Safeguards and Security of Information
1. Rights of Search
The Company has the contractual right to carry out searches of employees and their property (including vehicles) whilst they are on Company premises or the premises of the Company’s clients. These searches are random and do not imply suspicion in relation to any individual concerned. If this should happen, if practicable, you will be accompanied by a third party who is on the premises at the time a search is taking place, or at the time that any further questioning takes place. You may be asked to remove the contents of your pockets, bags, vehicles, etc. Whilst you have the right to refuse to be searched, refusal by you to agree to being searched will be deemed to constitute a Breach of Contract, which could result in your dismissal.
Company property, including equipment, tools, etc of any kind must not be left unattended in vehicles at any time, and especially not overnight. Should any Company property be lost or stolen as a result of being left unattended or in the vehicle overnight, the employee responsible will be liable to reimburse the Company. The Company has the right to deduct the value of any such lost or stolen equipment from your wages, either in one sum or in agreed instalments.
The Company reserves the right to call in the Police at any stage.
All written materials (whether held on paper, electronically or magnetically) which were made or acquired by you during the course of your employment with the Company, are the property of the Company and the Company retains copyright ownership.
At the time of termination of your employment with us, or at any other time upon demand, you shall return to us any such materials in your possession.
3. Statements to the Media
Any statements to reporters from newspapers, radio, television, etc, in relation to the Company’s business may only be given with the approval of a Director or Managing Director of the Company.
4. How long will you keep my personal data?
4.1 Personal Telephone Calls and Internet usage
If personal calls are necessary, they must be kept to a minimum and with the prior permission of your Manager.
Whilst the Company will tolerate essential personal telephone calls made or received concerning your domestic arrangements, excessive use of the telephone for personal calls is prohibited. This includes lengthy, casual chats, non-essential calls, calls outside the UK and calls at premium rates.
Not only does excessive time engaged in personal telephone calls lead to loss of productivity, it also constitutes an unauthorised use of the Company’s time. If the Company discovers that the above systems have been used excessively for personal calls or use, this will be dealt with under the Company’s Disciplinary Policy and you may be required to repay any costs incurred.
The internet is provided exclusively for use in connection with your work. If you wish to use this for personal use you require written permission. Any unauthorised use of the internet will constitute a disciplinary offence.
4.2 Mobile Telephones
Personal mobile telephones should be switched to silent mode and their use should be kept to an absolute minimum during working hours. If individuals are using their mobiles excessively during working hours, or taking breaks from work to make non-essential mobile calls or to send text messages they will be asked not to bring mobiles to work.
Please be aware that certain operations performed on mobile phones may breach our rules and procedures. Despatch of text messages or digital images that are – or could be – deemed offensive is strictly prohibited.
Photographing or filming of fellow colleagues, customers, visitors or any member of the public without their consent may breach an individual’s right to privacy and could, in certain circumstances, constitute sexual harassment.
The Company does not endorse the use of mobile phones whilst driving on Company business, even if using an ear-piece and wire device. Any calls received can be diverted to voicemail and collected and returned when stationary.
If you use an appropriate hands-free mobile phone device permitted by legislation and lose proper control of the vehicle, you are still potentially liable to criminal prosecution.
4.3 Other Remote Devices
You are not permitted to use or listen to iPods, MP3 players, or other similar personal music devices during working hours. If you fail to comply with this rule you will be subject to disciplinary action.
5. Personal Correspondence
You must not conduct any personal correspondence from the Company’s office/site addresses.
All mail received by the Company will be opened, including mail addressed to you. Private mail, therefore, should not be sent care of the Company address. No private mail may be posted at the Company’s expense, except in those cases where a formal re-charge arrangement has been made.
You may arrange for small personal items of a non-hazardous nature to be delivered to the Company address during working hours in situations where it would be difficult to have the items posted to your home. Opening and dealing with items delivered to the office should be restricted to outside of working hours.
6. Personal Information
It is important that the Company maintains up-to-date records of key information on all of its employees. You should, therefore, notify your Manager of any changes in your personal circumstances as soon as they occur. Examples include change of address, telephone number, marital status, bank details, next-of-kin and next-of-kin’s address for contact purposes. From time to time, we may ask you to review your information on the Timegate portal to ensure our records are up-to-date.
