
Secure Postal Solutions: HDPE Postal Pack Containers
In the fast-paced world of e-commerce and postal-order businesses, ensuring the safe and secure delivery of products is a top priority. Whether you’re sending out
Introduction
The General Data Protection Regulation (2016/679 EU) (GDPR) provides strict rules on what data can be held and how it should be gathered, processed, stored, deleted and rules regarding the free movement of personal data. Under the Regulation the Information Commissioner has powers to issue notices where data controllers and/or data processors have contravened any of the data protection principles. The main contraventions are likely to be unlawful reason for the collection of data, keeping data which is no longer required or where consent has been withdrawn/expired, unauthorised processing and/or disclosure of data. Failure to comply with such a notice is an offence under the legislation and could result in large fines.
In order to operate efficiently BLUESKY (UK) Ltd (the Company) needs to collect and process information about people, which may include past and present employees, past and present Directors, suppliers and clients.
The Company is committed to ensure that all personal data gathered is processed and managed in compliance with the General Data Protection Regulation. Every effort will be made to meet the obligations set out in legislation.
Scope
This policy applies to all employees, Directors, contractors and representatives working for or on behalf of the Company.
This policy applies to all personal data, including special categories and sensitive data, processed by the Company and applies to data both manually and electronically held. It also applies to personal data processed wholly or partially by automated means.
Images including CCTV footage, will also be covered by this policy.
Responsibilities
The Data Controller will have the overall responsibility to ensure compliance with GDPR. The Data Controller and the Data Processors will ensure the day-to-day activities of the Company comply with GDPR and are responsible for:
If any member of staff has any concerns regarding the policy, compliance with the regulations or suspects there has been a breach of the regulations they should report this to the Data Controller as soon as possible. The Data Controller will then complete their duties and record, report, deal and resolve the incident as necessary within the guidelines of GDPR. All breaches are required to be reported to the Supervisory Authority within 72 hours.
Definitions
Personal data
Information which relates to a living individual that is processed as data, which can be identified from the data. It also includes photographs, e-mail messages, IP addresses and data recorded by CCTV. It also covers data identified by reference numbers where a separate list can be used to match the reference numbers to named individuals.
Sensitive personal data
Personal data consisting of information as to (a) the racial or ethnic origin of the data subject, (b) their political opinions, (c) their religious beliefs, (d) whether they are a member of a Trade Union, (e) their physical or mental health, (f) their sexual life, (g) the commission or alleged commission by them of any offence and (h) any proceedings for any offence committed or alleged to have been committed by them.
Processing data
Collecting, processing, storing, disclosing, access, or deletion of data.
Data controller
The person or organisation that is responsible for the manner and purpose in which personal data is processed along with ensuring compliance of GDPR.
Data processor/user
Any person that processes or uses the personal data on behalf of the Data Controller. Note that this is any third party who processes/uses data on behalf of the Company.
Restriction of processing
The marking of stored personal data with the aim of limiting their processing in the future.
Profiling
Any form of automated processing of personal data to evaluate certain personal aspects. An example could be during the shortlisting of candidates if this is done automatically.
Pseudonymisation
The processing of personal data that cannot be identified as a single individual without additional information.
Filing system
Means both electronic and manual filing systems.
Consent
Freely given, informed and unambiguous indication of the data subject’s wishes by which they are providing their agreement for their personal data to be processed.
Data subject
Individual to whom the personal data relates.
Requirements
The GDPR stipulates that anyone processing personal data should comply to:
Gathering and Notification of Personal Data
Data subjects will be notified at the time of collection of:
Personal data will only be collected for lawful purposes and only processed in a manner and reason for which it was gathered.
Protection statements will be included on the forms used to collect personal data.
If personal data is received by a third party the data subject will be made aware of:
The Storage of Data
Personal data gathered will be stored in a safe and secure manner. The following measures have been put in place to assist with this:
Checking of Data
Personal data held will be periodically reviewed to ensure it is accurate and up to date. Employees will be provided with details of the contact details, next of kin and address details on an annual basis to enable them to check and amend as necessary.
Any data that should be removed after a length of time will be diarised and deleted accordingly. The removal of certain data may be restricted for example for historical records such as for HMRC or for other legal or legitimate reasons.
Any records that are inaccurate will be reported and rectified as soon as possible.
Disclosing Data
Personal data will only be disclosed to the authorised companies or individuals as notified at the time of gathering the data with the exception of the organisations which have a legal right to process the data without consent.
Personal data disclosure requests via telephone will be verified to ensure the person requesting are entitled to receive the data and further checks may be carried out such as contacting the Company direct to check, before the data is released.
Data Subject Access Requests
Data subjects have the right to request to see the personal data held concerning him or her. They should be provided with the following:
Employee Rights
Right to be forgotten
Employees have the right to request information is forgotten.
Right to be amended
Employees have the right to request information is amended.
Right to withdraw consent
Employees can withdraw consent to the processing of their data.
Right to data portability
Employees can use and obtain their own data for their own purpose.
Right to object
Right to object to automated decision made in decision-making, including profiling.
Right to object to the data being used for direct marketing purposes
Right to object to the personal data being processed, therefore cannot be processed further unless there is a legitimate reason for doing so.
Destroying Data
Data will be discarded if no longer required for the reason given at the time of collection or if the data is out of date. If there is no legal or business reason to keep the data it will be removed.
Breach of this Policy
Any members of staff who do not comply with this policy, along with the data protection regulations and legislation, may warrant disciplinary action which dependent upon the circumstances, could result in their dismissal.
Monitoring
The Data Controller will review this policy and update it as necessary, as a minimum annually.
In the fast-paced world of e-commerce and postal-order businesses, ensuring the safe and secure delivery of products is a top priority. Whether you’re sending out
For health care packaging, especially liquids and supplements, the choices made are more than just about aesthetics; they’re about safety, functionality, and consumer trust. Sirop
For brands navigating the competitive market landscape, the choice of packaging plays a pivotal role in product perception, user experience, and overall brand identity. PET
Horizon House
Estate Road Five
Grimsby
DN31 2TG