where the information is obtained from, how it will be used and if it will be disclosed to anyone. 9.9 If any sensitive personal data is intended to be used in the home country, the employee should be notified and first give his explicit consent to such use Personnel records and all written information regarding an employee should be set out in a manner that contemplates that it may be disclosable as personal data under the data privacy laws. All records should therefore be clear and fair, and where opinions are expressed, these should be shown to be such All disciplinary actions, commentary, and reports (including reports relating to a dismissal of an individual) should be written in a manner that is fair and accurate All employee records should be regularly reviewed to ensure that they are accurate, not excessive, up to date and adequate for their purpose. An employee should be able to request a copy of his/her basic record to identify any inaccuracies When employee records are maintained for business analysis, personal data should be limited to that necessary to satisfy the purpose for which the records are kept. Whenever possible, such data should be anonymised. FitzPatrick & Associates Vs

23 Retention of Records 9.14 Sickness records are likely to include sensitive, as well as personal data and such records should only be held if the explicit consent of each employee is obtained or if one of the other conditions for processing sensitive data is satisfied. Sickness records, if needed, will be held locally and not shared or transferred outside of the home country without the explicit consent of the employee Proper security standards should be applied to prevent unauthorised access or accidental loss or destruction of employment records. This could include establishing access controls and passwords to employment records and paying particular attention to the use of s. However, monitoring of usage is subject to the protection of data privacy laws and internet scanning and tracking laws (not applicable to US citizens) The following rules are defined by the European Union and should be followed, unless country-specific laws have different regulations: application form duration of employment references received 1 year payroll and tax information 6 years sickness records 3 years annual leave records 2 years unpaid leave/special leave records 3 years annual appraisal/assessment records 5 years records relating to promotion, transfer, training, disciplinary matters references given/information to enable reference to be provided summary of record of service; eg name, position held, dates of employment 1 year from end of employment 5 years from reference/end of employment 7 years from end of employment records relating to accident or injury 10 years The above retention times may be varied depending upon Manitowoc s intended use of the information and whether the data subject has consented to extended retention periods. Manitowoc should take into account any specific needs it may have when retaining records for a particular employee or group of employees. Where legal provisions require records to be kept for a set time, Manitowoc is obliged to comply with such requirements Manitowoc should not retain records for longer than the standard retention times unless there is a justifiable legal reason for doing so, or unless the employee has given Manitowoc authorisation to do so. Please also refer to the section 11 on the Disposal of Data. FitzPatrick & Associates Vs

24 Records that are no longer needed should be disposed of in a proper and secure manner. Paper records should be disposed of securely and computer records should be deleted so that the computer system does not retain a copy and no backup systems or files retain a copy. Please also see section 5 on Handling and Storing Personal Data and Data Security Manitowoc is aware that its data protection duties to former employees are no less than to current employees. All requests for references or other information about former employees should be dealt with in accordance with this policy. If an employee leaves Manitowoc, Manitowoc will explain how it treats such requests and will obtain the leaving employee s consent to any disclosures Manitowoc intends to make. FitzPatrick & Associates Vs

25 10. Personal Data other than Employee Data 10.1 All personal data held by Manitowoc has the potential to be personal data covered by the data privacy laws. The fact that Manitowoc requires specific items of personal information to meet statutory obligations does not mean that the company can ignore the data privacy laws All Manitowoc records containing personal data, details relating to individuals who are suppliers and file notes referring to individuals (whether employees of Manitowoc, customers, members of the public or otherwise) should be processed in accordance with the data privacy laws whenever they are stored in a relevant filing system (manual and/or electronic) Manitowoc should not retain personal data other than employee data for longer than the standard retention times unless there is a justifiable legal reason for doing so. Please also refer to the procedure on the Disposal of Data (Section 11). FitzPatrick & Associates Vs

26 11. Disposal of Data 11.1 All personal data held by Manitowoc should be retained only as long as is necessary for its proper processing. Please see procedures on Employee Data (Section 9) and Personal Data other than Employee Data (Section 10) All personal data should be periodically reviewed and should be assessed to ensure that inaccurate, excessive and out of date data is destroyed. The destruction and disposal of data should be carried out in accordance with the procedures on Handling and Storing Personal Data and Data Security Each year each [department] should send to the Data Protection Officer a personal data audit notice. This notice should confirm that all personal data held by the [department] has been assessed in accordance with this data protection policy and that inaccurate, excessive and outof-date personal data has been properly disposed of. FitzPatrick & Associates Vs

27 12. Use of CCTV 12.1 Closed Circuit Television (CCTV) systems process personal data. Manitowoc should ensure that all personal data recorded by such systems are processed in accordance with this policy. All employees (excluding US citizens) must be informed of the use of CCTV A record should be kept of all CCTV systems in operation by Manitowoc. The record should contain: what cameras are kept and where; the purpose for the CCTV system. This should include an assessment of the process and the reasons for installation of the system; and confirmation that the CCTV system has been notified to the Information Commissioner, as required by local law CCTV equipment should be sited so that it only records that information which is necessary for the purpose of the scheme. Care should be taken to ensure that images are not taken of domestic areas or, if they are, that Manitowoc restricts this so far as possible All zones covered by CCTV should have signs displayed indicating that persons are entering a CCTV zone. Such signs should be visible and legible The signs should indicate: Manitowoc s name; the purpose of the system (see below); and contact details. For example, a sign could say Images are monitored for security, crime prevention and public safety. Please contact [Manitowoc] within or on [telephone number] for more information CCTV images must not be retained longer than necessary. Images filmed at a depot should only be kept for the period of time a contract is in place or it is clear no crime has been committed The use of CCTV in Germany is subject to the restrictions under the Labour Management Act and is subject to the Co-determination Laws. FitzPatrick & Associates Vs

Merthyr Tydfil County Borough Council. Data Protection Policy

Merthyr Tydfil County Borough Council. Data Protection Policy Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the

More information

Scottish Rowing Data Protection Policy

Scottish Rowing Data Protection Policy Revision Approved by the Board August 2010 1. Introduction As individuals, we want to know that personal information about ourselves is handled properly, and we and others have specific rights in this

More information

CORK INSTITUTE OF TECHNOLOGY

CORK INSTITUTE OF TECHNOLOGY CORK INSTITUTE OF TECHNOLOGY DATA PROTECTION POLICY APPROVED BY GOVERNING BODY ON 30 APRIL 2009 INTRODUCTION Cork Institute of Technology is committed to a policy of protecting the rights and privacy of

More information

University of Limerick Data Protection Compliance Regulations June 2015

University of Limerick Data Protection Compliance Regulations June 2015 University of Limerick Data Protection Compliance Regulations June 2015 1. Purpose of Data Protection Compliance Regulations 1.1 The purpose of these Compliance Regulations is to assist University of Limerick

More information

The Manchester College

The Manchester College The Manchester College The Manchester College Produced by TMC Prin DataProtect pol v1 11/2010 All rights reserved; no part of this publication may be photocopied, recorded or otherwise reproduced, stored

More information

Office of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, 2003. A Guide for Data Controllers

Office of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, 2003. A Guide for Data Controllers Office of the Data Protection Commissioner of The Bahamas Data Protection (Privacy of Personal Information) Act, 2003 A Guide for Data Controllers 1 Acknowledgement Some of the information contained in

More information

Data Protection and Data security Policy

Data Protection and Data security Policy Data Protection and Data security Policy Statement of policy and purpose of Policy 1. Somer Valley Community Radio Ltd (the Employer) is committed to ensuring that all personal information handled by us

More information

Data Protection Policy

Data Protection Policy 1 Data Protection Policy Version 1: June 2014 1 2 Contents 1. Introduction 3 2. Policy Statement 3 3. Purpose of the Data Protection Act 1998 3 4. The principles of the Data Protection Act 1998 4 5 The

