Data Protection policy

1. Policy Statement

This policy has been developed to ensure that JP Banking Solutions collects and processes all personal data fairly and lawfully and that there is full compliance with the provisions of the Data Protection act 1998

2. Definitions

Data Controller - The employer or agency

Data Subject - An employee, temporary worker or applicant

Personal Data - Information from which a living person can be identified. Examples are:
• Personal details (e.g. address, telephone number, salary)
• The expression of an opinion about an individual
• An intention in respect of an individual
• Performance appraisals/assessments
• File notes relating to intended disciplinary proceedings, transfer or promotion prospects

Sensitive Personal Data - Information of a more sensitive nature. Examples are:
• ethnic or racial origin
• political opinion
• trade union membership
• physical or mental health
• sexual life

3. Applying The Policy

The Company has an obligation to ensure that data is appropriately obtained, held, used and disclosed and that the eight data protection principles are adhered to. The principles are:

1. Data must be processed fairly and lawfully
JP Banking Solutions ensures that the data processing is either necessary for a justifiable reason (e.g. keeping personnel records) or you will be asked to give your consent to the processing

2. Personal data must be obtained for a lawful purpose

3. Personal data must be adequate, relevant and not excessive

JP Banking Solutions collects data only for the following purposes

• For compliance with employment law and administration of an individual contract
• To establish training and/or development requirements
• To assess an individual’s qualifications for a particular job
• To gather facts in relation to the disciplinary procedure
• For remuneration policy and payroll administration
• To allow membership of the pension scheme and private healthcare plans and their effective administration by the providers
• To establish a contact point in the case of emergency
• In connection with any legal proceedings
• For equal opportunities monitoring

4. Personal data must be accurate and up to date

JP Banking Solutions carries out a data validation exercise at least one a year. You will be asked to confirm that data, which we hold on you, is correct and current or to update it.

5. Personal data must not be kept any longer than is necessary

JP Banking Solutions regularly reviews the data held to determine what records can reasonably be discarded. You are responsible for reviewing the data held on your temporary workers and applicants for the same purpose

6. Data must be processed in accordance with data subject’s rights

JP Banking Solutions informs individuals of their rights to gain access to their data and the process they should follow (see Individuals Rights)

7. Appropriate measures must be taken to protect against unauthorised or unlawful processing, accidental loss or damage of personal data

JP Banking Solutions provides for the security of its systems via approved individual authorised user access and routine backing up of data. You are responsible for ensuring that you follow the guidelines for preventing others from using your system or for accidentally viewing the information held on others without authority

8. Personal data must not be transferred to a country outside the EEC unless that country ensures an adequate level of protection

JP Banking Solutions retains all data within the UK

4. Individual's Rights

All data subjects have the right to the following:

• To gain access to their personal data
• To challenge any misuse or abuse of the information
• To have incorrect information corrected or removed
• To seek redress if they suffer damage or distress as a result of any breach of the law

5. Requesting Access to data

This is known as a ‘subject access order’. If an individual has a reason to want to see the data that the company holds on them, they must put their request in writing to the Lola Puddephatt. The company has the right to ask for a payment of £10. The individual will be provided with the information, in an understandable form, within 40 days of the receipt of the written request and the £10 fee.

6. Employee Responsibilities

You are responsible for ensuring that the principles of the Data Protection Policy are upheld. As individuals you are responsible for the security of the data that we hold on others. At all times you must:

• Not take home computer printouts or other documents which contain personal details of staff, agents, temporary workers, applicants or customers
• Ensure that your system, computer generated information and floppy disks are secure when the office is unattended
• Not allow unauthorised persons to access such information
• Not place terminals so that the screens are visible to unauthorised persons
• Not disclose an individual’s personal data to a third party without their express permission.
• Not pass on a reference to a customer which has been provided to JP Banking Solutions without gaining the explicit consent of the subject
• Not pass on information to a customer relating to an individual’s criminal record without gaining the explicit consent of the subject

If you are asked to provide, to an applicant or temporary worker, a copy of the information that we hold on them, you should follow the guidelines described under Requesting Access to Data

8. Legal Issues

The 1998 Act repealed the DPA 1984. The 1998 Act strengthens and adds to the provisions of the 1984 act. There are penalties for failure to comply that may result in criminal as well as civil liability.

Complaints relating to breaches of the Data Protection Act may be made to The Data Protection Commissioner

Download our Data Protection Policy as a PDF File