Home Telephone Location
Established 1977

Staff Data Protection Policy

The purpose of this policy is to be a guideline for employees of Aidan Strain Electrical Engineering Limited, to clearly lay out how they may use data, how they can keep it secure and the consequences of misuse. This relates to employee data, customer data and supplier data. When processing data employees have the responsibility of ensuring that they are not breaching any of the following rights of the data subject:

  • The right to be informed about the data we hold on you and what we do with it
  • The right to access the personal data we hold about you (free of charge in most cases)
  • The right to correct any inaccuracies in the data we hold on you
  • The right to have your data deleted (in certain circumstances)
  • The right to restrict the processing of your data
  • The right to transfer data we hold on you to another party
  • The right to object to the inclusion of any of your data

Data Processing

Staff Protocol

Emails:

Sending and receiving emails containing personal information within the email address, signature or email itself

  • All computers must have a password
  • All email accounts must have a password
  • Employees should not share their passwords with anyone (not even other employees)
  • All emails older than 6 years (including archived emails) must be deleted
  • Highly sensitive personal information, (e.g. financial details etc.) must not be sent via email. Google drive or Dropbox should be used instead

Own Devices:

Using your own laptop/phone for work related activities

  • All own devices being used for ASEE business must be password protected and have suitable anti-virus software and a firewall
  • If they hold ASEE data they should not be used by anyone else i.e. no family members/friends

Payslips:

  • Payslips will no longer be sent by email, because this poses too great a risk to personal data
  • Payslips will now be uploaded to a secure online password protected portal
  • Employees should not share their portal passwords with anyone else

Desktops: personal data saved on desktops and desktops left accessible while desks are unattended

  • No personal data is to be saved on the desktop
  • Personal data should be stored within (password protected/locked) drives on the computer
  • Computers should be locked when you are leaving your desk for lunch/break etc.

Diaries: personal information stored within diaries for general business dealings e.g. phone numbers, addresses, etc.

  • Diaries should not be left open on desks when not being used
  • Diaries containing personal data should be placed in a secure drawer/cupboard at the end of the day

Paper:

  • Any paper documents older than 6 financial years relating to past employees/customers/suppliers must be destroyed by shredding or disposal in the grey and yellow confidential waste bins
  • Any paper documents containing personal data must be kept in locked cabinets/desks which only one person has access to

Memory Pens/External Hard Drives:

  • Memory pens should only be used if it is essential (computer drives or google drive could be used as alternatives)
  • Data off old memory pens should be deleted and/or moved to a different secure location
  • If memory pens are required ASEE will provide encrypted memory pens

Google Drive/Drop Box: used to store and share personal information across the EU

  • Google drive/dropbox access is and will continue to be limited i.e. access is by invite only
  • Employees should not share documents containing personal data unless it is necessary
  • Documents will be deleted after 6 years

P Drive: server used to store and share data on the central computer system

  • P drive access is limited
  • Content on the P drive will be further divided up into locked sections
  • Data will be deleted after 6 years

Sage:

  • Sage access is limited to only some employees and is password protected
  • Personal details will be deleted after 6 years

Special Categories of Data: (nationality, ethnic origin, religion etc.)

  • This data is collected for employees only
  • Access to this data is limited to the Human Resources department
  • Special category data will be deleted after 6 years
  • Consent must be obtained from employees to collect and hold this data
  • Employees may withdraw consent at any time

Sub-Contractors/Site Managers: collect and share personal data for other onsite employees

  • Employee paper records should be kept in a locked filing cabinet onsite
  • Employee electronic records should only be shared with ASEE human resources department

Third parties: where necessary, employees may have the responsibility of sharing data with some third parties

  • Employees should only share data with third parties if they know it is essential, legal, secure and will not breach any of the rights of the data subject
  • Data should only be shared with third parties with whom we have a contract, stipulating the standard of data protection they must adhere to

Data Sharing Requests:

  • If someone requests personal information relating to another employee you must
  1. Ask the reason for the request and if you decide that it is a legitimate reason (and not a nuisance caller) then
  2. Only give out their work phone number or email address
  3. Private address/phone numbers/email address should not be shared under any circumstances
  4. Other personal data, such as financial information, should not be shared under any circumstances
  • If someone requests data about a customer you must not give out this information under any circumstances

 Date to be reviewed: 01/03/19

 

Fill in the form below and we will contact you as soon as possible.







Tel:
028 30 88 88 61
Find Us
See Map