Data Protection and Processing Policy (May 14 2018 rev)
The purpose of this policy is to outline the Company’s policy regarding the processing, protecting and maintaining of data, both of ScreenLondon Services(2010) Limited employee’s and Client information.
We will hold and process personal data in accordance with the Data Protection Act, the General Data Protection Regulation (Regulation (EU) 2016/679) and any other applicable laws and regulations relating to the processing of personal data and privacy, including any applicable guidance and codes of practice issued by the Information Commissioner’s Office or any other relevant supervisory authority.
The purpose of which is to protect the rights and privacy of individuals, and to ensure that data about them are not processed without their knowledge.
The Act and subsequently this policy applies to electronic and paper records held in structured filing systems containing personal data. It also covers data held on all clients, employees and contractors of the Company.
For the purposes of this policy we are primarily concerned with personal data, which could fall under the Data Protection Act (DPA), the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), and commercially sensitive data, which may not have legal repercussions under the DPA and GDPR but could have commercial consequences.
Description of processing
The following is a broad description of the way this organisation/data controller processes personal information. To understand how your own personal information is processed you may need to refer to any personal communications you have received, check any privacy notices the organisation has provided or contact the organisation to ask about your personal circumstances.
Reasons/purposes for processing information
We process personal information to enable us to provide a service to our clients; manage and support our employees, maintain our own accounts and records and to advertise and promote our services.
We never share information with third parties for marketing purposes.
Type/classes of information processed
We process information relevant to the above reasons/purposes. This may include:
- personal details
- family details
- education and employment details
- financial details
- sales and marketing
- goods and services
We also process sensitive classes of information that may include:
- trade union membership
Who the information is processed about
We process personal information about:
- prospective clients
- suppliers and service providers
- professional advisers, consultants
Who the information may be shared with
We sometimes need to share the personal information we process with the individual themself and also with other organisations. Where this is necessary we are required to comply with all aspects of the Data Protection Act (DPA), the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.
Where necessary or required we share information with
- the person whose personal data we are processing
- current, past or prospective employers
- suppliers and services providers
- business associates and professional advisers
- financial organisations
- credit reference agencies
- debt collection and tracing agencies
- educators and examining bodies
- employment and recruitment agencies
- central government
Crewing, Consulting and advisory services
Information is processed for Crewing, Consultancy and advisory services that are offered. For this reason the information processed may include name, contact details, family details, financial details, and the goods and services provided. This information may be about customers and clients. Where necessary this information is shared with the data subject themselves, business associates and other professional advisers, current, past or prospective employers and service providers.
CCTV for crime prevention
CCTV is used for maintaining the security of property and premises and for preventing and investigating crime, it may also be used to monitor staff when carrying out work duties. For these reasons the information processed may include visual images, personal appearance and behaviours. This information may be about staff, customers and clients, offenders and suspected offenders, members of the public and those inside, entering or in the immediate vicinity of the area under surveillance. Where necessary or required this information is shared with the data subjects themselves, employees and agents, services providers, police forces, security organisations and persons making an enquiry.
It may sometimes be necessary to transfer personal information overseas. When this is needed any transfers made will be in full compliance with all aspects of the data protection act.
Sales and Marketing
We conduct all research into prospective clients from publicly available sources such as company websites or social media profiles.
We do not buy lists from third parties or transfer them to third parties.
We also maintain a database of clients and collaborators on a project where there is a customer relationship or details have been captured in the course of a negotiation for a sale or service, as we work on a repeat basis with many clients, and often the first client enquiry is not that which results in us working with a client.
Our marketing is targeted to particular profiles of people that have in the past been clients of the firm so under data protection legislation, we may believe we can demonstrate that we have a legitimate interest in using data for some marketing purposes.
For all segments of our database we have completed a Legitimate Interest Audit (LIA)
You always have a choice as to if you wish to not receive some or all marketing or sales related correspondence.
The Company and all staff are committed to fully complying with the principles set out in the Data Protection Acts.
Accordingly, all data will be:
- fairly and lawfully processed;
- processed for limited purposes and not in any manner incompatible with those purposes;
- adequate, relevant and not excessive;
- not kept for longer than is necessary;
- processed in line with the data subject’s rights;
- secure; and
- not transferred to countries without adequate protection.
Your personal data is protected by legal rights, which may include your right to:
object to our processing of your personal data;
request that your personal data is erased or corrected;
request access to your personal data.
For more information or to exercise your data protection rights please contact us in writing or email
NB – If you wish to request access to your personal data we are required to ask you to supply proof of your identity.
Our data protection contact email
You also have a right to complain to the Information Commissioner’s Office which regulates the processing of personal data. For more information please visit: www.ico.org.uk