Principle and statement of intent
GDPR – General Data Protection Regulation came into effect on 25 May 2018, and replaced the Data Protection Act of 1998. Following GDPR guidelines Bumbles Day Care will ensure that personal data is processed fairly and lawfully and collected for specified, explicit and legitimate purposes. This applies to data held on paper and by electronic means
As employees, we all have an expectation that information held about us will be dealt with properly and responsibly. As an employer Bumbles Day Care has a responsibility and a duty of care to ensure that this happens. It is important to understand your responsibility when handling other peoples’ personal data, whether this is employee or customer related.
This applies to information held on computer or in Manual filing systems from which they are identifiable. Information held must be ‘adequate, relevant and not excessive’.
Bumbles Day Care recognises the importance of respecting the privacy of all our employees and the need for the appropriate safeguards, in relation to the collection, storage and processing of personal data.
To show accountability, these are the principal reasons why Bumbles Day Care would hold personal information on its employees:
- Recruitment, promotion, training, redeployment and/or career development
- Calculation of payroll data and the transfer of such data for use by internal auditors
- Calculations of certain benefits including pensions
- For contacting next of kin in the event of an emergency
- Compliance with statutory requests from the Inland Revenue, Department of Social Security, the Benefits Agency and other relevant public authorities/agencies.
- Disciplinary purposes arising from an employee’s conduct or ability to perform their job
- Provision of reference to financial institutions, facilitate entry onto educational courses and assist potential future employers
- Assessment of suitability for internal moves and career progression/manpower planning.
By agreeing to the terms and conditions of Statement of Main Terms of Employment and this Employee Manual you are agreeing to individual consent to hold and use data/information and the processing of sensitive personal data for the purposes mentioned above.
GDPR provides the following rights for individuals
- The right to be informed.
- The right of access.
- The right to rectification.
- The right to erasure.
- The right to restrict processing.
- The right to data portability.
- The right to object.
- The right not to be subject to automated decision-making including profiling.
Employees wishing to exercise any of these individual rights will be required to put this in writing. This can be via an email sent to firstname.lastname@example.org. On receipt of an email we will respond without undue delay and at the latest within one month of receipt.
If a request is excessive or complex and we need more time to respond we will notify the individual within one month and explain the reason for delay.