GDPR (GENERAL DATA PROTECTION REGULATION) POLICY
The Data Protection Act 1998 protects employees against the misuse of personal data and
may cover both manual and electronic records. As of 25th May 2018, new legislation across
the EU has given greater emphasis on the rights of individuals to have transparency of what
and how personal information is held, the reasons why, together with a consensual
knowledge of how that information is shared with other organisations. This is called the
General Data Protection Regulation.
All personal information held on computer records fall within the Data Protection Act.
Certain manual files may also fall within the Act, depending on the ease of access to data
within the file. However, for consistency and good practice, KeyMT Installation Ltd will
adopt the same approach for all data held whether manual or electronic.
The Act requires that any personal data held should be:
• processed fairly and lawfully;
• obtained and processed only for specified and lawful purposes;
• adequate, relevant and not excessive;
• accurate and kept up to date;
• held securely and for no longer than is necessary; and
• not transferred to a country outside the European Economic Area unless there is an
adequate level of data protection in that country.
The Act also gives employees certain rights. For employment purposes, the most important
right is the right to access the personal data held about the employee.
The purpose for which KeyMT Installation Ltd hold personal information are as follows:
Personal data relating to employees may be collected primarily for the purposes of:
• recruitment, promotion, training, redeployment and/or care development;
• administration and payment of wages;
• calculation of certain benefits including pensions;
• disciplinary of performance management purposes;
• performance review;
• recording of communication with employees and their representatives;
• compliance with legislation;
• provision of personal information and references to 3rd party organisations for the
undertaking of security pass applications, enabling relevant staff to work within the
confines of Gatwick, Stansted and Manchester Airport or any subsidiary of the said
KeyMT Installation Ltd considers that the following personal data falls within the categories
set out above:
• personal details including name, address, age, status and qualifications. Where
specific monitoring systems are in place, ethnic origin and nationality will also be
deemed as relevant;
• references and CVs;
• emergency contact details;
• notes on discussions between management and the employee;
• appraisals and documents relating to grievance, discipline, promotion, demotion or
termination of employment;
• training records;
• salary, benefits and bank/building society details; and
• absence and sickness information.
Employees or potential employees will be advised by KeyMT Installation Ltd of the personal
data which has been obtained or retained, its source, and the purposes for which the
personal data may be used or to whom it will be disclosed.
Sensitive Personal Data
Sensitive personal data includes information relating to the following matters:
• the employee’s racial or ethnic origin;
• his or her political opinions;
• his or her religious or similar beliefs;
• his or her trade union membership;
• his or her physical or mental health or condition;
• his or her sexuality;
• the commission or alleged commission of any offence by the employee.
To hold sensitive personal data, KeyMT Installation Ltd must additionally satisfy a sensitive
data condition. The most appropriate condition for employment purposes is that the
processing is necessary to enable the Company to meet its legal obligations (for example, to
ensure health and safety or to avoid unlawful discrimination).
Responsibility for the Processing of Personal Data
Further employees/directors, who have access to personal data for reasons relevant to their
position ie responsibility for pass applications, responsibility for payroll functions,
responsibility for recruitment, must comply with this policy and adhere to the procedures
laid down by the Data Controller. Failure to comply with the policy and procedures may
result in disciplinary action up to and including summary dismissal.
Use of Personal Data
To ensure compliance with the General Data Protection Regulation 2018 and the Data
Protection Act 1998 and in the interests of privacy, employee confidence and good
employee relations, the disclosure and use of information held by the Company is governed
by the following conditions:
• personal data must only be used for one or more of the purposes specified in this
• Company documents may only be used in accordance with the statement within
each document stating its intended use; and
• provided that the identification of individual employees is not disclosed, aggregate
or statistical information may be used to respond to an legitimate internal or
external request for data (eg surveys, staffing level figures); and
• personal data must not be disclosed, either within or outside the Company, to any
Third Party Data Sharing
All our third-party service providers are required to take appropriate security measures to
protect your personal information in line with our policies. We do not allow our third-party
service providers to use your personal data for their own purposes. We only permit them to
process your personal data for security purposes.
Personal Data Held for Equal Opportunities Monitoring Purposes
Where personal data obtained about candidates is to be held for the purpose of equal
opportunities monitoring, all such data must be made anonymous.
Disclosure of Personal Data
Personal data may only be disclosed outside the jurisdiction of KeyMT Installation Ltd with
the employee’s written consent, where disclosure is required by law or where there is
immediate danger to the employee’s health.
Accuracy of Personal Data
KeyMT Installation Ltd will review personal data regularly to ensure that it is accurate,
relevant and up to date. To ensure that this is the case, it is the responsibility of the
employee to notify the Data Controller as soon as possible of any change in their personal
details (eg change of name, telephone number, loss of driving licence where relevant, next
of kin details etc).
Standard printouts of personal records will be issued to all employees on an annual basis for
the purposes of ensuring the data is up to date and accurate. Employees will be entitled to
amend any incorrect details and these corrections will be made to all files held on KeyMT
Installation Ltd’s information systems. In some cases, documentary evidence eg qualification
certificates, will be requested before any changes are made.
Access to Personal Data (“Subject Access Requests”)
Employees have the right to access personal data held about them. If there is a requirement
of any employee to see personal records either paper documentation or electronic files, or
both, please request in writing through the Data Controller who will arrange for the
employee to see or hear all personal data held about them within 15 days of receipt of a
Making a Complaint
If you wish to make a complaint about how your personal data has been held, you can
contact the Information Commissioner’s Office (ICO) directly:
Information Commissioner’s Office
Telephone: 0303 123 1113
Textphone: 01625 545860
The ICO can investigate your claim and act against anyone who has misused personal data.
You can also visit their website for information on https://ico.org.uk/make-a-complaint