Data protection policy

Next review date: 01/04/2019

  1. Introduction
  2. Why is this policy important?
  3. Who and what does this policy apply to?
  4. Roles and responsibilities
  5. Data protection principles
  6. Direct marketing
  7. Cookies on the website

Introduction

In order to operate, Blue Level needs to gather, store and use certain forms of information about individuals.

These include employees, contractors, suppliers, business contacts, clients and other people that we have a relationship with or regularly need to contact.

This policy explains how this data is collected, stored and used in order to meet Blue Level’s data protection standards and comply with the law as set down by the GDPR.

Why is this policy important?

This policy ensures that Blue Level:

  • Protects the rights of our employees, contractors, suppliers, and clients
  • Complies with data protection law and follows good practice
  • Protects the company from the risks of a data breach

Who and what does this policy apply to?

This applies to all those handling data on behalf of Blue Level:

  • Employees
  • Contractors/3rd-party suppliers

It applies to all data that Blue Level holds relating to individuals, including:

  • Names
  • Email addresses
  • Postal addresses
  • Phone numbers
  • Any other personal information held (e.g. financial)

Roles and responsibilities

Everyone who has access to data as part of Blue Level has a responsibility to ensure that they adhere to this policy.

Data controller

The Data Controller for Blue Level is Tim Marcus. He is responsible for why data is collected and how it will be used. Any questions relating to the collection or use of data should be directed to the Data Controller. He can be contacted via enquiries@bluelevel.co.uk

Data protection principles

We fairly and lawfully process personal data. We will only collect data where lawful and where it is necessary for the legitimate purposes of the group.

  • A client’s name and contact details will be collected initially in order to conduct business with them. Other data may also subsequently be collected in relation to their ongoing business relationship including payment information.
  • The name and contact details of employees and contractors will be collected when they take up a position, and will be used to contact them regarding group administration related to their role. Further information, including personal financial information and criminal records information may also be collected in specific circumstances where lawful and necessary e.g in order to process payment to the person.
  • An individual’s name and contact details will be collected when they complete a form on our website. This will be used to contact them about their enquiry.
  • An individual’s name, contact details and other details may be collected at any time, with their consent, in order for Blue Level to communicate with them about business activities, and/or for Direct Marketing. See ‘Direct Marketing’ below.

We only collect and use personal data for specified and lawful purposes

When collecting data, Blue Level will always explain to the subject why the data is required and what it will be used for, e.g.

“Please enter your email address in the form below. We need this so that we can send you email updates.”

We will never use data for any purpose other than that stated or that can be considered reasonably to be related to it. For example, we will never pass on personal data to third parties without the explicit consent of the subject.

We ensure any data collected is relevant and not excessive

Blue Level will not collect or store more data than the minimum information required for its intended purpose.

E.g. we need to collect email addresses from clients in order to be able to contact them, but data on their marital status or sexuality will not be collected, since it is unnecessary and excessive for the purposes of company administration.

We ensure data is accurate and up-to-date

Blue Level will ask staff and contractors to check and update their data on an annual basis.

Any individual will be able to update their data at any point by contacting the Data Controller.

We ensure data is not kept longer than necessary

Blue Level will keep data on individuals for no longer than 12 months after our involvement with the individual has stopped, unless there is a legal requirement to keep records.

We process data in accordance with individuals’ rights

The following requests can be made in writing to the Data Controller:

  • Clients, staff and contractors can request to see any data stored about them. Any such request will be actioned within 14 days of the request being made.
  • Clients, staff and contractors can request that any inaccurate data held on them is updated. Any such request will be actioned within 30 days of the request being received.
  • Clients can request to stop receiving any marketing communications. Any such request will be actioned within 14 days of the request being made.
  • Clients can object to any storage or use of their data that might cause them substantial distress of damage or any automated decisions made based on their data. Any such objection will be considered by the company management, and a decision communicated within 60 days of the request being made.

We keep personal data secure

Blue Level will ensure that data held by us is kept secure:

  • Electronically-held data will be held within a password-protected and secure environment
  • Passwords for electronic data files will be reset each time an individual with data access leaves their role/position
  • Physically-held data will be stored securely
  • Access to data will only be given to relevant employees/contractors where it is clearly necessary for the running of the group. The Data Controller will decide in what situations this is applicable and will keep a master list of who has access to data
  • Blue Level will not transfer data to countries outside the European Economic Area (EEA), unless the country has adequate protection for the individual (e.g. USA)

Direct marketing

Blue Level may collect data from consenting individuals for marketing purposes. This includes contacting them to update them about news and activities.

When data is collected for this purpose, we will provide:

  • A clear and specific explanation of what the data will be used for (e.g. ‘From time to time we would like to contact you with details of other services we provide’)
  • A method for users to show their active consent to receive these communications (e.g. a ‘tick box’)

Data collected will only ever be used in the way described and consented to (e.g. we will not use email data in order to market 3rd-party products unless this has been explicitly consented to).

Every marketing communication will contain a method through which a recipient can withdraw their consent (e.g. an ‘unsubscribe’ link in an email). Opt-out requests such as this will be processed within 14 days.

Cookies on the website

Cookies are small text files that are placed on your computer by websites that you visit. These pieces of information are used to make the website work or improve services for you through, for example

  • enabling a service to recognise your device so you don't have to give the same information several times during one task
  • recognising that you may already have given a username and password so you don't need to do it for every web page requested
  • measuring how many people are using services, so they can be made easier to use and there's enough capacity to ensure they are fast

We sometimes embed photos and video content from websites such as YouTube and Flickr. As a result, when you visit a page with content embedded from, for example, YouTube or Flickr, you may be presented with cookies from these websites. We do not control the dissemination of these cookies. You should check the relevant third party website for more information about these.

Can I control or delete cookies?

All recent versions of popular browsers (such as Internet Explorer, Google Chrome or Mozilla Firefox) allow you to control cookies. Typically, you can set your browser to accept or reject all, or certain cookies. You might, for example, be happy to accept a cookie that allows you to log in to a website, but prefer to reject any which are used to build a profile of your internet usage. You should also be able to set your browser to prompt you each time a cookie is offered.

Please be aware that restricting cookies may impact on the functionality of this website.

For more detailed instructions on how to control or delete cookies on different browsers, please visit www.aboutcookies.org

Third party cookies

We use several suppliers who also set cookies on our website in order to deliver the services they are providing. If you would like more information about the cookies used by these suppliers, as well as information on how to opt-out, please see their individual privacy policies listed below.

Google Analytics

This is a web analytics service provided by Google. We use this service to measure how many people are using services, so they can be made easier to use and there's enough capacity to ensure they are fast.

Google's Privacy Policy

How to opt out of Google Analytics