The Company considers it is essential that personal information about its employees should be kept confidential. You will, upon request, be informed who has access to this information. In addition, you have the right to know what information of a personal nature the Company holds. To ensure compliance with the Data Protection Act 1998 (see below):
- The Company holds the minimum personal data necessary to enable it to perform its functions and every effort is made to ensure that data is accurate and up-to-date.
- The Company will provide to any employee who requests it a written copy of personal data currently held on them. Should a material inaccuracy be discovered, it will be corrected or erased and a further written copy will be provided showing the amended details.
Any enquiries regarding the above should be directed to your Manager.
7. Data Protection
In the course of your work, you may come into contact with and use confidential personal information about other employees, clients, customers, suppliers, agents, contractors and other people, such as their names and home addresses. This Policy helps you to ensure that you do not breach the Data Protection Act 1998. The Act provides strict rules governing the collection, retention, storage, use and disclosure of personal information. Information protected by the Act includes not only personal data held on computer but also certain
manual records that form part of a structured filing system. If you are in any doubt about what you can or cannot disclose and to whom, do not disclose the personal information until you have sought further advice from your Manager. It is a criminal offence to knowingly or recklessly disclose personal data in breach of the Act. Accessing another employee’s personal records without authority is a disciplinary offence and may amount to gross misconduct.
The Company holds personal data about you and will process it in accordance with your rights under the Act.
7.2 The Data Protection Principles
The Act requires that eight data protection principles be followed in the handling of personal data. These are that personal data must be:
- Fairly and lawfully processed.
- Processed for limited purposes and not in any manner incompatible with those purposes.
- Adequate, relevant and not excessive.
- Not kept for longer than is necessary.
- Processed in accordance with the data subject’s rights.
- Not transferred between countries without adequate protection.
The Company is committed to following these principles and will be open and transparent about what the data will be used for. The Company will process personal data about you only as far as is necessary for the purpose of managing the Company’s business in which you are employed. Unless you expressly authorise its disclosure, your personal data will not be disclosed to anyone else other than authorised employees, those who provide relevant products to the Company (such as advisers and payroll administrators), regulatory authorities, potential or future employers, governmental or quasi-governmental organisations and potential purchasers of the Company or of that part of the business in which you work. The Company will only obtain personal data about you that is required for the purpose of managing the business and dealing with you as an employee of that business.
The Company will take all reasonable steps to ensure that the personal data that is processed is accurate and not excessive. Personal data will be retained as necessary during the course of your employment and records will be retained for up to seven years after you leave the Company’s employment in case legal proceedings arise during that period. Different categories of data may be retained for different periods of time depending on legal, operational and financial requirements. Data will only be retained for a period of longer than seven years if it is material to ongoing legal proceedings or it should otherwise be retained in the interests of the Company after that period.
Manual personal data, such as personnel files, is stored in locked filing cabinets until transferred to computer and then destroyed. Personal data held on computer is stored confidentially by means of password protection. The Company has a network of back-up procedures to ensure that data on computer cannot accidentally be lost or destroyed.
The Act prohibits the transfer of personal data outside the European Economic Area to countries that do not have similar protection of data except in some circumstances or with the subject’s consent. The Company requires your consent under your Contract of Employment to such transfers should they be necessary. The reason for this is that, with the use of the Internet and email, data can be transferred to a computer or server in such a country in the course of a transfer between parties within the European Economic Area. Also the Company may have offices or subsidiary companies or agents or contractors in such countries now or in the future and therefore transfers of data could be necessary as part of the management of the Company’s business and the performance of your Contract of Employment.
7.3 Consent to Processing
It is a requirement under the Act that you consent to the Company processing personal data about you. Some data is referred to in the Act as ‘sensitive’ personal data. This means personal data comprising information relating to:
- Race or ethnic origin.
- Political opinions.
- Trade Union membership.
- Religious or other beliefs.
- Physical or mental health or condition.
- Sexual life.
- Criminal offences both committed and alleged.
It, therefore, follows that some of the personal information that the Company will have to process about you will be sensitive personal data, for example, information about your physical or mental health in order to monitor sick leave and take decisions about your fitness for work and your racial or ethnic origin, or religious or similar beliefs, in order to monitor compliance with equal opportunities legislation.
