GDPR – Data Protection Policy
1.2 This Policy aims to protect and promote the rights of all individuals and Park Home Energy. It identifies information that is to be treated as confidential and the procedures for collecting, storing, handling, and disclosing such information.
2. POLICY STATEMENT
2.1 Park Home Energy will comply with all the requirements of the Data Protection Acts and all other relevant legislation relating to the collection, storage, control and disclosure of personal data.
2.2 Park Home Energy recognises the fact that personal information is confidential and unauthorised disclosure is an offence under the Data Protection Act and a breach of this policy.
3.1 Data for the purposes of the legislation is defined as, personal information which is processed by means of equipment operating automatically (e.g. a computer) and is recorded for that purpose or is recorded as part of a manual filing system.
3.2 Personal Data means data (or personal information) which relates to a living individual who can be identified from the data held about them.
3.3 Sensitive Personal Data is a further category of personal data held about data subjects such as information regarding the data subjects racial or ethnic origin, their political or religious beliefs, their trade union membership, their physical or mental health or condition, their sexual life or whether they have been the subject of legal proceedings for any offence can only be disclosed in certain specified circumstances such as where they have given their explicit written consent or the processing of the data is necessary for certain reasons specified in the legislation such as to protect the vital interests of the data subject where it is not possible to obtain their consent, e.g. where they are so ill that they cannot give consent to disclosure about their medical condition.
3.4 Processing means, obtaining, recording or holding the personal information or carrying out operations or a set of operations on the data including its organisation, adaptation, alteration, retrieval, consultation, disclosure by transmission, dissemination or otherwise or alignment, combination, blocking, erasure or destruction of the information or data.
3.5 The Data Controller for the purposes of this Policy is Park Home Energy who is responsible for the processing of the personal data relating to the data subjects referred to in this Policy.
3.6 Data Subjects for the purpose of this Policy are Director(s), employees, applicants for employment, customers and suppliers of goods and services to Park Home Energy on whom personal data is held by Park Home Energy.
3.7 Recipients of Data for the purposes of this policy are those persons and bodies who Park Home Energy disclose personal data to in order to perform its functions as a registered social landlord or is obliged to do so if required by law.
3.8 The Data Protection Officer for Park Home Energy is the Company’s Director.
4. DATA PROTECTION PRINCIPLES
4.1 Under the GDPR, there are six data protection principles that Park Home Energy must comply with. These provide that the personal information we hold about you and our customers must be:
- Processed lawfully, fairly and in a transparent manner.
- Collected only for legitimate purposes that have been clearly explained to you and not further processed in a way that is incompatible with those purposes.
- Adequate, relevant and limited to what is necessary in relation to those
- Accurate and, where necessary, kept up to date.
- Kept in a form which permits your identification for no longer than is necessary for those purposes.
- Processed in a way that ensures appropriate security of the data.
4.2 Park Home Energy is responsible for, and must be able to demonstrate compliance with, these principles. This is called accountability.
5. DATA STORAGE
5.1 Personal data is stored in paper and electronic formats. Paper data is printed only when required and disposed of by confidential means.
5.2 Data held electronically is stored on one drive systems managed by in house Servers. Access to these platforms is secure, partitioned and permitted only through authorised password enabled login.
6.1 Personal data is held for multiple purposes, each purpose carries differing retention period requirements. Retention periods are made clear in our ‘Required Retention Period Tracker’.
7. DATA ACCESS REQUESTS
7.1 Access to information by clients, customers, employees, director(s), employment applicants and suppliers and bodies who have a legal right to have information, and any amendments to incorrect or inaccurate information held, will be in accordance with the Data Protection legislation and other legislation relating to the disclosure of personal information.
7.2 Where a data subject requests to see information held about them this will be supplied to them on completion of a request in writing and payment of the appropriate fee and in accordance with the Data Protection legislation. Where any personal data held on data subjects is found to be inaccurate it will be rectified immediately.
