GDPR Policy
Processing your personal data securely
Company Name: BLEEP 360 Limited (“the Company”)
Policy Name: General Data Protection Regulation Policy
Date: 16th May 2018
Version: 1
Bleep 360 Ltd Companies are committed to protecting and respecting our candidate’s, clients, and employee’s privacy. With the upcoming General Data Protection Regulation (GDPR) coming into place, we have devised a process to ensure that all staff members of Bleep 360 are trained and fully competent in upholding the requirements of this law.
Internal Process
Bleep 360 provided training via healthier business to all internal staff to ensure there is a better understanding of this legislation and to ensure everyone is aware of their responsibilities.
Internal staff data are securely stored on Sage Payroll software. A password is required to access this data and this password is only held by authorised personnel. All data is backed up daily on the cloud and dedicated server storage which aids in recovering the data in the unlikely event of a fail in infrastructure.
Internal staff data held are name, home address, personal email address, NI number, bank details, HMRC letters confirming changes in tax code, next of kin details, signed contract of employment, letters confirming disciplinary action, salary increases, offer letters, changes in contractual terms, annual leave records, 48 hour opt-outs, payslips, sickness records, NEST pension records, SMP/SPP/SAP records. This is held for current employees and will be held for historic employees for the retention periods legally required.
Date will be held for 6 years for contracts of employment; 2 years for annual leave and 48 hour opt-out records; 3 years for pay data; 3 years from end of tax year for sickness records and SMP/SPP/SAP; 6 years for auto-enrolment pensions records (4 years for the opt-outs).
There are allocated processers and controllers to guarantee documents held are only assessable and processed by those with legitimate business reasons. Any breach of data security will be reported to the data protection authorities within 72 hours by the controllers. Breaches including near misses will all be recorded internally by the allocated controllers.
Subcontractor Process
All subcontracts within Bleep 360’s database went emailed our privacy notice. The privacy notice is fully transparent to guarantee all our subcontractors are fully aware of how their personal/sensitive data are stored, processed and of any third parties these may need to be sent to for employment purposes.
Bleep 360 obtains signed consent also detailing how subcontractor’s data are used during registration stage. If additional consent is required all subcontractors are informed and consent gained prior to any sharing of data.
Third Parties
All requests received by third parties are addressed at all times. Data are only shared with the receipt of signed consent and at times additional email consent from our subcontractors. All documents sent outside of the business are password protected and passwords are controlled by persons with legitimate business reasons to do so.