BJB Motor Company Limited (BJB) - Data Protection Act 1998 Policy & Procedures

Similar documents
European College of Business and Management Data Protection Policy

Data Protection Act 1998 Policy

Mannofield Parish Church. Registered Scottish Charity No: SC (the Congregation ) Data Protection Policy

DATA SHARING AND PROCESSING

Port Glasgow St Andrew s Data Protection Policy

Data Protection Policy

to the Government Gazette of Mauritius No. 14 of 14 February 2009

How we use Personal Information

- and - OPINION. Reasons

BACKGROUND INFORMATION

Data Protection Policy and Procedure

Staff Data Protection Policy

SUBSIDIARY LEGISLATION DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) REGULATIONS

Memorandum of Understanding. between. HM Land Registry. and. Solicitors Regulation Authority (SRA)

Data Protection Policy

How we use Personal Information

DATA PROTECTION POLICY STATUTORY

Policies and Procedures

AIA Australia Limited

PRIVACY POLICY. 1. OVERVIEW MEGT is committed to protecting privacy and will manage personal information in an open and transparent way.

GENERAL PROTOCOL FOR SHARING INFORMATION BETWEEN AGENCIES IN KINGSTON UPON HULL AND THE EAST RIDING OF YORKSHIRE

Privacy Policy. This Privacy Policy sets out the Law Society's policies in relation to the management of Personal Information.

Guidance on Telecommunications Directories Information Covering the Fair Processing of Personal Data

Guidelines on the Safe use of the Internet and Social Media by Police Officers and Police Staff

Charities & Not-for-Profits Overview of Data Protection Law

Privacy. Purpose. Scope. Policy. Appendix A

Identity Checking Form. UKHQ, England, Wales and British Scouting Overseas roles only

SCHEDULE Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

Access to Personal Information Procedure

Manual on the Communications (Retention of Data) Act 2011

Data Protection. Policy & Procedure. Greater Manchester Police

Data Protection Policy

Privacy in relation to VET Student Loans

The position you have applied for is exempt from the Rehabilitation of Offenders Act 1974 (as amended in England and Wales).

PRIVACY Policy. 1. Policy Statement. 2. Purpose. 3. Policy

Canadian Anti-Doping Program Privacy and Personal Information Policy. processed by the CCES in the course of administrating and implementing the CADP.

Antrobus Parish Council Personal Data Management and Audit Policy 1

TekSavvy Solutions Inc.

Data Protection Act 1998

A Legal Overview of the Data Protection Act By: Mrs D. Madhub Data Protection Commissioner

GUIDELINES FOR THE USE OF ELECTORAL PRODUCTS

PRIVACY POLICY DOT DM Corporation Commonwealth of Dominica cctld (.dm)

ELECTRONIC COMMUNICATIONS AND TRANSACTIONS ACT, ACT NO. 25 OF 2002 [ASSENTED TO 31 JULY 2002] [DATE OF COMMENCEMENT: 30 AUGUST 2002]

SIMON READHEAD Q.C. PRIVACY NOTICE

Aviation Security Identification Card (ASIC) Application Form S002

Regulations for the consideration of criminal convictions for students on courses leading to professional registration

European Data Protection Supervisor Transparency in the EU administration: Your right to access documents

16 March Purpose & Introduction

Law Enforcement processing (Part 3 of the DPA 2018)

[To be published in THE GAZETTE OF INDIA, EXTRAORDINARY, Part II, Section 3, Sub-section (i) of dated the , 2011]

University of Wollongong

The Freedom of Information (Jersey) Law, 2011

PROCEDURE (Essex) / Linked SOP (Kent) Data Protection. Number: W 1011 Date Published: 24 November 2016

North Yorkshire County Council. Subject Access Request Guidance and Procedure. Data Protection Act 1998

MERITOCRACY PRIVACY POLICY. Updated on March 27, 2017.

