The Data Protection Act, 1998 (the “DPA”) governs the way in which we, as a business, are required to handle, manage and store data on individuals. Failure to comply with the DPA can result in serious consequences, including monetary fines of up to £500,000, for both the Company and certain individuals. Our Company is fully committed to compliance with the DPA. The aim of this policy is to describe how the Company will fulfill its obligations.
Gr33n Group needs to collect utilize and have access to third party data for a number of purposes as part of its function in being a Green Deal Provider.
In collecting and using this data Gr33n Group is committed to protecting an individual's right to privacy with regard to the processing of personal data and this policy has been adopted to support this.
The DPA sets out 8 Principles of data protection. This Company fully endorses the 8 Principles and considers the lawful and correct treatment of personal information as important to the success of the business. We aim to ensure adherence to the DPA and the 8 Principles by the adoption of strict processes and controls which will be in place throughout the business.
The 8 Principles require that personal information shall:
This policy applies to all personal information of individuals obtained, held, stored, processed, used or shared by the Company. All employees will be required to comply with the 8 Principles and the DPA including any applicable procedures or processes adopted by the Company in relation to personal data
Gr33n Group may share data with other agencies such as the Landmark Database and other approved participants within the Green Deal.
The customer will be made aware when personal details are collected that they may possibly be shared this is known as informed consent. Details of to whom and how their information will be shared with will be made clear within relevant documentation.
Gr33n Group regards the lawful and correct treatment of personal information as very important to successful working, and to maintaining the confidence of those with whom we deal.
Subcontractors agents and vendors may from time to time have to have access to personal information regarding Gr33n Group customers.
Non-disclosure agreements will be issued to and signed by these parties before they subcontract for Gr33n Group.
Sub-contractors agents and venders will be restricted from areas within the Gr33n Group offices where personal details are processed.
Information and records relating to Green Deal Customers will be stored securely and will only be accessible to authorised staff using passwords and encryption.
Passwords will be changed regularly.
Information will be stored for only as long as it is needed or required by statute and will be disposed of appropriately.
Members of staff will have access to personal data only where it is required as part of their functional remit.
Gr33n Group will detect and investigate any breaches of security if they occur by producing audit trails that log access to personal data that can be attributed to a particular person.
A backup filing system will be utilised to protect personal data being lost through flood, fire or other catastrophe.
It is Gr33n GroupLtd responsibility to ensure all personal and company data is non-recoverable from any computer system previously used within the organisation, which has been passed on/sold to a third party.
In addition, Gr33n Group will ensure that:
The Managing Director shall have overall responsibility for data protection compliance across the business. Responsibilities include
Managers shall have responsibility for ensuring that this policy and data protection procedures are adopted and communicated within their business area/department. Responsibilities include
All employees must
This is the person nominated by Gr33n Group from time to time and is currently Mark Baldwin who is deemed competent in the area of data protection. The Data Protection Coordinator shall be responsible for;
This policy and any underlining processes and procedures will be reviewed on a regular basis to ensure best practice and to take account of any changes in legislation. At a minimum, this review will be conducted on an annual basis.