Data Protection
Policy
The aim of this policy is to set out how we collect, manage and store your personal data, in line with GDPR Regulations. We are also ICO registered.
How we manage your data
We need to keep, use and process information about the clients, the suppliers and for employment purposes.
This enables us to run the business and manage our relationship with you effectively, lawfully and appropriately and protect our legal position in the event of legal proceedings. We may sometimes need to process your data to pursue our legitimate business interests, for example to prevent fraud, administrative purposes or reporting potential crimes.
For clients, we keep names, phone, address and email address for 6 years after the project completion for record purposes in case archived information is required.
For suppliers, we keep names, phone, address and email address with the consent from them.
Details will be deleted within 24 hrs when requested.
For employment, we keep names, phone, address and email address and personal data required for payroll. We keep it for 6 years as a record. Details will be deleted within 24 hrs when requested.
What information we hold
We collect and keep data during the recruitment process, whilst you are working at the Company, and for a period of four years after you have left.
Most of the information we hold will have been provided by you, but some may come from external sources, such as referees.
The sort of information we hold includes your CV, passport, new joiner forms and references, legal documents and any amendments to it; correspondence with or about you; information needed for payroll; contact and emergency contact details; records of holiday, sickness and other absence; information needed for equal opportunities monitoring policy; and records relating to your career history, such as training records, appraisals, other performance measures and, where appropriate, disciplinary and grievance records.
Where necessary, we may keep information relating to your health, which could include reasons for absence and GP reports. This information will be used to comply with our health and safety and occupational health obligations – to consider how your health affects your ability to do your job and whether any adjustments to your job might be appropriate.
If you do not provide this data, we may be unable in some circumstances to comply with our obligations and we will tell you about the implications of that decision.
Who will have access to your data
The information we hold and process will be used for management and administrative use only. This may be shared with third parties if there is a legal requirement to do so, for example HMRC. Your personal data may also be shared with external consultants for advice, such as HR, Health and Safety, payroll, accountant etc.
The data is maintained by the company owner, Christin Hsieh.
How to request access to your data
Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA) you have a few rights with regards to your personal data.
● You have the right to request from us access to and rectification or erasure of your personal data, and you can request to restrict us processing or holding data, (in certain circumstances).
● If you have provided consent for the processing of your data, you have the right (in certain circumstances) to withdraw that consent at any time.
Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA) you have a few rights with regards to your personal data.
You have the right to lodge a grievance if you believe that we have not complied with the requirements of the GDPR or DPA with regards to protecting your personal data.
IT Data Security
All our data are saved on the Google Workspace that has Google’s security system. In addition, this, all laptops, phones are secured with Last Pass password management to ensure security. All devices are all up to date with the fire walls system with Windows and Lenovo and latest Android protection. We also have cyber security insurance in place.
