4.13 Data Protection Policy The Data Protection Acts 1988-2018 (as amended) and the General Data Protection Regulation 2016/679 (GDPR) apply to the processing of personal employee data, both current and former and potential employees. Glasslyn Vets is committed to complying with its legal obligations in this regard. The Practice collects and processes personal data relating to its employees in the course of business in a variety of circumstances, e.g., recruitment, training, payment, performance reviews, and to protect the legitimate interests of the organisation. Processing of data includes: collecting; recording; storing; altering; disclosing; destroying; and blocking. The Practice will hold computer records and personnel files relating to you. These will include your employer references, bank details, holiday and sickness records, remuneration details, address, date of birth, marital status, educational or previous employment background, history and details of current position, CV’s, applications and interview records, references, performance rating or reviews, records of internet or email usage, CCTV images, records of disciplinary investigations/meetings or grievances, stock option, pension and other insurance documentation, payroll details and other data (which may, where necessary, include sensitive data relating to your health). The Practice requires such personal data for personnel, administration and management purposes and to comply with its obligations regarding the keeping of employee/worker records. The data will not be used for any other purpose. Your right of access to this data is as prescribed under the Data Protection Acts 1988-2018 (as amended) and the GDPR. The Practice will ensure that only authorised personnel have access to an employee’s personnel file. It may be necessary to store certain other personal data outside the personnel file or database e.g., salary details will be stored and administered separately for payroll. Your manager may have access to certain personal data where necessary. The Practice has appropriate security measures in place to protect against unauthorised access. Collection and storage of data This Practice processes certain data relevant to the nature of the employment regarding its employees and, where necessary, to protect its legitimate business interests. The Practice will ensure that personal data will be processed in accordance with the principles of data protection, as described in the Data Protection Acts 19882018 and the GDPR. Personal data is normally obtained directly from the employee concerned. In certain circumstances, it will, however, be necessary to obtain data from third parties, e.g., references from previous employers. Where there is a need to collect data for another purpose, the organisation shall inform you of this. In cases where it is appropriate to get your consent to such processing, the organisation will do so. You are responsible for ensuring that the Employer is informed of any changes in your personal details, e.g., change of address. Glasslyn Vets will endeavour to ensure personal data held by the organisation is up to date and accurate. The Practice will take every reasonable step to ensure that inaccurate data is deleted or amended. The Practice is under legal obligation to keep certain data for a specified period of time. Where personal data is no longer needed for the purpose for which it was collected, the Practice will delete it, unless required to keep it for a period of time in order to protect its’ legitimate interests.
GLASSLYN VETS EMPLOYEE HANDBOOK Private & Confidential
31