It is a term of your Contract of Employment that you expressly consent to the Company collecting, retaining and processing data including sensitive personal data about you for legal, personnel, administrative and management purposes. This data includes but is not limited to your name and address, salary details, bank details, date of birth, age, sex, ethnic origin, next of kin, sickness records, medical reports and details of criminal convictions. This information will only be used in order that the Company can monitor its compliance with the law and best practice in areas such as equal opportunity, pay and benefits, administration, performance appraisal and disciplinary matters. If your personal information changes, you should let the Company know so that its records can be updated.
Unless you give this consent it is not necessarily lawful for the Company to process the personal data that we need in order to keep the necessary records about your employment and, therefore, it is not possible for the Company to meet the needs of running its business in relation to your employment without your consent.
7.4 Your Rights to Access Personal Information
Under the Act, you have the right to find out what personal information the Company holds about you, and to ask for a copy of that personal data. You also have the right to demand that any inaccurate data be corrected or removed and to seek compensation where you suffer damage or distress as a result of any breach of the Act by the Company.
You have the right on request to:
- Be told by the Company whether and for what purpose personal data about you is being processed.
- Be given a description of the personal data concerned and the recipients to whom it is or may be disclosed.
- Have communicated in an intelligible form the personal data concerned, and any information available to the Company as to the source of the data.
- Be informed in certain circumstances of the logic involved in computerised decision-making.
A request for access to any personal data that relates to you should be made in writing to your Manager and should specify what personal data your request relates to. You can use the Company’s Personal Data Request Form for this purpose, a copy of which can be obtained from your Manager. We reserve the right to charge a fee of up to £10.00 or such higher amount as is permitted by law from time to time before access can be granted. The Company also reserves the right to make further enquiries of you in order to satisfy itself as to your identity and to help it to locate the personal data that you have requested.
Upon receipt of a request, it is Company policy to provide copies of all personal data that it is obliged to disclose within 40 days of your request being received. The Company considers that if a period of less than one year has elapsed since any previous request for access to your personal data was complied with, it is not reasonable to expect the Company to comply with a further request unless there are exceptional circumstances.
Should you wish to bring any inaccuracy in disclosed data to the Company’s attention you must do so in writing to your Manager. It is the Company’s policy to ensure that all data is as accurate as possible and all necessary steps will be taken to rectify any inaccuracies.
Where the Company has requested a reference in confidence from a referee and that reference has been given on terms that it is confidential and that the person giving it wishes that it should not to be disclosed to you, it is Company policy that it would normally be unreasonable to disclose such a reference to you unless the consent of the person who gave the reference is first obtained.
The Company reserves the right not to disclose to you any management forecasts or management planning documentation, including documents setting out the Company’s plans for your future development and progress.
7.5 Your Obligations in Relation to Personal Information
You must comply with the following guidelines at all times:
- Do not give out confidential personal information except to the data subject. In particular, it should not be given to someone, either accidentally or otherwise, from the same family or to any other unauthorised third party unless the data subject has given their explicit consent to this.
- Be aware that those seeking information sometimes use deception in order to gain access to it. Always verify the identity of the data subject and the legitimacy of the request, particularly before releasing personal information by telephone.
- Only transmit personal information between locations by fax or email if a secure network is in place, for example, if a confidential fax machine or encryption is used for email.
- If you receive a request for personal information about another employee, you should forward this to your Manager.
- Ensure that any personal data which you hold is kept securely, either in a locked filing cabinet or, if it is computerised, it is password protected.
- Do not include personal data in any email addressed to a recipient outside the European Economic Area (EEA) without their prior explicit consent. Note: the EEA comprises Member States of the European Union plus Iceland, Liechtenstein and Norway.
8. Confidential Information
Definitions of the Company Confidential Information Policy include information that:
- Has been acquired by you during, or in the course of, your employment, or has otherwise been acquired by you in confidence.
- Relates particularly to the Company’s business or that of other persons or bodies with whom the Company has dealings of any sort.
- Has not been made public by the Company or with its authority.
During the course of your employment, you may have access to or learn trade secrets and confidential information concerning the Company or any Group Company and its activities, services and clients. You must not divulge any of this information, either during your employment or after it has ended, unless it is necessary for you to carry out your responsibilities in the proper course of your duties to do your job.
You are to exercise reasonable care to keep safe all documentary or other material containing confidential information, and shall at the time of termination of your employment with the Company, or at any other time upon demand, return to us any such materials in your possession.
This restriction shall continue to apply after the termination of your employment without limitation in time but shall cease to apply to any information or knowledge which subsequently comes into the public domain, other than by way of unauthorised disclosure by you.
1 April 2022