More information

Human Resources Policy documents. Data Protection Policy

Human Resources Policy documents. Data Protection Policy Policy documents Aims of the Policy apetito is committed to meeting its obligations under data protection law. As a business, apetito handles a range of Personal Data relating to its customers, staff and

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY The information and guidelines within this Policy are important and apply to all members, Fellows and staff of the College 1. INTRODUCTION Like all educational establishments, the

More information

Information Governance Policy

Information Governance Policy Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its

More information

Data Protection Policy

Data Protection Policy Data Protection Policy CONTENTS Introduction...2 1. Statement of Intent...2 2. Fair Processing or Privacy Statement...3 3. Data Uses and Processes...4 4. Data Quality and Integrity...4 5. Technical and

More information

Policy and Procedure Title: Maintaining Secure Learner Records Policy No: CCTP1001 Version: 1.0

Policy and Procedure Title: Maintaining Secure Learner Records Policy No: CCTP1001 Version: 1.0 PROVIDER NAME: POLICY AREA: College of Computing Technology (CCT) Standard 10: Information Management, Student Information System & Data Protection Policy and Procedure Title: Maintaining Secure Learner

More information

Paperless World Limited

Paperless World Limited Paperless World Limited Security Policy Statement Contents Section 1: Paperless World Limited Security Policy Statement... 2 Section 2: The Data Protection Act 1998... 2 Section 3: Definitions... 2 Personal

More information

HERTSMERE BOROUGH COUNCIL

HERTSMERE BOROUGH COUNCIL HERTSMERE BOROUGH COUNCIL DATA PROTECTION POLICY October 2007 1 1. Introduction Hertsmere Borough Council ( the Council ) is fully committed to compliance with the requirements of the Data Protection Act

More information

Dublin City University

Dublin City University Dublin City University Data Protection Policy Data Protection Policy Contents Purpose... 1 Scope... 1 Data Protection Principles... 1 Disclosure of Personal Data... 2 Summary of Responsibilities... 3 Rights

More information

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1 Protection of Personal Data RPC001147_EN_WB_L_1 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Responsibility of Employees

More information

Policy Document Control Page

Policy Document Control Page Policy Document Control Page Title Title: Data Protection Policy Version: 3 Reference Number: CO59 Keywords: Data, access, principles, protection, Act. Data Subject, Information Supersedes Supersedes:

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection

More information

Data Protection Act a more detailed guide

Data Protection Act a more detailed guide Data Protection Act a more detailed guide What does the Act do? The Data Protection Act 1998 places considerable duties on organisations which process personal data; increases the rights of access by data

More information

Little Marlow Parish Council Registration Number for ICO Z3112320

Little Marlow Parish Council Registration Number for ICO Z3112320 Data Protection Policy Little Marlow Parish Council Registration Number for ICO Z3112320 Adopted 2012 Reviewed 23 rd February 2016 Introduction The Parish Council is fully committed to compliance with

More information

Guidelines on Data Protection. Draft. Version 3.1. Published by

Guidelines on Data Protection. Draft. Version 3.1. Published by Guidelines on Data Protection Draft Version 3.1 Published by National Information Technology Development Agency (NITDA) September 2013 Table of Contents Section One... 2 1.1 Preamble... 2 1.2 Authority...

More information

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19 Protection of Personal Data RPC001147_EN_D_19 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Rules Responsibility

More information

2. Scope 2.1 This policy covers all the activities and processes of the University that uses personal information in whatever format.

