It is John Stacey & Sons Ltd company policy to take all necessary steps to ensure that all personal data, held by the company about employees, customers and suppliers is processed fairly and lawfully. John Stacey & Sons Ltd will take all necessary steps to implement GDPR.
We are required, under the new GDPR legislation, to notify you of the information we hold on you and what it is used, by us, for.
Personal data, including name, title, telephone numbers, next of kin, gender, date of birth and address.
Information including NI number, bank details, earnings, HR notes, letters, training history and certificates held, ID, information about your health, accident and incident reports, drugs and alcohol results and criminal offences.
Customers and Suppliers
Company name, trading name, first name and last name.
Contact details, telephone number, email addresses, fax and mobile numbers.
Invoice address and delivery addresses.
Insurance documents, quotes, orders, invoices and credit notes.
Payment details, payment history and bank details.
This information is collected from you as an employee, customer or supplier. Should you choose not to provide the necessary information we require, this could result in us not meeting our obligations.
What the information is used for
To run our business in an efficient manner.
How long is the information kept
We will keep your information as long as necessary for us to fulfil our legal and business requirements. This information is held purely to fulfil all contracts of employment and maintain our trading relationships and general communication.
We will not share this information with anyone who is not involved in our business.
How is the information stored
All data is stored on password protected servers and is backed up by secure back up procedures using up to date security software and IT protection which contains a firewall.
If you consent to us holding your information then no further action is required.
To withdraw your consent please contact us in writing.
The internet is not a secure means of sending personal information. Therefore, we cannot accept responsibility for any unauthorised access resulting in a loss of information, if it is beyond our control.
Monitoring and review
This statement is effective from 25 May 2018.
These are reviewed on a regular basis and may be subject to change as the company grows.
This policy can be found on our website: www.john-stacey.co.uk.
K A Brown