DATA PROTECTION POLICY
FOR CONTRACTORS, STAFF, & VOLUNTEERS
Total Managed Solutions Ltd has always valued working relationships through communication and trust. When it comes to data privacy and protection it is therefore our privilege to confirm the integrity and commitment we want to show to our staff. It is for the purposes of offering excellent service that we would seek to process and protect your information. We also understand that at times we may also receive information that is ‘personal’, meaning that it could be used to identify a specific person. In this document we endeavour to deal with all kinds of information we hold on behalf of our contractors and employees.
Document contents:
1. Purpose & types of data
2. Data storage & protection
3. Data access, review & removal
4. Guidance
5. Data breeches and customer concerns
1. Purpose & types of data.
The purpose for processing data is for, mutual communication, vetting and verification, safe working practices, payments, and maintaining trust with our clients. In some situations we may be required to share your information with our clients and their property managers.
The data you offer TMS will be processed through, contract arrangements, compliance documentation, email communication, messenger services, and phone/verbal conversations.
a. Contractors
Purpose
TMS will process specific data made available via communication with our contractors. We intentionally keep these records securely for the purposes of carrying out our services. Under article 6 of the GDPR our justification for processing comes under ‘contractual’ grounds.
Information we process
• First/last names of personnel
• Contact numbers
• Email addresses
• Occupation & company position
• Business & VAT registration number
• Business name & trading addresses
• Vehicle details
• Insurance details
• Waste registration details
• Safety information
Information we may pass on to our clients
• First/last names of personnel
• Contact numbers
• Email addresses
• Vehicle details
• Occupation & company position
• Business & VAT registration number
• Business & trading addresses
b. Employees and self employed
Purpose
TMS will process specific personal data made available via communication with our staff. We intentionally keep these records securely for the purposes of carrying out our services. Under article 6 of the GDPR our justification for processing comes under ‘contractual’ grounds.
Information we process
• Full names
• Contact numbers
• Email Addresses
• Date of birth
• Residential address
• Bank account details
• Copy of Passport/Visa/right to work in the UK
• Vehicle details
• Background checks
Information we may pass on to our clients
• Full names
• Documented proof of right to work in the UK
• Vehicle details
Note – Subject to valid requests to delete personal information, TMS will endeavour to hold limited contractor and employee information (underlined above) after contract termination, as provision to reinstate future business relationships.
c. Volunteers
First and last names, photos and quotes for marketing, will be opt-in and case-per-case. TMS will process and control your information for the purposes of repeat volunteer opportunities and/or company marketing.
2. Data storage & protection
TMS stores data digitally, within a strategy of how we operate as a business. The following table will explain where we store our customer’s information and how it is protected. TMS uses third-party cloud services to reduce the need to transfer or email files, and therefore limiting exposure.
| Item | Location/s | Protection/s |
|---|---|---|
| Business PCs | Secured offices & mobile personnel | Password encrypted |
| Backups hardware | Secured offices | Password encrypted |
| Backups software | Cloud services | Third-party policy (view) |
| Hardcopy documents | Secured offices | Static and secured |
| Mobile phones | Mobile personnel | Password protected |
| Information we process | Cloud services | Third-party policy (view) |
3. Data access, review & removal
TMS recognises that any information that can be used to identify an individual person (subject to agreement) does not belong to them and is held on the person’s behalf. An individual holds the right to contact TMS to review, update, or delete their personal information (subject to agreement). Any valid requests will be completed within 30 days of the request, unless an extension is required for complex/numerous requests. Any individual has a right to their own personal information, however to reduce fraudulent claims we require one of the following:
Requests to be sent in writing (email) from the individual’s usual email account
Email requests to be sent to TMS from the individual’s recognised email account
Where there is any doubt to the ownership of any information, TMS will not release any information without taking further steps to verify that ownership. TMS also holds the right under GDPR to compensate themselves for fair administrative costs for unfounded, excessive and repetitive demands.
4. Guidance
All TMS contractors, staff and volunteers will be required to adhere to our basic data protection protocol. This is to mitigate against human error and protect individuals and staff. The training will cover these specific areas:
General Data Protection Regulations overview
Correct channels of communication
Processing & protecting information
Responding to data breaches
5. Data breeches and customer concerns
Upon confirmation of data breach, TMS will notify the relevant company or individual within 72 hours. Records of personal data breaches will be kept to strengthen our safeguarding.
For any further queries please send your requests via email: info@totalmanagedsolutions.co.uk