2. Scope 2.1 This policy covers all the activities and processes of the University that uses personal information in whatever format. University of Westminster Personal Data Protection Policy For Compliance with the Data Protection Act 1998 1. Background 1.1 The Data Protection Act 1998 (DPA) defines personal data as data and information

More information

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY Originated by: Data Protection Working Group: November 2008 Impact Assessment: (to be confirmed) Recommended by Senate: 28 January 2009 Approved by Council:

More information

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS As a world leader in electronic commerce and payment services, First Data Corporation and its subsidiaries ( First Data entity or entities ),

More information

DATA PROTECTION ACT 1998 COUNCIL POLICY

DATA PROTECTION ACT 1998 COUNCIL POLICY DATA PROTECTION ACT 1998 COUNCIL POLICY Page 1 of 5 POLICY STATEMENT Blackpool Council recognises the need to fully comply with the requirements of the Data Protection Act 1998 (DPA) and the obligations

More information

AlixPartners, LLP. General Data Protection Statement

AlixPartners, LLP. General Data Protection Statement AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection

More information

Data Protection. Policy and Application July 2009

Data Protection. Policy and Application July 2009 Data Protection Policy and Application July 2009 Produced for staff of the House of Commons Service by the Department of Resources Information Rights and Information Security (IRIS) Service Data Policy:

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Policy Details Produced by Assistant Principal Information Systems Date produced Approved by Senior Leadership Team (SLT) Date approved July 2011 Linked Policies and Freedom of Information

More information

Data Protection Policy

Data Protection Policy Data Protection Policy 1. Introduction to the Data Protection Policy Everyone who works for Chorley Council uses personal data in the course of their duties. Chorley Council must gather and process personal

More information

DATA PROTECTION AND DATA STORAGE POLICY

DATA PROTECTION AND DATA STORAGE POLICY DATA PROTECTION AND DATA STORAGE POLICY 1. Purpose and Scope 1.1 This Data Protection and Data Storage Policy (the Policy ) applies to all personal data collected and dealt with by Centre 404, whether

More information

Index. Definitions. What is Data Protection? Rights of Individuals. The 8 Principles of Data Protection

Index. Definitions. What is Data Protection? Rights of Individuals. The 8 Principles of Data Protection Data Protection Awareness Based on DIT s Data Protection Policy, the Data Protection Acts, 1988 & 2003 and guidance from the Office of the Data Protection Commissioner Index Definitions What is Data Protection?

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY Title Author Approved By and Date Review Date Mike Pilling Latest Update- Corporation May 2008 1 Aug 2013 DATA PROTECTION ACT 1998 POLICY FOR ALL STAFF AND STUDENTS 1.0 Introduction 1.1 The Data Protection

More information

Data Protection and Privacy Policy

Data Protection and Privacy Policy Data Protection and Privacy Policy 1. General This policy outlines Conciliation Resources commitments to respect the privacy of people s personal information and observe the relevant data protection legislation.

More information

Corporate ICT & Data Management. Data Protection Policy

Corporate ICT & Data Management. Data Protection Policy 90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control

More information

WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY

WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY Version 3.0 DATA PROTECTION ACT 1998 POLICY CONTENTS 1. INTRODUCTION... 3 2. PROVISIONS OF THE ACT... 4 3. SCOPE... 4 4. GENERAL POLICY STATEMENT...

More information

PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE

PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE ADOPTED ON 9 th January 2008 TABLE OF CONTENTS Page No. 1 Introduction...3 2 Glossary...3 3 Types of Personal Data held by Us...3 4 Obligations

More information

Corporate Policy. Data Protection for Data of Customers & Partners.

Corporate Policy. Data Protection for Data of Customers & Partners. Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing

More information

GSK Public policy positions

GSK Public policy positions Safeguarding Personally Identifiable Information A Summary of GSK s Binding Corporate Rules The Issue The processing of Personally Identifiable Information (PII) 1 and Sensitive Personally Identifiable

More information

Data protection policy

Data protection policy Data protection policy Introduction 1 This document is the data protection policy for the Nursing and Midwifery Council (NMC). 2 The Data Protection Act 1998 (DPA) governs the processing of personal data

More information

OBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data;

OBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; OBJECTS AND REASONS This Bill would provide for (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; (b) the protection of the privacy of individuals in relation

