Data Protection Policy
Policy information
Organisation
iCertifi LTD the“data controller” means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be processed
Policy operational date
May 2018
Policy prepared by
MR J Andrews
Date approved by Board/ Management Committee
Approved by iCertifi Board of Directors
Policy review date
May 2021
Purpose of policy
Data Compliance
Specific risks
“vishing” and “phishing” mitigated by a policy of not to give out info without right of access request made in writing. No details are given over the phone or by email to any persons
Data recording and storage
Accuracy
Data is collected via user input, not by third party for the purpose of
- compliance with the law
- following good practice
- protecting clients, staff and other individuals
- protecting the organisation
Types of data
We may collect the following information:
Your name
Your email address
Policy statement
- To comply with both the law and good practice
- respect individuals’ rights
- be open and honest with individuals whose data is held
- provide training and support for staff who handle personal data, so that they can act confidently and consistently
- Notify the Information Commissioner voluntarily, even if this is not required
Key risks
- information about data getting into the wrong hands, through poor security or inappropriate disclosure of information
- individuals being harmed by data being inaccurate or insufficient
Responsibilities
The Board / Company Directors
Have overall responsibility for ensuring that the organisation complies with its legal obligations.
Data Protection Officer
Managing Director
Employees & Volunteers
All staff and volunteers are required to read, understand and accept any policies and procedures that relate to the personal data they may handle in the course of their work. (From now on, where ‘employees’ is used, this includes both paid employees and volunteers.)
Enforcement
Depending on intent a written warning, extra training, or advice could be given as a resolution
Security
Setting security levels
The greater the consequences of a breach of confidentiality, the tighter the security protocols will be in effect
Security measures
Individual names address kept under password controlled environment. Passwords stored in a non human readable format with high level encryption methods. Only Managing director has access to the database
Storage
Data stored in password controlled secure SQLite database
Archiving
Archive saved as SQLite to Managing directors machine locally
Right of Access
Responsibility
Managing Director
Procedure for making request
Right of access requests must be in writing to :
The Data Controller
iCertifi LTD
71 - 72 Shelton Street
London
WC2H 9JQ
Provision for verifying identity
As a responsible organisations in order to verify the identity of individuals applying to us for personal information we require the person (applicant) must provide original documents (not copies) to prove their identity. We require 2 documents with photographic identity (e.g. passport, new style driving licence, etc.) and compare this against the applicant’s likeness. All documents must be in the applicant’s current name as recorded on the application form. You must declares all previous name changes, and provide documentary proof to support the change of name.
Acceptable documents:
Group1
Passport
Current biometric residence permit
Current biometric residence permit
Birth certificate - issued within 12 months of birth
Adoption certificate
Group 1a
current Biometric Immigration Document (Biometric UK Residence Permit) issued by the Home Office to the holder
indicating that the person named is allowed to stay indefinitely in the UK
A current Biometric Immigration Document (Biometric UK Residence Permit) issued by the Home Office to the holder
which indicates that the named person can currently stay in the
UK and is allowed to do the work in question
A current passport endorsed to show that the holder is exempt from immigration control, is allowed to stay indefinitely in the UK, has the right of abode in the UK, or has no time limit on their stay in the UK
A current passport endorsed to show that the holder is allowed to stay in the UK and is currently allowed to do the type of work in question
A Certificate of Application issued by the Home Office under regulation 17(3) or 18A (2) of the Immigration (European Economic Area) Regulations 2006, to a family member of a national of a European Economic Area country or Switzerland stating that the holder is permitted to take employment which is less than 6 months old together with a Positive Verification Notice from the Home Office Employer Checking Service.
An Application Registration Card issued by the Home Office stating that the holder is permitted to take the employment in question, together with a Positive Verification Notice from the Home Office Employer Checking Service.
Applicants providing one of the following documents must also provide a current valid Passport:
A current Residence Card (including an Accession Residence Card or a Derivative Residence Card) issued by the Home Office to a non-European Economic Area national who is a family member of a national of a European Economic Area country or Switzerland or who has a derivative right of residence.
A current Immigration Status Document containing a photograph issued by the Home Office to the holder with a valid endorsement indicating that the named person may stay in the UK, and is allowed to do the type of work in question, together with an official document giving the person’s permanent National Insurance number and their name issued by a Government agency or a previous employer.
A current Immigration Status Document issued by the Home Office to the holder with an endorsement indicating that the named person is allowed to stay indefinitely in the UK or has no time limit on their stay in the UK, together with an official document giving the person’s permanent National Insurance number and their name issued by a Government agency or a previous employer.
Group 2a: Trusted government documents
- Current driving licence photo-card - (full or provisional)
- Current driving licence (full or provisional) - paper version (if issued before 1998)
- Birth certificate - issued after time of birth
- Marriage/civil partnership certificate
- HM Forces ID card Firearms licence
- Non EEA Immigration Document/ Visa/Work permit
Group 2b: Financial and social history documents
- Mortgage statement
- Bank or building society statement
- Bank or building society account opening confirmation letter
- Credit card statement
- Financial statement, eg pension or endowment
- P45 or P60 statement
- Council Tax statement
- Letter of sponsorship from future employment provider
- Utility bill
- Benefit statement, eg Child Benefit, Pension Central or local government, government agency, or local council document giving entitlement, eg from the Department for Work and Pensions, the Employment Service, HMRC
- EEA National ID card
- Cards carrying the PASS accreditation logo
- Letter from head teacher or college principal
- Non EEA Bank or building society statement
Charging
We provide the information free of charge. However, we charge a ‘reasonable fee’ when a request is manifestly unfounded or excessive, particularly if it is repetitive.
We will also charge a reasonable fee to comply with requests for further copies of the same information. This does not mean that you can charge for all subsequent access requests
Commitment
- Information is kept for the creation of accounts for our software
- We do not disclose or sell this information to third parties
Lawful Basis
Legitimate interests: Accounts
the processing and storage of your information is necessary to assign your payment to your account to allow you to use our services on your devices. It is targeted and proportionate way of achieving this.
Consent: Newsletter
You the individual the has given clear consent for us to process your personal data for sending you a newsletter. This consent can be withdrawn at any time
Employee training & Acceptance of responsibilities
All employees who have access to any kind of personal data have their responsibilities outlined during their induction procedures
Comments