BHL
Home
Privacy Policy
About Us
Contact Us
BHL
Home
Privacy Policy
About Us
Contact Us
More
  • Home
  • Privacy Policy
  • About Us
  • Contact Us
  • Home
  • Privacy Policy
  • About Us
  • Contact Us

Privacy Policy

  

The General Data Protection Regulations (GDPR) come into force on 25th May 2018 superseding the UK’s Data Protection Act 1998. The UK is currently passing its own Data Protection Bill through Parliament which will go over and above the GDPR requirements. 


It is a legal requirement for BHL to comply with the GDPR. It is also BHL’s policy to ensure any BHL is registered with the Information Commissioners Office (ICO) to process information, details of which are under BHL.


BHL needs to keep certain information about its customers, and suppliers for financial and commercial reasons and to enable us to monitor performance, to ensure legal compliance and for health and safety purposes. 


This policy sets out how we seek to protect personal data and ensure that staff understand the rules governing their use of personal data to which they have access in the course of their work. 


Training

Staff of the BHL have been trained to comply with Data Protection and relevant legislation surrounding it so they know what is expected of them. Training must be applicable to the roles and responsibilities the individual holds and training records will be kept. 


Sensitive Personal Data

In most cases where BHL processes sensitive personal data, we will require the data subject's explicit consent to do this, unless exceptional circumstances apply or we are required to do this by law (e.g. to comply with legal obligations to ensure health and safety at work). Any such consent will need to clearly identify what the relevant data is, why it is being processed and to whom it will be disclosed. 


Accuracy and Relevance

BHL will ensure that any personal data they process is done lawfully, fairly and transparently. The data collected on a subject should be adequate, relevant and limited to what is necessary in relation to the purposes for which it is being collected. 

Personal data shall be accurate, where necessary kept up to date, and kept only for the period of time required to complete the processing task for which it is obtained. 


Individuals may ask that BHL correct inaccurate personal data relating to them. If you believe that information held is inaccurate you should record the fact that the accuracy of the information is disputed and inform the Data Protection Officer in writing. 


Access to Personal Data

Access to all personal data is restricted to limited staff. Employment checks are carried out on personnel as applicable to their role and/or the service they are delivering. Employees will obtain Disclosure Barring Service checks and complete relevant security clearances as required. 


Right to be forgotten

A data subject may request that any information held on them is deleted or removed, and any third parties who process or use that data must also comply with the request. An erasure request can only be refused if an exemption applies. 


Data Audit and Register

Regular data audits to manage and mitigate risks will inform the Company’s data register. This contains information on what data is held, where it is stored, how it is used, who is responsible and any further regulations or retention timescales that may be relevant. 


Information Technology Security

Personal data stored electronically will be protected by the Company’s security policies and processes. Access to all systems are restricted to limited employees as required for the application of their job role. 

 

Reporting Breaches

All members of staff have an obligation to report actual or potential data protection compliance failures. This allows us to: 

• Investigate the failure and take remedial steps if necessary 

• Maintain a register of compliance failures 

• Notify the ICO of any compliance failures that are material either in their own right or as part of a pattern of failures 

Any breach of the Data Protection Policy, either deliberate or through negligence, may lead to disciplinary action being taken and could in some cases result in a criminal prosecution. 


Third Party Access to BHL ICT Systems

With the exception of our primary IT support partner access to the Company systems is restricted and can only be accessed as agreed with the System Administrator. All third-party providers are bound by confidentiality and security clauses within the service level agreements agreed. 

 

Subject Access Requests

You are entitled to know what personal information BHL holds about you, why it is being held and who the Company discloses your information to. All Subject Access Requests must be referred to the Sophie Francis in the first instance.

All Subject Access Requests will be dealt with in accordance with the current ICO Code of Practice on Subject Access. 


Storage of Data

Hard copy personal data, whether related to our employees; suppliers or customers is held in secure cabinets with access restricted to limited staff. This personal data is not routinely carried in transit however where it is required to be transported it will be held in secure containers. 


Electronic personal information held locally will be held with restricted access to limited staff. This will be password controlled via the Network Login. This personal data is not routinely carried in transit however where it is required to be transported it will be held on encrypted USB drives. 


Obsolete and unused IT equipment is stored in a secure cabinet with access restricted to limited personnel. 


Retention of Records and Data

For some records and data there are statutory retention periods with statutory authorities. For other records there are no statutory retention periods however there are either recommended retention periods or retention periods required by third party organisations. 

The Company will retain records in accordance with the relevant authorities’ recommendations and guidelines. 


Disposal of Data

Electronic data is removed from our systems either through deletion or if required, archiving. All archived records are secured stored with limited access. 


Marketing

Clients may be contacted for marketing purposes. Marketing emails will be sent to contacts that we have an existing relationship with and to inform recipients of promotions, products and services that are most likely to interest them. 


Managers will check our compliance with legal obligations such as copyright or licensing requirements when downloading or copying information, and when publishing documents. 


Howard Button 

BHL Owner  

March 2024 

Copyright © 2024 BHL  - All Rights Reserved.

Powered by GoDaddy

  • Privacy Policy

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept