Interloch Transport GDPR: General Privacy Policy
Interloch Transport is the data controller & our contact details are.
Riverbank Surgery, Kilmun, Argyll, PA23 8SE.
01369 840 474
[email protected]
What is the GDPR?
The General Data Protection Regulation is a European-wide law that replaces the Data Protection Act 1998 in the UK. It places greater obligations on how organisations handle personal data. It came into effect on 25 May 2018. The Data Controller in this respect is Interloch Transport. This notice applies to members, current and former employees, workers and contractors & volunteers.
Data protection principles
We will comply with data protection law. This says that the personal information we hold about you must be:
Why does the Organisation collect personal data?
Members: the organisation needs to keep and process information about you in order to provide a reliable safe service. The information we hold, and process will be used to provide this service only. We will keep and use it to enable us to provide our services and manage our relationship with you effectively, lawfully and appropriately while you use us or intend to in the future. If you do not provide this information, we may be unable in some circumstances to comply with our obligations (such as knowing where to pick you up or any transport needs) and we will tell you about the implications of that decision.
Employees: as an employer, the organisation needs to keep and process information about you for normal employment purposes. The information we hold, and process will be used for our management and administrative use only. We will keep and use it to enable us to run the business and manage our relationship with you effectively, lawfully and appropriately, during the recruitment process, whilst you are working for us, at the time when your employment ends and after you have left. This includes using information to enable us to comply with the employment contract, to comply with any legal requirements, pursue the legitimate interests of the Company and protect our legal position in the event of legal proceedings. If you do not provide this information, we may be unable in some circumstances to comply with our obligations (such as paying staff or health & safety compliance) and we will tell you about the implications of that decision.
What kind of information does the Organisation collect?
Members: the type of information we would hold includes your name, address, general contact details & next of kin or family member/power of attorney information. We hold Special Category data such as relevant health & mobility information, age, relevant disabilities & social worker/carer/doctor details. We also hold any relevant equipment needs such as wheelchairs and any payment preferences such as ‘by cash’. We request funder related feedback on a number of Scotland’s National Outcomes & general performance indicators. We request & hold general feedback information about the service and any future requirements.
Employees: the type of information we would hold includes your application form or CV, references, new employee start up details including bank & NI details, PVG certificates & references, contract of employment, performance information & any correspondence that we have with yourself involving, for example, payroll or any line management queries. We keep records of sick leave & holidays & of any disciplinary or grievance procedures that you have been involved with. We hold training & licence check information and general contact information including emails & addresses. You will, of course, inevitably be referred to in company documents emails and records that are produced by you and your colleagues in the course of carrying out your duties and the business of the organisation and we may also store ‘Special Category’ information about medical or health conditions, including whether or not you have a disability for which we need to make reasonable adjustments.
How is your personal information collected?
Members: the organisation collects this information in a variety of ways, for the most part through your initial registration phone call or visit. We may also collect and hold any relevant information given to us through family members, care professionals or our own staff while performing their duties or from yourself when contacting the office.
Employees: the organisation may collect this information in a variety of ways. For example, data might be collected through application forms, CVs; obtained from your passport or other identity documents such as your driving licence; from forms completed by you at the start of or during employment; from correspondence with you; or through interviews, meetings or other assessments. In some cases, the organisation may collect personal data about you from third parties, such as references supplied by former employers and information from employment background check providers. Data will be stored in a range of different places, including in your personnel file & database and in other IT systems (including the organisation’s email system)
What security is in place for your Data?
What is the legal basis for the Organisation collecting information?
Members: The legal basis of the processing is ‘Legitimate Interests’ under article 6 (1) (f) of the GDPR guidance. We do not transfer any personal date outside of the EEA (European Economic Area) .Other than as mentioned above, we will only disclose information about you to third parties if we are legally obliged to do so or where we need to comply with our duties of care to you. Special Category Information: the legal basis for this processing is ‘Legitimate Activity’ under article 9 (2) (d)
Employees: The legal basis of the processing is ‘Legitimate Interests’ under article 6 (1) (f) of the GDPR guidance. We share some elements of your information with our payroll provider GCVS but we do not transfer any personal date outside of the EEA (European Economic Area) .Other than as mentioned above, we will only disclose information about you to third parties if we are legally obliged to do so or where we need to comply with our contractual duties to you, for instance as mentioned, we may need to pass on certain information to GCVS. Special Category Information: the legal basis for this processing is ‘Legitimate Activity’ under article 9 (2) (d)
Your Rights?
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us. Under certain circumstances, by law you have the right to:
If you would like to exercise any of these rights, please get in contact verbally or in writing making this request clear. If you believe that the organisation has not complied with your data protection rights, you have the right to complain to the Information Commissioner.
Riverbank Surgery, Kilmun, Argyll, PA23 8SE.
01369 840 474
[email protected]
What is the GDPR?
