GET A FREE QUOTE
DALGAN WINDOWS LTD
The General Data Protection Regulation and the Data Protection Acts 1988 – 2018 apply to the processing of personal data. Dalgan Windows Ltd is committed to complying with its legal obligations in this regard.
Dalgan Windows Ltd collects and processes personal data relating to its employees, customers suppliers, contractors and others who may deal with the company in the course of its regular business. This personal data can be collected in a variety of circumstances; e.g. Recruitment, training, taking orders, payment, performance reviews, customer service, marketing, and to protect the legitimate interests of the organization
This policy covers any person about whom this organisation processes data. This may include current and former employees, current and former customers, current and former suppliers, current and former contractors and any other individuals who do, or have in the past, had dealings with the company.
Processing of data includes collecting, recording, storing, altering, disclosing, destroying and blocking.
Personal data kept by this organisation will normally be stored in the following manner:
Employees – on the employee’s personnel file or on the HR electronic data base
Contractors – on the HR electronic data base (if access agreed) and on the EFT system for processing payments
Suppliers – on the electronic EFT system for payments
Customers – on the electronic EFT system for orders and payments
Data for individuals who deal with the business but do not fall into these categories will have their data processed only for the purposes for which it was gathered
Highly sensitive data, such as medical information in relation to employees, will be stored in the appropriate place, usually the personnel file. The company will ensure that only authorised personnel will have access to personal data.
The organisation has appropriate security measures in place to protect against unauthorised access. These security measures include;
Password protected PCs
Restricted password protected access to all systems – Payroll systems, EFT systems and HR Management Systems. There are also levels of access to these systems (except payroll) to ensure that people can only see the information which they should see.
Physical files are kept in locked cabinets in locations that are alarmed at night
Collection and Storage of Data for Employees
Dalgan Windows Ltd processes certain data relevant to the nature of its employees to comply with relevant legal obligations, to perform the employment contract and, where necessary, to protect its legitimate business interests and the rights and entitlements of employees. We will ensure that personal data will be processed in accordance with the principles of data protection, as described in the GDPR and Data Protection Acts.
Personal data is normally obtained directly from the employee concerned. In certain circumstances however, it will be necessary to obtain data from third parties, e.g. references from pervious employers, tax information from the Revenue.
Personal data collected by the Company is used for ordinary HR management purposes. Where there is a need to collect data for another purpose, the organisation shall inform you of this. In cases where it is appropriate to get your consent to such processing, the organisation will do so.
Employees are responsible for ensuring that they inform the HR department of any changes in their personal details, e.g. change of address. Managers and supervisors must inform the HR department of any changes in employees’ personal details e.g. promotion, pay increases. We endeavour to ensure personal data held by the organisation is up to date and accurate.
Collection and Storage of Data for all other individuals
Dalgan Windows Ltd processes certain data relevant to the nature of the relationship with the individuals it deals with to comply with relevant legal obligations and to protect the legitimate business interests of Dalgan Windows Ltd. We will ensure that personal data will be processed in accordance with the principles of data protection as described in the GDPR and Data Protection Acts.
Personal Data is normally obtained directly from the individual concerned. Personal data collected by the Company is used for ordinary business reasons – maintaining accounts, placing orders, providing invoices, arranging payment, providing customer service, etc. It will be rare that data relating to customers, suppliers, contractors or other people who interact with Dalgan Windows Ltd will be collected via third party. In cases where it is necessary to get your consent to process your data, the organisation will do so.
Where data is held on an individual, that individual is responsible for informing Dalgan Windows Ltd should the information change. Dalgan Windows Ltd is committed to ensuring personal data held by the organisation is accurate and up to date.
Retention of Data
Dalgan Windows Ltd is under a legal obligation to keep certain data for a specified period of time. In addition, the organization will need to keep personal data for a period of time in order to protect its legitimate interests.
Security and Disclosure of Data
Dalgan Windows Ltd will take all reasonable steps to ensure that appropriate security measures are in place to protect the confidentiality of both electronic and manual data. Security measures will be reviewed from time to time, having regard to the technology available, the cost and the risk of unauthorized process. Employees must implement all organizational security policies and procedures, e.g. use of computer passwords, use of systems passwords, locking filing cabinets etc.
Personal data is stored in the relevant department. HR files are normally stored in the HR department, customer files in the Customer Service Department, Suppliers information in the purchasing department, and the finance department may store information relevant to all departments. Employees who have access to these files must ensure they treat them confidentially. Employees working in these departments, or working with any personal data, must treat all personal data they receive confidentially and must not disclose it, except in the course of their employment.
All employees will have access to a certain amount of personal data relating to colleagues, customers and other third parties. Employees must play their part in ensuring its confidentiality. All employees at Dalgan Windows Ltd therefore must adhere to the following data protection principles:
Process data fairly, lawfully and transparently
Keep data only for specified, explicit and legitimate purposes
Process data only in ways which are compatible with the purpose or purposes for which it was given
Ensure data is accurate and up to date
Ensure data is adequate, relevant and limited to what is necessary for the purpose for which it was given
Keep data safely and securely
Retain personal data for no longer than is necessary for the purpose for which it is processed, and in line with the company’s data retention policy
Employees must not disclose personal data, except where necessary in the course of their employment, or in accordance with the law. They must not remove or destroy personal data, except for lawful reasons and with the permission of the organization.
Any breach of the data protection principles is a serious matter and may lead to disciplinary action up to and including dismissal. If employees are in any doubt regarding their obligations they should contact the Finance Director and/or the HR Manager. These are the people within Dalgan Windows Ltd who have responsibility for Data Protection.
We recognize that data breaches may occur, in error, or by external malicious intent. It is of utmost importance that all data breaches are reported to the Finance Director or the HR Manager as soon as they are discovered. This will allow the company in turn to fulfil its statutory obligations and inform the data subjects and report the breach to the Data Protection Commissioner’s office if required.
Dalgan Windows Ltd does not carry out pre-employment medicals as part of the recruitment process. Medical Data is not held by the company.
Occasionally, it may be necessary to refer employees to their doctor for a medical opinion and all employees are required by their contract of employment to attend when requested. The organisation may receive certain medical information, which will be stored in a secure manner with the utmost regard for the confidentiality of the document. The organisation does not retain medical reports on job applicants who do not become employees for longer than is necessary and in line with our data retention policy.
Safeguards are applied to the processing of medical data of employees. These include:
Limitations on access to prevent unauthorised consultation, alteration, disclosure or erasure of personal data – it is all directed to the HR Manager only, or in the case of absence of the HR manger, to appropriate person for limited time periods
Strict time limits for erasure of personal data in line with our retention policy
A requirement that medical examinations are undertaken only by our designated medical practitioners
Employees are entitled to requires access to their medical reports. The reports the company receives may not contain all the information that the doctor received. Should an employee wish to access their medical reports, please contact the HR Department, which will consult with the doctor who examined you and request the data. The final decision lies with the doctor.
Employees are required to submit sick certificates in accordance with the sick pay policy. These will be stored by the organisation, having the utmost regard for their confidentiality.
Dalgan Windows Ltd will have no occasion for having any medical data on any customer or supplier. On rare occasions, medical information may be given to Dalgan Windows Ltd regarding a contractor if it is necessary to ensure health and safety obligations are upheld. While this would be extremely rare, this information would be afforded the same confidentiality we afford employees.
Dalgan Windows Ltd provides email facilities and access to the internet. In order to protect against the dangers associated with e-mail and internet use, screening is in place to monitor e-mail and web usage. Mailboxes are only opened:
Upon specific authorisation by a manager in cases where screening or a complaint indicates that a particular mailbox may contain material that is dangerous or offensive;
Where there is a legitimate work reason or in the legitimate interest of the organisation
Please refer to the email and internet usage policies for further details.
Dalgan Windows Ltd provides access to phone line, both on the Company’s internal network and by providing mobile phones to certain members of staff. Please bear in mind that this data is the property of the company and while there is no automated screening or recording of calls in place currently, the phone records may contain information, and this is the property of Dalgan Windows Ltd. Bear in mind also, that mobile phones may have internet and email access and that activities on this must comply with the email and internet usage policies of the Company.
Closed Circuit Monitoring
Dalgan Windows has currently no close circuit monitoring in place.
Responsible for GDPR Compliance
Dalgan Windows Ltd has assessed the needs of the organisation and a Data Protection Officer is not required in the organisation. In its place, the Company has designated Gerard Murphy as the responsible persons for ensuring the organisation is monitoring its data processing activities and remains in compliance with data protection legislation.
Gerard Murphy will also be responsible for answering any queries from employees, customers, suppliers, contractors or other individuals who have concerns about data protection. All queries relating to personal data can be directed to him or sent by email to email@example.com.
Individuals are entitled to request data held about them on a computer or in relevant filing sets. Dalgan Windows Ltd will, in most circumstances provide this data within one month. In some cases, due to the complexity of the request or the number of requests being handled by the organisation, the organisation may require a further two months to provide this data. There is no charge for requesting this data.
An individual should make a request in writing to the Finance Director or the HR Manager, who are responsible for data protection, stating the exact data required. Employees are only entitled to data about themselves and will not be provided with any data relating to other employees or any third parties. It may be possible to block out data relating to a third party or conceal his or her identity, and if this is possible the organisation may do so.
Data that is classified as the opinion of another person will be provided unless it was given on the understanding that it will be treated confidentially. Individuals, including employees, who express opinions about other employees in the course of their employment should bear in mind that their opinion may be disclosed in an access request – e.g. Performance appraisals.
In some circumstances where relevant exemptions apply, certain personal data may not be provided to an employee. An employee will be informed where personal data is not being disclosed on the basis of such an exemption.
An employee who is dissatisfied with the outcome of an access request has the option of using the organisations grievance procedure. They can also refer complaints to the Data Protection Commissioner. Other persons may inform the Finance Director and/or HR Manager in writing of their dissatisfaction to have their issue dealt with. These individuals can also refer complaints to the Data Protection Commissioner.
Right to Object
Individuals, including employees, have the right to object to data processing that is causing them distress, and/or to correct data that is inaccurate. Where such objection is justified, the organisation will cease processing the data unless it has a legitimate interest that prevents this. The organisation will make every effort to alleviate the distress caused to the individual.
An objection should be made in writing to the Finance Director and/or the HR Manager or by email to firstname.lastname@example.org outlining the data in question and the harm being caused to the employee.
All queries or issues relating to personal data should be directed to email@example.com
This policy will be reviewed from time to time to take into account changes in the law and the experience of the policy in practice.
Dalgan Windows and Doors were very professional and courteous.