More information

Data Protection Act. Privacy & Security in the Information Age. April 26, 2013. Ministry of Communications, Ghana

Data Protection Act. Privacy & Security in the Information Age. April 26, 2013. Ministry of Communications, Ghana Data Protection Act Privacy & Security in the Information Age April 26, 2013 Agenda Privacy in The Information Age The right to privacy Why We Need Legislation Purpose of the Act The Data Protection Act

More information

Data Protection Policy June 2014

Data Protection Policy June 2014 Data Protection Policy June 2014 Approving authority: Consultation via: Court Audit and Risk Committee, University Executive, Secretary's Board, Information Governance and Security Group Approval date:

More information

Data Protection Policy

Data Protection Policy Data Protection Policy 1. Introduction and purpose 1.1 Children s Hearings Scotland (CHS) is required to maintain certain personal data about individuals for the purposes of satisfying our statutory, operational

More information

Data Protection for the Guidance Counsellor. Issues To Plan For

Data Protection for the Guidance Counsellor. Issues To Plan For Data Protection for the Guidance Counsellor Issues To Plan For Author: Hugh Jones Data Protection Specialist Longstone Management Ltd. Published by the National Centre for Guidance in Education (NCGE)

More information

GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4

GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 PREFACE The following provides general guidance on data protection

More information

Policy and Procedure for approving, monitoring and reviewing personal data processing agreements

Policy and Procedure for approving, monitoring and reviewing personal data processing agreements Policy and Procedure for approving, monitoring and reviewing personal data processing agreements 1 Personal data processing by external suppliers, contractors, agents and partners Policy and Procedure

More information

PRESIDENT S DECISION No. 40. of 27 August 2013. Regarding Data Protection at the European University Institute. (EUI Data Protection Policy)

PRESIDENT S DECISION No. 40. of 27 August 2013. Regarding Data Protection at the European University Institute. (EUI Data Protection Policy) PRESIDENT S DECISION No. 40 of 27 August 2013 Regarding Data Protection at the European University Institute (EUI Data Protection Policy) THE PRESIDENT OF THE EUROPEAN UNIVERSITY INSTITUTE, Having regard

More information

Data Compliance. And. Your Obligations

Data Compliance. And. Your Obligations Information Booklet Data Compliance And Your Obligations What is Data Protection? It is the safeguarding of the privacy rights of individuals in relation to the processing of personal data. The Data Protection

More information

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Sopra HR Software as a Data Processor Sopra HR Software, 2014 / Ref. : 20141120-101114-m 1/32 1.

More information

technical factsheet 176

technical factsheet 176 technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review

More information

Code of Conduct. Corporate Data Protection. We make ICT strategies work

Code of Conduct. Corporate Data Protection. We make ICT strategies work Corporate Data Protection Code of Conduct for the Protection of the Individual s Right to Privacy in the Handling of Personal Data within the Deutsche Telekom Group 2010 / 04 We make ICT strategies work

More information

1.2 Scope This policy and guidance applies to all University staff, students and others who use or process any personal information.

1.2 Scope This policy and guidance applies to all University staff, students and others who use or process any personal information. MANCHESTER METROPOLITAN UNIVERSITY DATA PROTECTION POLICY This policy should be read in conjunction with the Data Protection Guidance, which is attached as: Appendix A Dealing with Personal Data Appendix

More information

Data Protection Policy

Data Protection Policy Data Protection Policy September 2015 Contents 1. Scope 2. Purpose 3. Data protection roles 4. Staff training and guidance 5. About the Data Protection Act 1998 6. Policy 7. The Information Commissioner's

More information

Data Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk

Data Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk Data Protection Act 1998 The for the Borough Council of King's Lynn & West Norfolk 1 Contents Introduction 3 1. Statement of Intent 4 2. Fair Obtaining I Processing 5 3. Data Uses and Processes 6 4. Data

