Last Updated January 2010
In this policy “Gloople Limited” means one or all of Gloople Limited; and “worker” means a Gloople Limited temporary or permanent employee, or a person who while not employed by Gloople Limited provides services to Gloople Limited as an employee of an agency or as a consultant.
Gloople Limited holds certain information about living individuals which is defined as personal data under the Data Protection Act 1998 (“the Act”). Gloople Limited recognises the importance of the correct and lawful treatment of personal data.
This policy (together with the Gloople Limited Data Protection Guidelines and Data Subject Access Guidelines and any other documents referred to in it) sets out the basis on which any personal data Gloople Limited collects from a worker, or that a worker provides to it, will be processed by Gloople Limited. For the purpose of the Act, the data controller for personal data processed by Gloople Limited can be one, several or all of Gloople Limited.
The Gloople Limited nominated representative for the purpose of the Act is Warren Knight of Gloople Limited [email@example.com]
Status of the Policy
This Policy has been approved by the directors of Gloople Limited and any breach of it will be taken seriously. Any worker who considers that the Policy has not been followed in respect of personal data about him/herself should raise the matter with his/her Line Manager in the first instance.
The types of personal data which Gloople Limited collects, holds and processes include personal data of:
- Its current, past and prospective workers. Such personal data includes all information about workers
- to allow the employing Gloople Limited to administer its employees’ employment contracts, or Gloople Limited contracting with the agency/consultancy to administer the
- agency/consultancy contract;
- suppliers of services, works and/or equipment;
- client information held within our online database(s)
All personal data held by Gloople Limited will be subject to the appropriate legal safeguards as specified in the Act.
Gloople Limited fully endorses and adheres to the eight principles of the Act. These principles specify the legal conditions that must be satisfied in relation to obtaining, handling, processing, transportation and storage of personal data. Employees and any others who obtain, handle, process, transport and store personal data for Gloople Limited must adhere to these principles.
The principles require that personal data shall:
- Be processed fairly and lawfully and shall not be processed unless certain conditions are met;
- Be obtained for a specified and lawful purpose and shall not be processed in any manner incompatible with that purpose;
- Be adequate, relevant and not excessive for those purposes;
- Be accurate and, where necessary, kept up to date;
- Not be kept for longer than is necessary for that purpose;
- Be processed in accordance with the data subject’s rights;
- Be kept secure from unauthorised or unlawful processing and protected against accidental loss, destruction or damage by using the appropriate technical and organisational measures; and
- Not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Satisfaction of Principles
In order to meet the requirements of the principles, Gloople Limited will:
- observe fully the conditions regarding the fair collection and use of personal data;
- meet its obligations to specify the purposes for which personal data is used;
- collect and process appropriate personal data only to the extent that it is needed to fulfill operational or any legal requirements;
- ensure the quality of personal data used;
- apply strict checks to determine the length of time personal data is held;
- ensure that the rights of individuals about whom the personal data is held, can be fully exercised under the Act;
- take the appropriate technical and organisational security measures to safeguard personal data; and
- ensure that personal data is not transferred abroad without suitable safeguards.
Gloople Limited processes personal data for the following purposes:
- Staff administration – Appointments or removals, pay, discipline, superannuation, work management or other personnel matters in relation to the staff of Gloople Limited; and
- Re-processing client data – The re-processing of client data (including collection, storage, preservation, amendment, allowing of access to the client data, making of queries and extracts, usage, forwarding, cross-referencing and deletion).
- Advertising, Marketing and Public Relations – Advertising or marketing the business of Gloople Limited, activity, goods or services and promoting public relations in connection with that business or activity, or those goods or services.
- Accounts and Records – Keeping accounts related to any business or other activity carried out by Gloople Limited, or deciding whether to accept any person as a customer or supplier, or keeping records of purchases, sales or other transactions for the purpose of ensuring that the requisite payments and deliveries are made or services provided by Gloople Limited or to Gloople Limited in respect of those transactions, or for the purpose of making financial or management forecasts to assist Gloople Limited in the conduct of any such business or activity.
- Education – The provision of education or training as a primary function or as a business activity.
- Crime Prevention and Prosecution of Offenders – Crime prevention and detection and the apprehension and prosecution of offenders. Disclosure of Workers’ Personal Information Gloople Limited may use and disclose workers’ personal information for administration and management purposes. Gloople Limited may disclose workers’ information to Gloople Limited service providers and agents for these purposes.
- Gloople Limited also reserves the right to share workers’ personal information with organisations which provide and administer employee benefits, such as pension schemes for the implementation of the PPP Contracts Gloople Limited has entered into (which means Gloople Limited (and their respective successors in title) and any holding company and subsidiary (both as defined in section 736 of the Companies Act 1985) thereof or of such holding company from time to time; who will use the personal data for administration of contracts with workers or for the administration of the contracts of the employers of workers as appropriate.)
Gloople Limited may disclose workers’ personal information to third parties:
- In the event that Gloople Limited sells or buys any business or assets, in which case Gloople Limited may disclose workers’ personal data to the prospective seller or buyer of such business or assets;
- If Gloople Limited is under a duty to disclose or share workers’ personal data in order to comply with any legal obligation;
- If Gloople Limited is under a duty to disclose or share workers’ personal data to another company or organisation to which it is required to transfer any part of its business under the PPP Contracts.
Access to Information
The Act gives data subjects [as defined in the Act] including workers the right to access information held about each of them. This right of access can be exercised in accordance with the Act. Any access request may be subject to a fee of £81.25 to meet Gloople Limited ’s costs in providing a data subject/worker with details of the information Gloople Limited holds about that data subject/worker.
Gloople Limited Worker Responsibilities
All Gloople Limited workers are responsible for:
- Checking that any personal data that they provide to Gloople Limited is accurate and up to date;
- Informing Gloople Limited of any changes to information which they have provided, e.g. changes of address;
- If, as part of their responsibilities, Gloople Limited workers collect information about other people, they must comply with this Policy and with the Data Protection Guidelines.
The need to ensure that data is kept securely means that precautions must be taken against physical loss or damage and that both access and disclosure must be restricted. All workers are responsible for ensuring that:
- Any personal data which they hold is kept securely;
- Personal data is not disclosed either orally or in writing or otherwise to any unauthorised third party.
Questions, comments and requests regarding this Data Protection Policy are welcomed and should be addressed to Warren Knight of Gloople Limited [firstname.lastname@example.org] Or write to:
Gloople Limited, The Studio,151-153 Curtain Road, London, EC2A 3QL.