Data Protection Policy
This policy applies to:
- All UK offices of Servoca Secure Solutions;
- its operational sites;
- all contractual workers operating on behalf of Servoca Secure Solutions.
- paid staff and volunteers.
Servoca Secure Solutions recognises that its first priority under the Data Protection Act is to avoid causing harm to individuals. In the main this means:
- keeping information securely in the right hands, and
- holding good quality information.
Secondly, the Act aims to ensure that the legitimate concerns of individuals about the ways in which their data may be used are taken into account. In addition to being open and transparent, Servoca Secure Solutions will seek to give individuals as much choice as is possible and reasonable over what data is held and how it is used.
Servoca Secure Solutions has identified the following potential key risks, which this policy is designed to address:
- Breach of confidentiality (information being given out inappropriately) — especially at branch level.
- Insufficient clarity about the range of uses to which data will be put — leading to Data Subjects being insufficiently informed
- Failure to offer choice about data use when appropriate
- Breach of security by allowing unauthorised access - especially at branch level.
- Failure to establish efficient systems of managing changes to branch volunteers, leading to personal data being not up to date.
- Harm to individuals if personal data is not up to date
- Insufficient clarity about the way seasonal workers’ or volunteers’ personal data is being used e.g. given out to general public.
- Failure to offer choices about use of contact details for staff, volunteers, seasonal workers or branch officers
- Data Processor contracts
The Data Protection Officer is currently Bimal Patel, with the following responsibilities:
- Briefing the board on Data Protection responsibilities
- Reviewing Data Protection and related policies
- Advising other staff on Data Protection issues
- Ensuring that Data Protection induction and training takes place
- Handling subject access requests
- Approving unusual or controversial disclosures of personal data
- Approving contracts with Data Processors
Each department where personal data is handled is responsible for drawing up its own operational procedures (including induction and training) to ensure that good Data Protection practice is established and followed.
All staff are required to read, understand and accept any policies and procedures that relate to the personal data they may handle in the course of their work.
Significant breaches of this policy will be handled under Servoca Secure Solutions’ disciplinary procedures.
Because confidentiality applies to a much wider range of information than Data Protection, Servoca Secure Solutions has a separate Confidentiality Policy.
Where anyone within Servoca Secure Solutions feels that it would be appropriate to disclose information in a way contrary to the confidentiality policy, or where an official disclosure request is received, this will only be done with the authorisation of the Data Protection Officer. All such disclosures will be documented.
Servoca Secure Solutions has identified the following risks:
- Information passing between the UK office and branches or mailing houses could go astray or be misdirected.
- Staff or volunteers with access to personal information could misuse it.
- Seasonal workers or, more likely, volunteers could continue to be sent information after they have stopped working for Servoca Secure Solutions, if their records are not updated promptly.
- Poor web site security might give a means of access to information about individuals once individual details are made accessible on line.
Staff may be tricked into giving away information, either about supporters or colleagues, especially over the phone, through “social engineering”.
Servoca Secure Solutions will regularly review its procedures for ensuring that its records remain accurate and consistent and, in particular:
- ICT systems will be designed, where possible, to encourage and facilitate the entry of accurate data.
- Data on any individual will be held in as few places as necessary, and all staff and volunteers will be discouraged from establishing unnecessary additional data sets.
- Effective procedures will be in place so that all relevant systems are updated when information about any individual changes.
Staff who keep more detailed information about individuals will be given additional guidance on accuracy in record keeping.
Subject access requests must be in writing. All staff are required to pass on anything which might be a subject access request to the Data Protection Officer without delay.
All those making a subject access request will be asked to identify any branches or seasonal workers who may also hold information about them, so that this data can be retrieved.
Whenever data is collected, the number of mandatory fields will be kept to a minimum and Data Subjects will be informed which fields are mandatory and why.
Consent will normally not be sought for most processing of information about staff, with the following exceptions:
- Staff details will only be disclosed for purposes unrelated to their work for Servoca Secure Solutions (e.g. financial references) with their consent.
- Staff working from home, will be given the choice over which contact details are to be made public.
