Purpose 

Supply Chain In-Sites (SCI) takes data protection extremely seriously. We understand  that we handle confidential information, it is therefore important we have policies in  place to control all aspects. This policy sets out our approach. 

We collect process and store personal data both on behalf of our colleagues and our  customers. For colleagues we naturally must store a certain amount of their data and  information. For our customers we collect and store data from visits to their facilities and  from information they provide to us about their colleagues. 

Our goal is always to collect the absolute minimum of information. Even where we do  collect information, we will store this as securely and carefully as possible. 

Our data protection officer is our Chief Executive Officer he has extensive experience as  a compliance officer and has been accountable for data protection in major  organisations. 

How we collect data 

We collect data in many ways including, during assessment and other work we conduct,  through documentation and information submitted, and via electronic means (email,  website, portals and platforms) and verbally.  

SCI commits to avoiding collecting only any personal data relating to colleagues and  customers that is necessary to complete our work. The systems we use reduce the risk  of data being handled incorrectly. We will also ensure that all colleagues have security  controls installed on all equipment that they use. All phones and laptops will be secured  by access passwords that meet the requirements of the manufacturers.  

The personal data we collect 

Colleagues (employed or contracted): names; telephone numbers; personal e-mail  addresses, home addresses, details of next of kin, national insurance numbers,  qualifications and certificates, details of bank information to process wages/  invoices. All of our colleague information is provided by the colleagues  themselves. 

Most colleague information is collated as part of the recruitment process. We  may use information held about you in the following ways: 

∙ To consider your application in respect of a role for which you have applied. ∙ To consider your application in respect of other roles. 

∙ To communicate with you in respect of the recruitment process. 

∙ To enhance any information that we receive from you with information  obtained from third party data providers. 

∙ To find appropriate candidates to fill our job openings. 

Customers: names, telephone numbers, addresses, e-mail addresses, bank  account details, employee names and job titles, Customer information is all  provided by the customers themselves. 

How we use data 

The data that we collect is the minimum that we need to operate our business. In  relation to colleagues and subcontractors we must collect data so that we can ensure  that individuals have the legal right to work in the UK and have the necessary  qualifications to support the experience they need to carry out work for us. 

In relation to customers, we have to collect data in order to ensure that our customers  are who they say they are. We also have to collect data to ensure that we are paid for the  work that we do. 

In relation to both colleagues, contractors and customers we highlight how we use data  in our agreements.  

How we disclose data 

Our colleague and contractor data will only be disclosed in specific circumstances and  only when we have the consent of individuals. The only exception to this would be if we  are compelled by statutory bodies. 

We will also be clear for our customers if we must share their data with any 3rd parties.  There are legitimate reasons why this may need to be done. For example, if we audit a  facility on behalf of a scheme, it is normal for schemes to ask for details of the facilities.  Clearly this may include names, addresses and contact information.  

How we store data 

We will only store data secure IT systems. We have also highlighted above the controls  that are in place in these systems. All colleagues (employed or contracted are provides  with a copy of this are part of our induction pack to ensure they are aware of controls  and their responsibilities. 

We take appropriate measures to ensure that all personal data is kept secure including  security measures to prevent personal data from being accidentally lost or used or  accessed in an unauthorised way. We limit access to your personal data to those who  have genuine business need to know it. Those processing your information will do so  only in an authorised manner and are subject to a duty of confidentiality. 

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where  we are legally required to do so. 

Unfortunately, the transmission of information via the internet is not completely secure.  Although we will do our best to protect your personal data, we cannot guarantee the  security of your data transmitted through any online means, therefore any transmission  remains at your own risk. 

Although the United Kingdom has now left the European Union we can confirm that we  will not transfer any data outside of the EU. 

The data subject’s rights. 

Under the General Data Protection Regulations, you have several important rights free  of any charge. In summary, those include rights to: 

∙ Access to your personal data and to certain other supplementary information that this Privacy Notice is already designed to address. 

∙ Require us to correct any mistakes in your information which we hold. ∙ Require the erasure of personal data concerning you in certain situations. 

∙ Receive the personal data concerning you which you have provided to Us, in a  structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations. 

∙ Object at any time to processing of personal data concerning you for direct  marketing. 

∙ Object to decisions being taken by automated means which produce legal effects  concerning you or similarly significantly affect you. 

∙ Object in certain other situations to our continued processing of your personal data.

∙ Otherwise restrict our processing of your personal data in certain circumstances.

∙ Claim compensation for damages caused by our breach of any data protection laws. 

For further information on each of those rights, including the circumstances in which  they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on  individuals’ rights under the UK GDPR. 

SCI will comply with all the GDPR rights that are granted to individuals. We cover all of our customer’s data rights in our contract with them. How to complain 

In the first instance all complaints should be directed to the Data Protection Officer using email address info@scinsites.com 

Changes of privacy policy 

SCI reserves the right to amend this policy. However if we do we will highlight changes  to all affected at the earliest possible opportunity. 

Contact 

You can contact our Data Protection Officer at any time via e-mail info@scinsites.com