For many years we have been committed to protecting the information received and processed in relation to individuals. Due to the nature of work which we undertake, it is essential that our clients can have complete faith in our personnel systems and procedures.
However, we also respect the privacy of our employees (past and present), suppliers and any other organisation upon which we may hold information, whether that be on computer or in a manual filing system.
This document is evidence to support our claim. We have been registered with the Data Commissionaires office for many years. Our Registration number is Z5326407.
The Eight Principles
We comply with the Eight Principles which encompass the Commissionaires thoughts and declarations. These are :-
1. All information relating to individuals will be processed fairly and lawfully. We do not employ the use of pretext enquiries. However when conducting enquiries (especially with neighbouring occupants) we realise that when our staff identify themselves as representatives of our company, this itself, may cause some embarrassment. Therefore, our staff always conduct themselves in a discreet manner.
2. Information, or data, which we are made aware of, will only be processed for the purpose for which it was received. Re-use or re-selling of information is not a practice which our Firm is associated with.
3. Enquiries, interviews and other sources will be screened to identify that only the adequate and relevant information is processed.
4. All efforts shall be made to ensure that information obtained or received is accurate, and where necessary, kept current.
5. Where possible we shall retain records and files only as long as required. Once they have reached their conclusion they shall be destroyed or deleted in an appropriate, safe and secure manner. There are however, certain fields which may have to be retained for longer periods. These include certain financial records; data relating to cases which may not yet have reached a conclusion; cases where legal action may be taken against ourselves or our clients due to alleged misconduct on our part (this is for insurance/professional indemnity reasons) and other similar scenarios.
6. Information shall be processed in accordance with the rights of data subjects under the 1998 Data Protection Act.
7. All records are kept confidential. Principally this is achieved through secure offices with restricted access. In addition, paper records and files are usually (where possible) kept in lockable cabinets. With reference to computer records, these are protected internally with strictly controlled username and passwords which are regularly changed. Employees are assigned a level of clearance and authority. Concise audits are maintained and logged. Electronic systems are in place to prevent any unauthorised access or corruption from outside perpetrators. When conducting interviews, especially via telephone, key questions are sought from the enquirer prior to revealing any data.
8. No personal information shall be forwarded to another country which is either outside the European Economic Area or to a country which does not ensure adequate protection for the rights and freedoms of individuals. For countries outside the EEC, assessments shall be undertaken and contracts created.
Commitment to Protecting Individuals Rights
Overall responsibility for the protection of individuals privacy and compliance with the Data Protection Act 1998 is that of the managing partner David Walker.
Responsibility for reviewing the company’s policy and controls, as well monitoring interpretations of the Act and the Codes of Conduct and guidance provided by the Commissionaires office is that of Brian Walker.
However, regional responsibility lies with each office manager or residential partner. In addition, each member of staff is responsible themselves and they have acknowledged their responsibility by agreeing to our Firm’s Terms & Conditions of Employment.
Everyone employed by our Firm recognises their duties and responsibilities. Fair and lawful processing of data and information is promoted at all times. All are well trained and most are very experienced in what they do.
Strict levels of access and supervision are maintained at all times.
Anyone who wishes to exercise the right of access to personal data under Part II, Section 7, shall be advised accordingly by a member of the appropriate procedure.
Regular reviews of this policy and systems & procedures will be undertaken. This is not only to ensure data is processed more efficiently, but accurately.
The Use of CCTV Equipment
Security camera systems are employed within several of our premises. This is only for the purposes of public and employee safety and crime prevention/detection. The Commissionaire has been notified accordingly.
CCTV equipment has been angled to avoid capturing images of any individual visiting offices/premises other than our own.
CCTV equipment is regularly inspected to confirm that they are working properly and that the images are clear enough to be used by police for evidential purposes. Tapes will be changed for new after they have been used twelve times.
Signs are visible to anyone visiting our premises advising that they may be recorded and the reason for doing so. All recordings are securely stored and only a limited number of authorised personnel have access to them. Recording will only be kept long enough for any incident to come to light. Only police involved in prevention and detection of crime will be allowed copies of recordings.
Members of staff know how to respond to enquirers regarding access to recordings.
Access To Personal Data
When a request is made to have access to personal data which we may hold, the procedure is as follows : –
1. The enquirer will be requested to apply in writing for the information which he seeks. That written request should be addressed to the Managing Partner, David Walker.
2. Upon receipt of the written request, it will be immediately acknowledged.
3. There will then be a review of the request in order that there is sufficient information contained within to identify the enquirer and that they are who they purport to be. Due to the legal nature of work which we undertake, there may be instances where disclosure of data is inappropriate and exempt, with reference to Schedule 7 of the Act. If it is agreed that disclosure is warranted, then an administration fee, not exceeding £10.00, may be sought. If disclosure is exempt, then the data subject will be accordingly advised.
4. Where disclosure is warranted and the administration fee has been received, then the enquirer will receive a legible, comprehensible account of the personal information held on file by us. With the co-operation of the data subject, we shall achieve this within the forty day period as prescribed by the Data Commissionaire.
5. With reference to CCTV recordings, a copy of a portion or scene of video will be forwarded to the enquirer if they are able to identify themselves to the data controller so that there is no doubt that the enquirer is the person depicted on the video. If there is any other person or individual within the same scene, the enquirer exercising his right will only receive a copy of the scene if he is willing to pay the costs to have the non-relevant party edited for the scene. This would involve an outside contractor and possibly considerable expense.