MEMORANDUM OF UNDERSTANDING

PERSONAL INFORMATION PROTECTION ACT

Aviation Security Identification Card (ASIC) Application Form S002

standards for appropriate ethical, responsible and professional behaviours

PERSONAL INFORMATION PROTECTION ACT

closer look at Rights & remedies

Federal Act on Data Protection (FADP) Section 1: Aim, Scope and Definitions

Purpose specific Information Sharing Agreement. Community Safety Accreditation Scheme Part 2

The Ministry of Technology, Communication and Innovation and The Data Protection Office. Workshop On DATA PROTECTION ACT 2017

This policy sets out how we collect, use, disclose and protect personal information which we have collected or acquired.

IDENTITY CHECKING FORM

TECHNOLOGY AND DATA PRIVACY. Investigative Powers of the Data Protection Commissioner. by Peter Bolger, Jeanne Kelly

Foreshore Development (Amendment) Act 2013

Privacy policy. 1.1 We are committed to safeguarding the privacy of our website visitors.

Please Note We Cannot Accept Cash Payments

A closed circuit television system is used at the Memorial Hall by the Parish Council.

CHAPTER I. Definitions

Consolidated text PROJET DE LOI ENTITLED. The Data Protection (Bailiwick of Guernsey) Law, 2001 * [CONSOLIDATED TEXT] NOTE

Brussels, 16 May 2006 (Case ) 1. Procedure

Notley High School & Braintree Sixth Form

CCTV CODE OF PRACTICE

DATA PROTECTION (JERSEY) LAW 2005

Page1. Employment of Ex- Offenders. Issue Date 01/01/2017 Issue 1 Document No: 105 Uncontrolled when copied

Data Protection Policy FRONTIER CAMPS DATA PROTECTION POLICY. 1. Appointed Persons

General Rules on the Processing of Personal Data SCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)...

The installation of CCTV can provide information on activities at the Water,

Disclosure Barring Service (DBS) Checks & Employing Ex-offenders

APPLICATION FOR A SCRAP METAL LICENCE (under Scrap Metal Dealers Act 2013)

EDEN HOUSING ASSOCIATION LIMITED DISCLOSURE AND BARRING SERVICE (DBS) POLICY

FORM MN1 APPLICATION FOR REGISTRATION OF A CHILD UNDER 18 AS A BRITISH CITIZEN

Consolidated text PROJET DE LOI ENTITLED. The Data Protection (Bailiwick of Guernsey) Law, 2001 [CONSOLIDATED TEXT] NOTE

QRME Australian Privacy Principles (APP) Policy

The Privacy Policy links to the following Objective contained within the City Plan

Data Protection. Guidance for Schools

DATA MATCHING AGREEMENTS ACT 1 B I L L

Sexual Assault Survivors DNA Justice Act

STUDENT DISCIPLINARY PROCEDURES MAY 2009 CM

Data Protection Policy

NATIONAL VETTING BUREAU BILL 2011 PRESENTED BY THE MINISTER FOR JUSTICE, EQUALITY AND DEFENCE

Data Protection Policy

FA2 - Individual Approval Application Form

Obtaining consent from the NCA under Part 7 of the Proceeds of Crime Act (POCA) 2002 or under Part 3 of the Terrorism Act (TACT) 2000

INFORMATION SHARING AGREEMENT This document is NOT PROTECTIVELY MARKED

ARTICLE 29 DATA PROTECTION WORKING PARTY

THE DATA PROTECTION BILL (No. XIX of 2017) Explanatory Memorandum

Transcription:

BJB Motor Company Limited (BJB) - Data Protection Act 1998 Policy & Procedures Version History and Document Approval Version History: Version Date Author Reason 1.0 31 st December 2017 Barry Wilson Document Approval: Status Name Date Reviewed: Barry Wilson 15 th January 2018 Approved: Barry Wilson 15 th January 2018

