Data protection policy
How we protect your data
R & M Developments Ltd is committed to complying with data protection legislation, as applicable to the company business activities and responsibilities. The types of data held and the controls on those data are detailed in our accredited quality management system. No personal data is held in relation to clients, the company only deals with business clients. The company holds data on employees and labour only sub-contractors, only to the extent required to ensure compliance with other legislation, e.g. tax and health and safety legislation.
The Directors are jointly responsible for ensuring compliance with the GDPR requirements and ensure that the nominated relevant personnel are trained in relation to data protection requirements, company systems for obtaining, maintaining and protecting data and in the identification of data breaches and associated reporting procedures. All personnel are informed in general terms of the company’s Data Protection Policy as part of their induction.
Our systems ensure compliance with the ‘data protection principles’ as detailed in the data protection legislation, ensuring that information is:
- Used fairly, lawfully and transparently
- Used for specified, explicit purposes
- Used in a way that is adequate, relevant and limited to only what is necessary
- Accurate and, where necessary, kept up to date
- Kept for no longer than is necessary
- Handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage
- Employees’ personal data safe, secure and up to date.
The following data is kept routinely, and in accordance with our accredited management system, as far as is relevant, in relation to employees and labour only sub-contractors:
- Name
- Address
- Date of birth
- Sex
- Education and qualifications
- Work experience
- National Insurance number
- Tax code
- Emergency contact details
- Employment history with the organisation
- Employment terms and conditions (eg pay, hours of work, holidays, benefits, absence)
- Any accidents connected with work
- Any training carried out
- Any disciplinary action
We would obtain employees’ permission to keep certain types of ’sensitive’ data, including:
- Race and ethnicity
- Religion
- Political membership or opinions
- Trade union membership
- Genetics
- Biometrics, for example if your fingerprints are used for identification
- Health and medical conditions
- Sexual history or orientation
However, with the exception of information health and medical conditions, required to assess any risks to an individual, there are no records held of any of the above. This data would be kept more securely than other types of data.
If an employee, or labour only sub-contractor, asks to find out what data is kept on them, we will provide a copy of the information within 30 days. We will not keep data any longer than is necessary.
Any breaches are responded to, recorded and reported as required in accordance with our Data Breach Procedure.
Data is also held by our appointed HR Consultants who have a Data Protection Policy comparable to our own.
This policy will be explained to all personnel as part of their company induction and be displayed in the company offices. It will be reviewed at the highest level in the organisation annually, and additionally in response to any identified issue in relation to compliance and in response to any changes in legislation, guidance of published best practice.