Data Protection Policy 2018

1) Purpose & Scope

To ensure Regent Samsic are committed to processing personal information in accordance with the Data Protection Act 1998.

2) Responsibility

Data Controller

The Joint Managing Directors of Regent Samsic, have the role of data controller’s in relation to the processing of personal information by or on behalf of Regent Samsic.

The Joint Managing Directors has entrusted responsibility for day-to-day data protection matters to the Data Protection Officer.

The Data Protection Officer is responsible for: Compliance, Health & Safety Manager.

• preparing the annual notification to the Board of Directors and ensuring that the notification is amended during the year as any changes occur;
• providing guidance to staff on their responsibilities under the Data Protection Act and any specific procedures which they need to follow;
• co-ordinating responses to data subject access requests (except those received from current, former and prospective staff) and providing advice on the use of exemptions
• ensuring appropriate training is available to staff;
• ensuring that through monitoring, auditing and training we show a commitment to continually improve the PIM’s (personal information Management) of the business.
• monitoring complaints and auditing compliance with the Data Protection policy and procedures, reporting to the Management Team annually, and
• reviewing policy and procedures in the light of developing case law and experience.

The Human Resources Personnel are responsible for:

• responding to data subject access requests from current, former and prospective members of staff; and
• ensuring that staff are given an opportunity to update their personal details.

The Finance & IT department is responsible for:

• the security of the Regent Samsic network, including the protection of personal information held and processed on IT systems, from loss, damage, corruption or misuse.
• Informing the Data Protection Officer of any new processing of personal information within their office, including the development of information systems;
• disseminating guidance from the Data Protection Officer within their office;
• identifying potential data protection issues within their office and seeking guidance from the Data Protection Officer or Human Resources Office, as appropriate; and
• ensuring that personal information held in their office is processed in accordance with the eight data protection principles.

3) General

The Management Team will ensure that all personal information is processed in accordance with the eight Data Protection Principles, which state that personal information shall be:

• processed fairly and lawfully;
• processed only for specified, lawful and compatible purposes;
• adequate, relevant and not excessive;
• accurate and up to date;
• kept for no longer than necessary;
• processed in accordance with the rights of data subjects;
• kept secure; and
• transferred outside the European Economic Area only if there is adequate protection.

4) All Staff are responsible for:

• ensuring that they collect and process personal information in accordance with this policy and procedures;
• using Regent Samsic IT systems in accordance with the Information Technology Security Policy, and
• seeking guidance from the Data Protection Officer, as required.

5) Records

Hard copies of all HR related documentation are kept and stored in line with clause 7.5 of ISO 9001:2015 requirements. – IMS.06 Document Control and Document Retention