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Document Ref: DPA20100608-001 Version: 1.3 Classification: UNCLASSIFIED (IL 0) Status: ISSUED Prepared By: Ian Mason Effective From: 4 th January 2011 Contact: Governance Team ICT

More information

Data Security and Extranet

Data Security and Extranet Data Security and Extranet Derek Crabtree Schools ICT Support Manager derek.crabtree@merton.gov.uk Target Operating Model 2011 Merton Audit Organisation name: London Borough of Merton Periodic plan date:

More information

Data Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document

Data Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document Data Protection Processing and Transfer of Personal Data in Kvaerner Binding Corporate Rules Public Document 1 of 19 1 / 19 Table of contents 1 Introduction... 4 1.1 Scope... 4 1.2 Definitions... 4 1.2.1

More information

EMMANUEL COLLEGE THE APPLICATION OF THE DATA PROTECTION ACT 1998. Contents

EMMANUEL COLLEGE THE APPLICATION OF THE DATA PROTECTION ACT 1998. Contents EMMANUEL COLLEGE THE APPLICATION OF THE DATA PROTECTION ACT 1998 Contents 1. Introduction Page 2 2. The Data Protection Act 1998 Page 2 3. Review of data used in College departments Page 3 4. Security

More information

Data Protection Policy

Data Protection Policy Data Protection Policy This policy applies to the national office of Special Olympics GB; athletes, volunteers, and paid staff its clubs and regions; all Special Olympics GB donors, sponsors, and supporters;

More information

ATMD Bird & Bird. Singapore Personal Data Protection Policy

ATMD Bird & Bird. Singapore Personal Data Protection Policy ATMD Bird & Bird Singapore Personal Data Protection Policy Contents 1. PURPOSE 1 2. SCOPE 1 3. COMMITMENT TO COMPLY WITH DATA PROTECTION LAWS 1 4. PERSONAL DATA PROTECTION SAFEGUARDS 3 5. ATMDBB EXCEPTIONS:

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY Approval date: June 2014 Approved by: Board Responsible Manager: Executive Director of Resources Next Review June 2016 Data Protection Policy 1. Introduction Data Protection Policy

More information

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and

More information

DATA PROTECTION ACT 2002 The Basics

DATA PROTECTION ACT 2002 The Basics DATA PROTECTION ACT 2002 The Basics Purpose of the Act Balance the rights of an individual with an organisation s legitimate need to process personal data Promote openness and transparency Establish and

More information

Human Resources and Data Protection

Human Resources and Data Protection Human Resources and Data Protection Contents 1. Policy Statement... 1 2. Scope... 2 3. What is personal data?... 2 4. Processing data... 3 5. The eight principles of the Data Protection Act... 4 6. Council

More information

Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data

Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data *) For the purposes of these Corporate Guidelines, Third Countries are all those countries, which do not

More information

Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015

Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015 Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015 1. Introduction and Scope 1.1 The Data Protection Act 1998 is the law that protects personal privacy and applies to any school

More information

UNIVERSITY COLLEGE LONDON CCTV POLICY. Endorsed by the Security Working Group - 17 October 2012

UNIVERSITY COLLEGE LONDON CCTV POLICY. Endorsed by the Security Working Group - 17 October 2012 UNIVERSITY COLLEGE LONDON CCTV POLICY Endorsed by the Security Working Group - 17 October 2012 Endorsed by the Infrastructure IT Services Strategy Group - 18 October 2012 Reviewed and endorsed (with one

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY Version 1.3 April 2014 Contents 1 POLICY STATEMENT...2 2 PURPOSE....2 3 LEGAL CONTEXT AND DEFINITIONS...2 3.1 Data Protection Act 1998...2 3.2 Other related legislation.....4 3.3

More information

PRIVACY POLICY Personal information and sensitive information Information we request from you