8.1 Park Home Energy will follow all the guidelines and principles laid down under the Data Protection and related legislation regarding registration, storage, access and disclosure restrictions of personal data.
8.2 All automated and paper systems using personal data will be registered as required by the Data Protection legislation. All systems of recording personal information will be designed to comply with the eight Data Protection principles.
8.3 In order to ensure that personal data about individuals is accurate, relevant and up to date, an annual review and “weeding” of files will be undertaken by Park Home Energy.
8.4 Members of staff, tenants or housing applicants will be offered a private place to discuss with Park Home Energy information of a personal or confidential nature, if requested.
8.5 Information relating to tenants and housing applicants will be retained as long as necessary to perform the functions of Broad Oak Properties Limited as a registered social landlord.
8.6 Employment application forms will contain a paragraph outlining how the application form will be used and seeking ‘consent’ from the applicant for the use of the personal data in dealing with their application.
9. INFORMATION HELD
9.1 All information that is held will be relevant for the purpose for which it is required. Data subjects will have the right to see the information held about them on payment of the appropriate fee and to have any inaccurate data corrected in accordance with the Data Protection Act
10. DISCLOSURE OF INFORMATION
10.1 Confidential information held will only be passed on to other organisations on a need to know basis and with an individuals consent unless there are exceptional circumstances. Exceptional circumstances include:
- where there is clear evidence of fraud;
- to comply with the law;
- in connection with legal proceedings;
- where it would be essential for Park Home Energy to enable the company to carry out it’s duties, e.g., where the health an safety of an individual would be at risk by not disclosing the information or where there is a legal requirement to do so.
- Anonymously for statistical or research purposes
11. DISPOSAL OF INFORMATION
11.1 Where personal and confidential information is no longer required it will be destroyed by shredding, or other confidential waste disposal methods.
12. COMPLAINTS ABOUT THIS POLICY
12.1 All employees will be informed of this policy and of the need to keep personal data confidential and secure and will be asked to sign a declaration to say that they have read and understood it.
12.2 Any complaints or breaches of confidentiality should be reported using Park Home Energy grievance procedure.
13.1 All staff responsible for handling confidential employee information will receive training on Park Home Energy’s Data Protection Policy and it will be included as part of the induction programme for new staff who are required to handle confidential information on data subjects including Park Home Energy’s obligations under the Data Protection legislation and that the breach of Park Home Energy’s duties to data subjects will result in appropriate disciplinary action being taken against them.
14.1 It is the responsibility of the appropriate staff and Park Home Energy members to maintain the principles as set out within this policy. A breach of which is a serious offence under the Data Protection legislation, and a contravention of this policy.
14.2 The overall responsibility for compliance with the Data Protection Policy lies with the Director. The day to day responsibility for administering this policy lies with the Director who will also monitor that Park Home Energy’s statutory obligations are being met.
14.3 It is the responsibility of all staff to inform the director when they are made aware of a breach of confidentiality and the Data Protection Officer. The Director is responsible for taking appropriate action when made aware of a breach of confidentiality.
14.4 The Director is responsible for ensuring that all relevant staff have the necessary training in Data Protection
14.5 The Director shall be responsible for ensuring that the Data Registration is maintained and kept up to date, up-dating this Policy and dealing with Data Requests from Data Subjects.
15.1 Park Home Energy’s work involves confidential information about customers and the Company’s business and that confidentiality will be respected.
15.2 The Policy requires that employees will not use any information obtained in the course of their employment for personal gain or benefit nor will they pass it on to others who might use it in such a way.
15.3 Employees will treat as confidential:
- Information concerning people – customers, staff, applicants, etc
- Matters of Park Home Energy’s business which are defined as confidential
- Matters of funders or other partners business
16. MONITORING AND REVIEW
16.1 Files will be monitored on an ongoing basis to ensure that they comply with this Policy.
16.2 The Data Protection Policy will be reviewed regularly to ensure that it is effective and complies with current good practice. A review will be carried out sooner should there be any changes to statutory requirements.