Servoca Secure Solutions will only carry out telephone marketing where consent has been given in advance, or the number being called has been checked against the Telephone Preference Service.
Whenever e-mail addresses are collected, any future use for marketing will be identified, and the provision of the address made optional.
Appendix A: Privacy statement
When you request information from Servoca Secure Solutions, sign up to any of our services or buy things from us, Servoca Secure Solutions obtains information about you. This statement explains how we look after that information and what we do with it.
We have a legal duty under the Data Protection Act to prevent your information falling into the wrong hands. We must also ensure that the data we hold is accurate, adequate, relevant and not excessive.
Normally the only information we hold comes directly from you. Whenever we collect information from you, we will make it clear which information is required in order to provide you with the information, service or goods you need. You do not have to provide us with any additional information unless you choose to. We store your information securely on our computer system, we restrict access to those who have a need to know, and we train our staff in handling the information securely.
Most of our services are delivered through our branches. We will pass your contact details to your local branch, so that they can let you know what activities are available in your area. If you have signed up to a class or other service we will also pass your details to the professional worker providing that service. The branch or sessional worker may hold additional information about your participation in local activities.
We would also like to contact you in future to tell you about other services we provide, and ways in which you might like to support Servoca Secure Solutions. You have the right to ask us not to contact you in this way. We will always aim to provide a clear method for you to opt out. You can also contact us directly at any time to tell us not to send you any future marketing material.
Very occasionally we carry out a joint mailing with carefully selected other organisations, in order to tell you about products and services we think you might be interested in. Again, you have the right to opt out of this.
You have the right to a copy of all the information we hold about you (apart from a very few things which we may be obliged to withhold because they concern other people as well as you). To obtain a copy, either ask for an application form to be sent to you, or write to the Data Protection Officer at Servoca Secure Solutions. There is a charge of £10 for a copy of your data (as permitted by law. We aim to reply as promptly as we can and, in any case, within the legal maximum of 40 days.
Appendix B: Confidentiality statement
When working for Servoca Secure Solutions, you will often need to have access to confidential information which may include, for example:
- Personal information about individuals who are supporters or otherwise involved in the activities organised by Servoca Secure Solutions.
- Information about the internal business of Servoca Secure Solutions.
- Personal information about colleagues working for Servoca Secure Solutions.
Servoca Secure Solutions is committed to keeping this information confidential, in order to protect people and Servoca Secure Solutions itself. ‘Confidential’ means that all access to information must be on a need to know and properly authorised basis. You must use only the information you have been authorised to use, and for purposes that have been authorised. You should also be aware that under the Data Protection Act, unauthorised access to data about individuals is a criminal offence.
You must assume that information is confidential unless you know that it is intended by Servoca Secure Solutions to be made public. Passing information between a branch and the UK office, or between Servoca Secure Solutions and a mailing house, or vice versa does not count as making it public, but passing information to another organisation does count.
You must also be particularly careful not to disclose confidential information to unauthorised people or cause a breach of security. In particular you must:
- not compromise or seek to evade security measures (including computer passwords);
- be particularly careful when sending information between the UK office and branches;
- not gossip about confidential information, either with colleagues or people outside Servoca Secure Solutions;
- not disclose information — especially over the telephone — unless you are sure that you know who you are disclosing it to, and that they are authorised to have it.
If you are in doubt about whether to disclose information or not, do not guess. Withhold the information while you check with an appropriate person whether the disclosure is appropriate.
Your confidentiality obligations continue to apply indefinitely after you have stopped working for Servoca Secure Solutions.
PoliciesHealth and Safety Policy Quality Policy Environmental Policy Modern Slavery Policy COVID-19 Statement Anti Bribery and Corruption Policy Complaints Procedure Corporate Social Responsibility Policy Data Protection Policy Accidents Procedure Equality & Diversity Policy Terms & Conditions Privacy Notice
Contact firstname.lastname@example.org 0845 073 7790
Servoca Secure Solutions Limited holds SIA Approved Contractor Scheme (ACS) status for the provision of Security Guarding & Key Holding
SSAIB certification can be verified at ssaib.org