1. Policy Statement BJB Motor Company Limited takes the issue of compliance with the Data Protection Act very seriously and is committed to ensuring all activities carried out by the company and its employees adhere to the principles set out in the Act. All members of staff will receive full training in respect of the Act to ensure they are made aware of their obligations and responsibilities when processing personal data. 2. Background The Act The Data Protection Act first came into force in 1984, and was later amended in 1998 to form the legislation in use today. The main purpose of the Act is to protect the personal data of living individuals, and ensure that it is handled fairly and properly. It also provides individuals with the right to access personal data that is held in both computer and paper based records. This is done through setting out eight Data Protection Principles that must be adhered to when dealing with personal data; these are that Personal Data must be: fairly and lawfully processed; processed for the specified purposes; adequate, relevant and not excessive; accurate and, where necessary, kept up to date; not kept for longer than is necessary; processed in line with the rights of the individual; kept secure; and not transferred to countries outside the European Economic Area unless the information is adequately protected. It was in 1998, that an amendment to the Act led to the establishment of the Information Commissioners Office, which was given the responsibility of enforcing the Data Protection Act. It gained extensive legal powers allowing it to investigate and prosecute any individual, employee or organisation that it found to be in breach of the Act, with many facing significant fines, a criminal record and imprisonment. 3. Use of Personal Data BJB Motor Company Limited will use individual s personal data for consumer credit advice and recommendations, including subsequent contact points with the customer for marketing and information holding purposes. 4. Associated Legislation The Information Commissioners Office does cover other areas of legislation including: Freedom of Information Act 2000 Environmental Information Regulations 2004 Privacy and Electronic Communications Regulations 2003 As BJB Motor Company Limited is not a publicly owned company, there is no legal requirement for it to comply with the Freedom of Information Act or the Environmental Information Regulations. BJB Motor Company Limited does not partake in unsolicited direct marketing by any electronic means to individuals; it does directly market the sale of consumer finance and/or insurance products via telephone / email however this is with the express consent of the customer. Therefore there is no

requirement for BJB Motor Company Limited to comply with the Privacy and Electronic Communications Regulations. 5. Definitions Data Data refers to any information that can be held as a record. For BJB Motor Company Limited this would include all information that is held in our own records, whether it be electronic or as part of the paper filing system. Personal Data Personal Data refers to any information relating to a living individual, who can be identified from that information. This also includes any expression of opinion and indications of intentions in relation to the individual by BJB Motor Company Limited or any other person. This therefore would cover all information regarding Customers and Applicants but not information specific to Motor Vehicles. Sensitive Data Sensitive Data refers to personal data consisting of information such as:- the racial or ethnic origin of the data subject; their political opinions; their religious beliefs or other beliefs of a similar nature; whether they are a member of a trade union (within the meaning of the Trade Union and Labour Relations (Consolidation) Act 1992); their physical or mental health or condition; their sexual life; the commission or alleged commission by them of any offence; or any proceedings for any offence committed or alleged to have been committed by them, the disposal of such proceedings or the sentence of any court in such proceedings. Processing Processing refers to how the data is used. This would include, the obtaining of information at the initial application stage, recording it onto BJB Motor Company Limited s system and deleting the information after the retention period has expired. Data Subject Data Subject refers to a living individual who is the subject of personal data. This would cover all customers who are individual people but not companies or businesses of any form. Data Controller Data Controller refers to Barry Wilson, who decides how any personal data is processed or used. Data Processor Data Processor refers to a person or organisation that processes or uses personal data on behalf of the data controller. This would for example be a Credit Reference Agency or a Collections Agent, who would be using information on behalf of BJB Motor Company Limited. Recipient Recipient refers to any person or organisation to which data is disclosed from the data controller. This would for example be a Credit Reference Agency or Police Officer who have received information from BJB Motor Company Limited. Third Party

Third party refers to any person other than the data subject, the data controller, or any data processor or other person authorised to process data for the data controller or processor. 6. Security of Personal Data 6.1. Clear Desk Policy BJB Motor Company Limited operates a Clear Desk Policy that ensures all personal information is stored securely when not in use by employees. This applies to all personal information that is in hard copy. 6.2. Disposal of paper Records When disposing of paperwork that contains personal information it is essential that it is disposed of securely to ensure that there is not a security breach once the documentation has left the premises. To prevent such a breach occurring, we ensure any paperwork is securely shredded when no longer required. 6.3. Computers & Passwords All BJB Motor Company Limited systems and profiles are password- protected for each individual user that has access to them. 7. Data Retention As specified in the data protection principles, BJB Motor Company Limited will not keep data for longer than necessary. All personal data will be held for the minimum time necessary whilst ensuring compliance with its legal obligations. 8. Customer Communication When communicating with customers via telephone, the only information we disclose is the personal information relating specifically to you. We will perform sufficient identity checks with customers we are speaking with before referring to any personal information. This applies to both incoming and outgoing calls. 8.1. The identity checks involve the individual confirming a minimum of three items of personal information held on the system. These items can include any combination of: Full Forename & Surname Date of Birth First Line of Current Address & Postcode Bank account number and sort code Home telephone number Any password that has previously been arranged Vehicle Registration Number This list is not exclusive, but is meant as an example of what items of personal information can be requested. To minimise the risk of a data protection breach, we limit the amount of personal data given out when speaking to a customer over the phone and if possible attempt to provide any further information to the customer in writing. 9. Requests for the Disclosure of Personal Data 9.1. Subject Access Requests Any individual customer whose personal data is held by BJB Motor Company Limited in its role as a Data Controller has the right to access the data, to be told for what purpose it is being held and to whom it may be disclosed. To access their personal data, an individual is required to make a Subject Access Request to the Data Controller, enclosing a fee, which for BJB Motor Company Limited is 10. Upon receiving this request and fee, we are required to respond within forty days; otherwise we will be in breach of the Act. 9.2. Law Enforcement Agencies

There are a number of exceptions contained within the Data Protection Act that recognise the need for the disclosure of personal data when it is in the public interest, which otherwise may be in breach of the Act. An example of this would be for the purposes of preventing crime and taxation fraud, which can be used by Law Enforcement Agencies to aid them in their investigations. These agencies include the Police, NCA, HM Revenue & Customs and the Department of Work & Pensions. 10. Information Commissioners Office Notification Notification is the process by which a Data Controller informs the Information Commissioner of certain details about their processing of personal information. These details are used by the Information Commissioner to make an entry describing the processing in a register that is available to the public for inspection. The principal purpose of having notification and the public register is transparency and openness. It is a basic principle of data protection that the public should know (or should be able to find out) who is carrying out the processing of personal information, as well as other details about the processing (such as the reason it is being carried out). 11. Staff Awareness and Training It is vital that BJB Motor Company Limited staff understand the importance of protecting personal data; that they are familiar with the organisation s security policy; and that they put its security procedures into practice. We provide appropriate initial and refresher training and this covers: BJB Motor Company Limited s duties under the Data Protection Act and restrictions on the use of personal data The responsibilities of individual staff members for protecting personal data, including the possibility that they may commit criminal offences if they deliberately try to access, or to disclose, information without authority The proper procedures to use to identify callers The dangers of people trying to obtain personal data by deception (for example, by pretending to be the person whom the information is about or by making phishing attacks) or by persuading you to alter information when you should not do so Any restrictions BJB Motor Company Limited places on the personal use of its computers by staff (to avoid, for example, virus infection or spam) The Data Protection Act requires BJB Motor Company Limited as an organisation, to take reasonable steps to ensure the reliability of any staff who have access to personal data. 12. Complaints All complaints and potential breaches relating to the Data Protection Act must be referred to the Managing Director.

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback