iCertifi's Privacy Policy - GDPR Compliance

 

 

Data Protection Policy

Policy information

 

Organisation

iCertifi LTD the“data controller” means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be processed

 

Policy operational date

May 2018

 

Policy prepared by

MR J Andrews

 

Date approved by Board/ Management Committee

Approved by iCertifi Board of Directors

 

Policy review date

May 2021

 

Purpose of policy

Regular backups are kept of data accessible by Managing Director 

 

Specific risks

“vishing” and “phishing” mitigated by a policy of not to give out info without right of access request made in writing.  No details are given over the phone or by email to any persons

 

Data recording and storage

Accuracy

Data is collected via user input, not by third party for the purpose of 

  • compliance with the law
  • following good practice
  • protecting clients, staff and other individuals
  • protecting the organisation

 

Types of data

We may collect the following information:

Your name

Your email address

 

Policy statement

  • To comply with both the law and good practice
  • respect individuals’ rights
  • be open and honest with individuals whose data is held
  • provide training and support for staff who handle personal data, so that they can act confidently and consistently
  • Notify the Information Commissioner voluntarily, even if this is not required

Key risks

  • information about data getting into the wrong hands, through poor security or inappropriate disclosure of information
  • individuals being harmed by data being inaccurate or insufficient

 

Responsibilities

The Board / Company Directors Have overall responsibility for ensuring that the organisation complies with its legal obligations.

Data Protection Officer

Managing Director

Employees & Volunteers

All staff and volunteers are required to read, understand and accept any policies and procedures that relate to the personal data they may handle in the course of their work.  (From now on, where ‘employees’ is used, this includes both paid employees and volunteers.)

 

Enforcement

Depending on intent a written warning, extra training, or advice could be given as a resolution

Security

Setting security levels

The greater the consequences of a breach of confidentiality, the tighter the security protocols will be in effect

 

Security measures

Individual names address kept under password controlled environment. Passwords stored in a non human readable format with high level encryption methods.  Only Managing director has access to the database

 

Storage

Data stored in password controlled secure SQLite database

 

Archiving

Archive saved as SQLite to Managing directors machine locally

 

Right of Access

Responsibility

Managing Director

 

Procedure for making request

Right of access requests must be in writing to :

The Data Controller

iCertifi LTD

71 - 72 Shelton Street

London

WC2H 9JQ

 

Provision for verifying identity

As a responsible organisations in order to verify the identity of individuals applying to us for personal information we require the person (applicant) must provide original documents (not copies) to prove their identity. We require 2 documents with photographic identity (e.g. passport, new style driving licence, etc.) and compare this against the applicant’s likeness. All documents must be in the applicant’s current name as recorded on the application form. You must declares all previous name changes, and provide documentary proof to support the change of name.

Acceptable documents:

Group1

Passport

Current biometric residence permit

Current biometric residence permit

Birth certificate - issued within 12 months of birth

Adoption certificate

Group 1a

current Biometric Immigration Document (Biometric UK Residence Permit) issued by the Home Office to the holder
indicating that the person named is allowed to stay indefinitely in the UK

A current Biometric Immigration Document (Biometric UK Residence Permit) issued by the Home Office to the holder
which indicates that the named person can currently stay in the
UK and is allowed to do the work in question

A current passport endorsed to show that the holder is exempt from immigration control, is allowed to stay indefinitely in the UK, has the right of abode in the UK, or has no time limit on their stay in the UK

current passport endorsed to show that the holder is allowed to stay in the UK and is currently allowed to do the type of work in question

A Certificate of Application issued by the Home Office under regulation 17(3) or 18A (2) of the Immigration (European Economic Area) Regulations 2006, to a family member of a national of a European Economic Area country or Switzerland stating that the holder is permitted to take employment which is less than 6 months old together with a Positive Verification Notice from the Home Office Employer Checking Service.

An Application Registration Card issued by the Home Office stating that the holder is permitted to take the employment in question, together with a Positive Verification Notice from the Home Office Employer Checking Service.

Applicants providing one of the following documents must also provide a current valid Passport:

A current Residence Card (including an Accession Residence Card or a Derivative Residence Card) issued by the Home Office to a non-European Economic Area national who is a family member of a national of a European Economic Area country or Switzerland or who has a derivative right of residence.

A current Immigration Status Document containing a photograph issued by the Home Office to the holder with a valid endorsement indicating that the named person may stay in the UK, and is allowed to do the type of work in question, together with an official document giving the person’s permanent National Insurance number and their name issued by a Government agency or a previous employer.

A current Immigration Status Document issued by the Home Office to the holder with an endorsement indicating that the named person is allowed to stay indefinitely in the UK or has no time limit on their stay in the UK, together with an official document giving the person’s permanent National Insurance number and their name issued by a Government agency or a previous employer.

Group 2a: Trusted government documents

  • Current driving licence photo-card - (full or provisional)
  • Current driving licence (full or provisional) - paper version (if issued before 1998)
  • Birth certificate - issued after time of birth
  • Marriage/civil partnership certificate
  • HM Forces ID card Firearms licence
  • Non EEA Immigration Document/ Visa/Work permit

 

Group 2b: Financial and social history documents   

  • Mortgage statement
  • Bank or building society statement
  • Bank or building society account opening confirmation letter
  • Credit card statement
  • Financial statement, eg pension or endowment
  • P45 or P60 statement
  • Council Tax statement
  • Letter of sponsorship from future employment provider
  • Utility bill
  • Benefit statement, eg Child Benefit, Pension Central or local government, government agency, or local council document giving entitlement, eg from the Department for Work and Pensions, the Employment Service, HMRC
  • EEA National ID card
  • Cards carrying the PASS accreditation logo
  • Letter from head teacher or college principal
  • Non EEA Bank or building society statement

 

Charging

We provide the information free of charge. However, we charge a ‘reasonable fee’ when a request is manifestly unfounded or excessive, particularly if it is repetitive.

We will also charge a reasonable fee to comply with requests for further copies of the same information. This does not mean that you can charge for all subsequent access requests

 

Commitment

  • Information is kept for the creation of accounts for our software
  • We do not disclose or sell this information to third parties

 

Lawful Basis

 

Legitimate interests: Accounts

 the processing and storage of your information is necessary to assign your payment to your account to allow you to use our services on your devices. It is targeted and proportionate way of achieving this. 

Consent: Newsletter

You the individual the has given clear consent for us to process your personal data for sending you a newsletter.  This consent can be withdrawn at any time

 

Employee training & Acceptance of responsibilities

All employees who have access to any kind of personal data have their responsibilities outlined during their induction procedures

 

 

 

 

 

 

Comments

Powered by Zendesk