Data Protection Policy
Data Protection is an issue Clean Slate Training & Employment (CSTE) takes very seriously and this policy is closely tied to our Confidentiality Policy. Beyond compliance, we aim to observe best practice to protect and reassure our various contacts and customers. In short, we commit to procedures that protect sensitive data at all times with password encrypted files, secure cloud-based record-keeping, and files that are regularly reviewed, updated and, if necessary, deleted.
Our Data Protection Policy refers to our commitment to treat information about employees, customers, stakeholders and other interested parties with the utmost care and confidentiality. Through this policy, we will ensure that we gather, store and handle data fairly, transparently and with respect towards individual rights. It is presented to all staff and volunteers as part of the induction and is available to customers and stakeholders upon request.
SCOPE
This policy refers to all parties (employees, job candidates, customers, suppliers etc.) who provide any amount of information to us. Employees of our company must follow this policy. Contractors, consultants, partners and any other external entity are also covered. Generally, our policy refers to anyone we collaborate with or who acts on our behalf and may need occasional access to data.
GENERAL
As part of our operations, we need to obtain and process information. This information includes any offline or online data that makes a person identifiable such as names, addresses, usernames and passwords, digital footprints, photographs, social security numbers, financial data etc.
Our company collects this information in a transparent way and only with the full cooperation and knowledge of interested parties. Once this information is available to us, the rules below apply.
Our data will be:
- Accurate and kept up-to-date
- Collected fairly and for lawful purposes only
- Processed by the company within its legal and moral boundaries
- Protected against any unauthorized or illegal access by internal or external parties
- Made available only to individuals with a legitimate reason to see and use it
- Within a reasonable timescale, accessible to individuals to whom the data relates
- Largely kept electronically and paper files will be held securely
Our data will not be:
- Communicated informally
- Stored for more than a specified amount of time or longer than it is needed
- Transferred to organisations, states or countries that do not have adequate data protection policies
- Distributed to any party other than the ones agreed upon by the data’s owner (exempting legitimate requests from law enforcement authorities)
In addition to ways of handling the data the company has direct obligations towards people to whom the Data belongs. We will:
- Be transparent so people know which of their data is collected
- Provide information to people about how we’ll process their data
- Be clear about who has access to their information
- Have provisions in cases of lost, corrupted or compromised data
- Allow people to request that we modify, erase, reduce or correct data contained in our databases
DATA WE KEEP
CSTE currently keeps data for the following purposes:
- Bookkeeping, raising/ paying invoices, administrating tax, etc
- Communications with all stakeholders including customers, suppliers and consultants
- Sales, marketing and general trading purposes
- To ensure good governance of the business and to comply with legal requirements
- To ensure CSTE delivers its social purposes as a social enterprise
- Personnel, checking references and monitoring equal opportunities, and emergency contact details
Data subjects include:
- Members, directors, consultant workers (staff, in future)
- Customers who have traded with CSTE and prospective customers
- Suppliers who have provided (or may provide) products and services to CSTE
- End users of products, eg, magazine readers and subscribers to online services
The kinds of details we keep are:
- Contact and other personal details
- Personnel information such as application details, training and personal development information
- Information on gender, race, health conditions, offences/criminal record
- Payroll information
- Accountancy information such as charges made to customers and charges paid to suppliers
Some information is made available to the following bodies:
- People whose data the company holds
- HMRC, Companies House and other government and legal authorities
- Staff and managers who need to see information to undertake their duties for CSTE
- The company’s accountant and, when appropriate, legal advisors
- Funders who have a legitimate need to see evidence of activities
ACTIONS
To exercise Data Protection we will:
- Restrict and monitor access to sensitive data
- Develop transparent data collection procedures
- Train employees in online privacy and security measures
- Build secure networks to protect online data from cyberattacks
- Establish clear procedures for reporting privacy breaches or data misuse
- Include contract clauses or communicate statements on how we handle data
- Establish data protection practices (document shredding, secure locks, data encryption, frequent backups, access authorization etc.)
- Publicise our data protection provisions our website
Disciplinary Consequences
All principles described in this policy must be strictly followed. A breach of data protection guidelines will invoke disciplinary and possibly legal action.
GDPR
Clean Slate Training & Employment has taken steps to become compliant with the new General Data Protection Regulations enforced in May 2018.
Our data processing is compliant with the lawful basis of ‘Consent’. As the law specifies, we “can show that an individual has performed a clear affirmative action to allow [us][ to process their personal data for a specific purpose”.
As of March 2018 all of our electronic communications request affirmative action in order to continue receiving contact from Clean Slate Training & Employment. Following the implementation date of GDPR of 25th May 2018, we have removed personal contact details for people who have not provided consent from our databases.
Individuals who choose to sign up to Clean Slate Training & Employment’s communications in person at an event or similar via paper sign up, will be required to indicate their consent to be contacted before we add the individual to our database.
Via our digital marketing platform (Mailchimp) all of our contacts have the right to access, rectify, restrict and erase their data. Contacts also have the right to object to any communication via clearly indicated contact methods with Clean Slate Training & Employment's staff.
Clean Slate Training & Employment ensures that contacts can exercise the right to be in informed about the use of their data via clearly labelled disclaimers at the point providing personal data.
Any individual whose data we hold but whose data is not held in a mailing list, may exercise any of their rights above, by contacting Clean Slate Training & Employment directly through clearly signposted methods on cleanslateltd.co.uk and our enterprise sites and literature.