GDPR
AS TRAINING LTD is committed to a policy and working culture of protecting the rights and privacy of all individual students, organisations and employees in accordance with the Data Protection Act 1998.
The policy applies to all staff at our Centre and any associate staff working for us.
Any breach of the Data Protection Act 1998 is considered to be subject to disciplinary action .
As a matter of good practice any individual or organisation carrying out work with AS TRAINING LTD and have access to personal information will be made aware of our policy and working requirements and be expected to comply. All staff who deal with external customers or suppliers or the public will be expected to take responsibility to ensure data protection and sign to confirm they agree
LEGAL REQUIREMENTS
All personal information is now protected via the Data Protection Act 1998 whose purpose is to protect the rights and privacy of individuals and organisations associated with AS TRAINING LTD and that all information processed is with the individuals or organisations knowledge and consent
MANAGING DATA PROTECTION
We will ensure that our details are registered with the INFORMATION COMMISSIONER (Registration Reference A1024187)
Purpose that information is held by AS TRAINING LTD
Data could be held by us for the following reasons:
- Staff personal information e.g CV etc
- Education and training of students
Data Protection Principles #
In terms of the Data Protection Act 1998, we are the “data controller” and as such determine the purpose for which and the manner in which any PERSONAL DATA are used or processed and therefore we ensure that we have:
- Fair and lawful processed personal data will always have our company logo stating the intention of the data and why processing it .Also an indication of how long data can be kept
- Processing for limited purpose – We will use data only for the purpose it was agreed upon .If the data held is requested by a third party this will only be done with the students consent. Third part organisations must agree not to copy the data for further use and sign agreement ref: the Data Protection Act 1998.
- Adequate, relevant and not excessive – AS TRAINING LTD will monitor the data held and ensure we hold neither too much for our purposes and if so unwanted data will be deleted
- Accurate and up to date – We will provide all staff and customers with a copy of their data annually to allow for updating where required. All amendments will be made immediately and out of date data destroyed. Individuals will be requested to inform us of any changes during the year.
- Not kept longer than necessary – Retention of unwanted data will be discouraged and all personal data when not required will be deleted or destroyed after completion of any training by AS TRAINING LTD
- Processed in accordance with the individuals Rights – all individuals that AS TRAINING LTD hold information on , have the right to:
- Be informed upon the request of all information held about them within 40 working days
- Prevent the processing of their data for the purpose of DIRECT MARKETING
COMPENSATION if they can show they have been caused damage by any contravention of the Act
The removal and correction of any inaccurate data
Security
Appropriate technical or organisational measures and controls will be taken against any unauthorised or unlawful processing of personal data and against accidental loss or destruction of data
All computers used by AS TRAINING LTD are allocated a secure log in system with our Contact Data Base PASSWORD PROTECTED, allowing only authorised staff to access data.
Passwords on all computers are changes every 6 months.
Visual access to all computers is restricted and visitors to the office and kept away from the computer working area
All staff are instructed to switch off their computers when leaving the work station and place of work at night
All hard copy information is kept in a lockable cabinet with restricted access (Identified key holders)
Not transferred to countries outside the European economic area , unless the country has adequate data protection systems.
Data will not be transferred to countries outside the EEC without explicit consent of the individual
GDPR
All Staff are trained in the requirements of GDPR