Privacy Policy
Wasdell Group is registered under the Data Protection Act.
General Statement of Wasdell Group`s Duties and Scope
The wasdell Group is required to process relevant personal data regarding members of staff, and customers as part of its operation and shall take all reasonable steps to do so in accordance with this Policy.
Data Protection Controller
The Wasdell Group has not appointed a Data Protection Controller (DPC) The Group will endeavour to ensure that all personal data ( controlled Manually by Accounts) is processed in compliance with this Policy and the Principles of the Data Protection Act 1998. The Freedom of Information Act 2000 and the Protection of Freedoms Act 2012 are also relevant to parts of this policy. The Wasdell Group recognises The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) adopted 27 April 2016, the two-year transition period and the application date of 25 May 2018 and is actively working towards compliance with that directive.
The Principles
The Wasdell Group shall so far as is reasonably practicable comply with the Data Protection Principles (the Principles) contained in the Data Protection Act to ensure all data is:-
- Fairly and lawfully processed
- Processed for a lawful purpose
- Adequate, relevant and not excessive
- Accurate and up to date
- Not kept for longer than necessary
- Processed in accordance with the data subject’s rights
- Secure
- Not transferred to other countries without adequate protection
Data Protection Policy 2018
Definitions
- The Wasdell Group, includes Wasdell Packaging Burnley (Qualiti Burnley), Wasdell
- Manufacturing and Wasdell Technical (Vineham Engineering) and affiliated bodies where the Data Protection Act applies
- Data Subject, an individual who is the subject of the personal data.
Personal Data
Personal data covers both facts and opinions about an individual where that data identifies an individual. For example, it includes information necessary for employment such as the member of staff’s name and address and details for payment of salary or attendance record. Personal data may also include sensitive personal data as defined in the Act.
Processing of Personal Data
Consent may be required for the processing of personal data unless processing is necessary for the performance of the contract of employment. Any information which falls under the definition of personal data and is not otherwise exempt, will remain confidential and will only be disclosed to third parties with appropriate consent. Employees consent to process their data and disclose it to the company is implicit. If an employee wishes to revoke or change consent they must agree a specific agreement on how their data is to be processed with the data processor. In some cases specific organisations may publish a detailed privacy policy relating to their services, for example:- GDPR Compliance Statement
Use of those services indicates acceptance and may grant additional consent as to how the Wasdell Group may process personal data. The Wasdell Group processes some personal data for direct marketing, data subjects have the right to request an opt-out to these activities, which must be respected.
Sensitive Personal Data
The Wasdell Group may, from time to time, be required to process sensitive personal data. Sensitive personal data includes data relating to medical information, gender, religion, race, sexual orientation, trade union membership and criminal records and proceedings.
Rights of Access to Information
Data subjects have the right of access to information held by the Wasdell Group, subject to the provisions of the Data Protection Act 1998 and the Freedom of Information Act 2000. Any data subject wishing to access their personal data should put their request in writing to the DPC. The Wasdell Group will endeavour to respond to any such written requests as soon as is reasonably practicable and in any event, within 40 days for access to records and 21 days to provide a reply to an access to information request. The information will be imparted to the data subject as soon as is reasonably possible after it has come to the Wasdell Groups attention and in compliance with the relevant Acts.
Exemptions
Certain data is exempted from the provisions of the Data Protection Act which includes the following:-
- National security and the prevention or detection of crime
- The assessment of any tax or duty
- Where the processing is necessary to exercise a right or obligation conferred or imposed by law upon the Wasdell Group, including Safeguarding and prevention of terrorism and radicalisation
The above are examples only of some of the exemptions under the Act. Any further information on exemptions should be sought from the DPC.
Accuracy
The Wasdell Group will endeavour to ensure that all personal data held in relation to all data subjects is accurate. Data subjects must notify the data processor of any changes to information held about them. Data subjects have the right in some circumstances to request that inaccurate information about them is erased. This does not apply in all cases, for example, where records of mistakes or corrections are kept, or records which must be kept in the interests of all parties to which they apply.
Enforcement
If an individual believes that the Wasdell Group has not complied with this Policy or acted otherwise than in accordance with the Data Protection Act, the member of staff should utilise the Wasdell Groups grievance procedure found in the staff handbook and should also notify the DPC.
Data Security
The Wasdell Group will take appropriate technical and organisational steps to ensure the security of personal data.
All staff will be made aware of this policy and their duties under the Act.
The Wasdell Group and therefore all employees are required to respect the personal data and privacy of others and must ensure that appropriate protection and security measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to all personal data.
An appropriate level of data security must be deployed for the type of data and the data processing being performed. In most cases, personal data must be stored in appropriate systems and be encrypted when transported offsite. Other personal data may be for publication or limited publication within the Wasdell Group, therefore having a lower requirement for data security.
Attention is also drawn to the existence of the SB-POL1 Email, internet and company Network Policy, which provides more specific information on digital data protection within the policy, and best practice
External Processors
The Wasdell Group must ensure that data processed by external processors, for example, service providers, Cloud services including storage, web sites etc. are compliant with this policy and the relevant legislation. This has been reviewed and all web site access tested for Ethical hacking and potential attack
External Processors / Ethical Hacking and Cyber Security
Secure Destruction
When data held in accordance with this policy is destroyed, it must be destroyed securely in accordance with best practice at the time of destruction.
Retention of Data
The Wasdell Group may retain data for differing periods of time for different purposes as required by statute or best practices, individual departments incorporate these retention times into the processes and manuals. Other statutory obligations, legal processes and enquiries may also necessitate the retention of certain data. The Wasdell Group stores customer data in a secure SQL database, customer delivery data is stored in the database against individual customer orders, so it is less likely to be have a data breach
GDPR Compliance Statement
The General Data Protection Regulation is effective starting 25 May 2018 (GDPR). The GDPR aims to strengthen the security and protection of personal data in the EU and will replace the European Privacy Directive and national legislations accordingly.
The Wasdell Group welcomes the new GDPR regulation. The success of our company is built on the trust that our employees and customers have in our ability to deliver quality products and services. This includes our ability to apply a high level of data protection and security in relation to personal data that our employees, customers and third parties entrust us with.
Wasdell considers it not just its duty to comply with national and international data protection regulations, but also to do this by applying the same standards, processes and procedures throughout the group. This allows us to deliver the transparency and consistency that our customers expect from us.
Certifications
Being a GMP and MHRA accredited company, we have multiple Stand Operating Procedures and processes in place to maintain a very high level of compliance within our organisation. With Data being controlled to a high level for security and compliance too.
Physical Security
As a provider of data to customers that they supply, we are primarily involved in the physical and security aspects of data as well as of customer areas. We do not have direct access to Customers` data systems and/or any personal data in these systems.
Data Protection & Security
For security purposes our visitors shall be required to register personal data as they visit our sites at reception, and, if applicable, provide photographical ID. Additionally, CCTV recordings are made at both reception entrance to the site as well as in the customer areas. This personal data will be processed in compliance with the applicable GDPR principles. Amongst other things, this means that personal data will not be kept longer than strictly necessary for the purpose.
GDPR Implementation
Although we have already implemented a consistent level of data protection and security to our data storage and access to our systems, our aim is to be fully GDPR compliant by the end of the first quarter 2018. This includes keeping internal records of all our data processing activities via Audit and log files and having a process to accommodate the requests of our data subjects.
Contact Person
Any GDPR related questions can be addressed to Wasdell’s Data Protection Area at info@wasdell.co.uk