PRIVACY POLICY Personal information and sensitive information Information we request from you PRIVACY POLICY Business Chicks Pty Ltd A.C.N. 121 566 934 (we, us, our, or Business Chicks) recognises and values the protection of your privacy. We also understand that you want clarity about how we manage

More information

Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website

Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website Date created: November 2015 Date for review: July 2016 Created by: Mark Vanstone,

More information

Data Protection in Ireland

Data Protection in Ireland Data Protection in Ireland 0 Contents Data Protection in Ireland Introduction Page 2 Appointment of a Data Processor Page 2 Security Measures (onus on a data controller) Page 3 8 Principles Page 3 Fair

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Prepared By: Malkiat Thiarai Head of Corporate Information Management Date of Publication: 23/01/2013 Version: 5.0 Classification: Not Protectively Marked Page 1 Table of Contents

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY MILNBANK HOUSING ASSOCIATION DATA PROTECTION POLICY LS/NOV.2011/REF.P14 1) INTRODUCTION Milnbank Housing Association recognises that the Data Protection Act 1998 is an important piece of legislation to

More information

Human Resources Policy No. HR46

Human Resources Policy No. HR46 Human Resources Policy No. HR46 Maintaining Personal Files and ESR Records Additionally refer to HR04 Verification of Professional Registration HR33 Recruitment and Selection HR34 Policy for Carrying Out

More information

ROYAL AUSTRALASIAN COLLEGE OF SURGEONS

ROYAL AUSTRALASIAN COLLEGE OF SURGEONS 1. SCOPE This policy details the College s privacy policy and related information handling practices and gives guidelines for access to any personal information retained by the College. This includes personal

More information

Data protection compliance checklist

Data protection compliance checklist Data protection compliance checklist What is this checklist for? This checklist is drawn up on the basis of analysis of the relevant provisions of European law. Although European law aims at harmonizing

More information

Data protection. The employment practices code

Data protection. The employment practices code Data protection The employment practices code Contents 3 Contents About the code 4 Managing data protection 11 Good practice recommendations 11 Part 1: Recruitment and selection 14 About Part 1 of the

More information

Data Protection Good Practice Note

Data Protection Good Practice Note Data Protection Good Practice Note This explanatory document explains what charities and voluntary organisations need to do to comply with the Data Protection Act 1988 as amended by the Data Protection

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY DATA PROTECTION POLICY Document Control Information Title Data Protection Policy Version V1.0 Author Diana Watt Date Approved 21 February 2013 Review Date Annually, on the anniversary

More information

LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT

LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT 2300 Pursuant to its authority from Article 59 of the Rules of Procedure of the Croatian Parliament, the Legislation Committee determined the revised text

More information

This Applicant Privacy Notice Continental Europe is dated: July 2012 WILLIS.COM: PRIVACY NOTICE

This Applicant Privacy Notice Continental Europe is dated: July 2012 WILLIS.COM: PRIVACY NOTICE Applicant Privacy Notice for Positions in Willis Companies Located in the European Union and European Economic Area Excluding the United Kingdom ( Applicant Privacy Notice Continental Europe ) This Applicant

More information

Rick Parsons Information Governance Officer County Hall 01865 323593 rick.parsons@oxfordshire.gov.uk

Rick Parsons Information Governance Officer County Hall 01865 323593 rick.parsons@oxfordshire.gov.uk Rick Parsons Information Governance Officer County Hall 01865 323593 rick.parsons@oxfordshire.gov.uk 1 THE DATA PROTECTION ACT 1998 2 Requirements of the Act Roles & Responsibilities Best Practice 3 The

More information

So the security measures you put in place should seek to ensure that:

So the security measures you put in place should seek to ensure that: Guidelines This guideline offers an overview of what the Data Protection Act requires in terms of information security and aims to help you decide how to manage the security of the personal data you hold.

More information

Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect.

Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect. PRIVACY POLICY 1. Introduction Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect. We will only collect information that

More information

Direct Recruitment Privacy Policy

Direct Recruitment Privacy Policy Direct Recruitment Privacy Policy Direct Recruitment manages personal information in accordance with the Privacy Act 1988 and Australian Privacy Principles (APP). This policy applies to information collected

More information

Data Protection Act 1998 Codes of Practice. The Employment Practices DP Code Part 1: Recruitment and Selection

Data Protection Act 1998 Codes of Practice. The Employment Practices DP Code Part 1: Recruitment and Selection Data Protection Act 1998 Codes of Practice The Employment Practices Data Protection Code CONTENTS CONTENTS... 1 Who is the Code for?... 3 Why should you use it?... 3 Other parts of the Code... 3 Five sections...

More information

Personal Data Act (1998:204);

Personal Data Act (1998:204); Personal Data Act (1998:204); issued 29 April 1998. Be it enacted as follows. General provisions Purpose of this Act Section 1 The purpose of this Act is to protect people against the violation of their

More information

Caedmon College Whitby

Caedmon College Whitby Caedmon College Whitby Data Protection and Information Security Policy College Governance Status This policy was re-issued in June 2014 and was adopted by the Governing Body on 26 June 2014. It will be

More information

DATA PROTECTION AUDIT GUIDANCE

DATA PROTECTION AUDIT GUIDANCE DATA PROTECTION AUDIT GUIDANCE CONTENTS Section I: Section II: Audit of Processing of Personal Data Audit Procedure Appendices: A B C D E Audit Form List of Purposes List of data subjects List of data

More information

Information Sharing Policy

Information Sharing Policy Information Sharing Policy REFERENCE NUMBER IG 010 / 0v3 February 2013 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive Committee 5.2.13 REVIEW DUE DATE February 2016 West Lancashire CCG is committed

More information

Align Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved.

Align Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved. Align Technology Data Protection Binding Corporate Rules Controller Policy Contents INTRODUCTION 3 PART I: BACKGROUND AND ACTIONS 4 PART II: CONTROLLER OBLIGATIONS 6 PART III: APPENDICES 13 2 P a g e INTRODUCTION

More information

Linde Integrity Line. Process and Data Protection Policy. 1 July 2007

Linde Integrity Line. Process and Data Protection Policy. 1 July 2007 Linde Integrity Line Process and Data Protection Policy 1 July 2007 Page 2 of 10 Table of Contents Preamble 3 1 Scope of application 3 2 Definitions 3 3 Submitting Reports Regular Channels 3 4 Submitting

More information

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt QUEENSLAND COUNTRY HEALTH FUND privacy policy Queensland Country Health Fund Ltd ABN 18 085 048 237 better health cover shouldn t hurt 1 2 contents 1. Introduction 4 2. National Privacy Principles 5 3.

More information

Data Protection Guidance

Data Protection Guidance 53 September 2010 Management Circular No. 53 Glasgow City Council Education Services Wheatley House 25 Cochrane Street Merchant City GLASGOW G1 1HL To Heads of all Educational Establishments Data Protection

More information

John Leggott College. Data Protection Policy. Introduction

John Leggott College. Data Protection Policy. Introduction John Leggott College Data Protection Policy Introduction The College needs to keep certain information about its employees, students and other users to allow it to monitor performance, achievements, and

More information

Data Protection Policy.

Data Protection Policy. Data Protection Policy. Data Protection Policy Foreword 2 Foreword Ladies and Gentlemen, In the information age, we offer customers the means to be always connected, even in their cars. This requires data

More information

Closed Circuit Television (CCTV) code of practice. Based on the publication A Code of Practice for CCTV www.ico.gov.uk

Closed Circuit Television (CCTV) code of practice. Based on the publication A Code of Practice for CCTV www.ico.gov.uk Closed Circuit Television (CCTV) code of practice Based on the publication A Code of Practice for CCTV www.ico.gov.uk Owner: Ian Heywood Last reviewed: July 2011 Contents 1.0 Introduction... 4 2.0 CCTV

More information