The following outlines the General Data Protection Regulation Policy for Konnect Recruitment Ltd (Compliance From 1/1/2018)
The overarching principle is that
- All data collected and/or stored by KONNECT RECRUITMENT is done so for the sole purposes of KONNECT RECRUITMENT business and an individual’s relationship with KONNECT RECRUITMENT. This will include, but is not limited to, membership communication, internal marketing of events, notification of publications, educational quality standards, CPD, CPD. Individual’s personal data will not be shared with a third party without prior written consent.
- No member of staff or council will share any personal data with a third party without the prior consent of the individual. This includes, but is not limited to Name, address, email address and phone details.
- All KONNECT RECRUITMENT Staff will sign to consent form for their business email address, phone number and associated business contact details to be circulated for the sole purposes of KONNECT RECRUITMENT business.
- All KONNECT RECRUITMENT Trustees must agree to allow KONNECT RECRUITMENT Staff to freely use their business contact details but do not agree that they are circulated to external third parties without prior consent on a case by case basis, Trustees to avoid using their own personal details for business correspondence.
- KONNECT RECRUITMENT Division Chairs, Committee members and Assessors must agree to allow KONNECT RECRUITMENT Staff to freely use their business contact details for the sole purposes of KONNECT RECRUITMENT business but do not agree that they are circulated to external third parties without prior consent on a case by case basis.
- From January 2018 KONNECT RECRUITMENT will not retain any paper files of personal data, except for financial transactional data.
- The KONNECT RECRUITMENT will carry out a full IT security audit each quarter in collaboration with ASE their specialist IT support contractor
- Where financial transactional data is retained onsite it will be stored in a locked filing cabinet inside a locked room where access is restricted to the CEO, PA to the CEO and the Financial administrator. The data is treated as confidential and is only shared with authorized personal. Authorised personnel include, KONNECT RECRUITMENT treasurer, the finance committee members, financial administrator and accountant.
- Financial transactional data from previous financial years will be held off site in a secure locked building for 7 years within a secured locked room which only KONNECT RECRUITMENT staff have access to.
- After their expiry any paper records will be destroyed by a registered company authorized to dispose of confidential waste at least once per quarter.
- Financial information for online payments are not held by KONNECT RECRUITMENT and are all managed by Sagepay, KONNECT RECRUITMENT hold none of this payment information.
- When processing financial information by telephone staff taking the call must not write down or record any of the information given to them except in the designated boxes in the Sagepay payment terminal. They must not repeat back any card details and if they require clarification they will ask the caller to repeat the details. The transaction should not be processed on speaker phone
- Members who elect to pay by Direct Debit have their bank account and sort code held against their record. This information should only be inputted by the CEO or financial administrator. This data should not be disclosed under any circumstances. If and when the member resigns or cancels their direct debit the financial information will be removed
- No PC or workstation shall be left unmanned without a suitable password protected screen saver. All PCs and workstations should be closed and password protected overnight.
- All Staff should use only their own login to access PCs and membership databases and not share their login details with others.
- In order to show compliance to the General Data Protection Regulations all staff will carry out a one hour online training program and sign to agree that they understand the implications. (Signing log attached), they will also sign this policy to show they have read and understand their responsibility to personal data.
- From January 2018 the CEO, PA to the CEO and the membership administrator will meet quarterly to conduct a GDPR audit to ensure full compliance, audit log attached.
- All staff have signed as part of their contract of employment a confidentiality clause.
- On Joining the Society Members each members must be told that the KONNECT RECRUITMENT will not under any circumstances use their data for any other purpose than for processing and marketing of the Society and membership deliverables. The data will not be circulated to third parties unless members they give their prior written consent. This is made clear at the beginning of the application process and on every monthly newsletter.
- From time to time the Society is approached to circulate relevant matters on behalf of third parties, this is managed from the Societies offices and the details are not circulated for any purpose, on joining the Society members can opt out of third parties mailers.
- The data held by KONNECT RECRUITMENT can only be as accurate as the information supplied to KONNECT RECRUITMENT. It is the responsibility of the individual to ensure their data is accurate.
- Once an individual’s relationship with KONNECT RECRUITMENT has become inactive their personal data will be retained electronically for 3 years before deletion.
- An individual may at any time request the removal of their personal data by contacting [email protected] . It should be noted that the removal of all personal data (including email contact details) will result in KONNECT RECRUITMENT no longer being able to carry out work on your behalf.
- An individual may at any time raise a concern by contacting [email protected] . For further details on your rights visit https://ico.org.uk/for-the-public/