The General Data Protection Regulation is a European-wide law that replaces the Data Protection Act 1998 in the UK. It places greater obligations on how organisations handle personal data. It came into effect on 25 May 2018. The Data Controller in this respect is Interloch Transport. This notice applies to members, current and former employees, workers and contractors & volunteers.
Data protection principles
We will comply with data protection law. This says that the personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely
- GDPR compliant
Why does the Organisation collect personal data?
Members: the organisation needs to keep and process information about you in order to provide a reliable safe service. The information we hold, and process will be used to provide this service only. We will keep and use it to enable us to provide our services and manage our relationship with you effectively, lawfully and appropriately while you use us or intend to in the future. If you do not provide this information, we may be unable in some circumstances to comply with our obligations (such as knowing where to pick you up or any transport needs) and we will tell you about the implications of that decision.
Employees: as an employer, the organisation needs to keep and process information about you for normal employment purposes. The information we hold, and process will be used for our management and administrative use only. We will keep and use it to enable us to run the business and manage our relationship with you effectively, lawfully and appropriately, during the recruitment process, whilst you are working for us, at the time when your employment ends and after you have left. This includes using information to enable us to comply with the employment contract, to comply with any legal requirements, pursue the legitimate interests of the Company and protect our legal position in the event of legal proceedings. If you do not provide this information, we may be unable in some circumstances to comply with our obligations (such as paying staff or health & safety compliance) and we will tell you about the implications of that decision.
What kind of information does the Organisation collect?
Members: the type of information we would hold includes your name, address, general contact details & next of kin or family member/power of attorney information. We hold Special Category data such as relevant health & mobility information, age, relevant disabilities & social worker/carer/doctor details. We also hold any relevant equipment needs such as wheelchairs and any payment preferences such as ‘by cash’. We request funder related feedback on a number of Scotland’s National Outcomes & general performance indicators. We request & hold general feedback information about the service and any future requirements.
Employees: the type of information we would hold includes your application form or CV, references, new employee start up details including bank & NI details, PVG certificates & references, contract of employment, performance information & any correspondence that we have with yourself involving, for example, payroll or any line management queries. We keep records of sick leave & holidays & of any disciplinary or grievance procedures that you have been involved with. We hold training & licence check information and general contact information including emails & addresses. You will, of course, inevitably be referred to in company documents emails and records that are produced by you and your colleagues in the course of carrying out your duties and the business of the organisation and we may also store ‘Special Category’ information about medical or health conditions, including whether or not you have a disability for which we need to make reasonable adjustments.
How is your personal information collected?
Members: the organisation collects this information in a variety of ways, for the most part through your initial registration phone call or visit. We may also collect and hold any relevant information given to us through family members, care professionals or our own staff while performing their duties or from yourself when contacting the office.
Employees: the organisation may collect this information in a variety of ways. For example, data might be collected through application forms, CVs; obtained from your passport or other identity documents such as your driving licence; from forms completed by you at the start of or during employment; from correspondence with you; or through interviews, meetings or other assessments. In some cases, the organisation may collect personal data about you from third parties, such as references supplied by former employers and information from employment background check providers. Data will be stored in a range of different places, including in your personnel file & database and in other IT systems (including the organisation’s email system)
What security is in place for your Data?
- Physical records are kept in locked filing cabinets within an overnight alarmed NHS building.
- Our payroll provider sends out payslips & payroll information through an encrypted email system
- Local anti-virus is operating on all organisational computers
- All organisational computers are password protected
- Sensitive documents are shredded
What is the legal basis for the Organisation collecting information?
Members: The legal basis of the processing is ‘Legitimate Interests’ under article 6 (1) (f) of the GDPR guidance. We do not transfer any personal date outside of the EEA (European Economic Area) .Other than as mentioned above, we will only disclose information about you to third parties if we are legally obliged to do so or where we need to comply with our duties of care to you. Special Category Information: the legal basis for this processing is ‘Legitimate Activity’ under article 9 (2) (d)
Employees: The legal basis of the processing is ‘Legitimate Interests’ under article 6 (1) (f) of the GDPR guidance. We share some elements of your information with our payroll provider GCVS but we do not transfer any personal date outside of the EEA (European Economic Area) .Other than as mentioned above, we will only disclose information about you to third parties if we are legally obliged to do so or where we need to comply with our contractual duties to you, for instance as mentioned, we may need to pass on certain information to GCVS. Special Category Information: the legal basis for this processing is ‘Legitimate Activity’ under article 9 (2) (d)
Your Rights?
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us. Under certain circumstances, by law you have the right to:
- be informed about the collection and use of your personal data
- access and obtain a copy of your data on request;
- require the organisation to change incorrect or incomplete data;
- require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing; and
- object to the processing of your data
If you would like to exercise any of these rights, please get in contact verbally or in writing making this request clear. If you believe that the organisation has not complied with your data protection rights, you have the right to complain to the Information Commissioner.