8 minute read
4.13 Data Protection Policy
The Data Protection Acts 1988-2018 (as amended) and the General Data Protection Regulation 2016/679 (GDPR) apply to the processing of personal employee data, both current and former and potential employees. Glasslyn Vets is committed to complying with its legal obligations in this regard. The Practice collects and processes personal data relating to its employees in the course of business in a variety of circumstances, e.g., recruitment, training, payment, performance reviews, and to protect the legitimate interests of the organisation. Processing of data includes: collecting; recording; storing; altering; disclosing; destroying; and blocking. The Practice will hold computer records and personnel files relating to you. These will include your employer references, bank details, holiday and sickness records, remuneration details, address, date of birth, marital status, educational or previous employment background, history and details of current position, CV’s, applications and interview records, references, performance rating or reviews, records of internet or email usage, CCTV images, records of disciplinary investigations/meetings or grievances, stock option, pension and other insurance documentation, payroll details and other data (which may, where necessary, include sensitive data relating to your health). The Practice requires such personal data for personnel, administration and management purposes and to comply with its obligations regarding the keeping of employee/worker records. The data will not be used for any other purpose. Your right of access to this data is as prescribed under the Data Protection Acts 1988-2018 (as amended) and the GDPR. The Practice will ensure that only authorised personnel have access to an employee’s personnel file. It may be necessary to store certain other personal data outside the personnel file or database e.g., salary details will be stored and administered separately for payroll. Your manager may have access to certain personal data where necessary. The Practice has appropriate security measures in place to protect against unauthorised access. Collection and storage of data This Practice processes certain data relevant to the nature of the employment regarding its employees and, where necessary, to protect its legitimate business interests. The Practice will ensure that personal data will be processed in accordance with the principles of data protection, as described in the Data Protection Acts 19882018 and the GDPR. Personal data is normally obtained directly from the employee concerned. In certain circumstances, it will, however, be necessary to obtain data from third parties, e.g., references from previous employers. Where there is a need to collect data for another purpose, the organisation shall inform you of this. In cases where it is appropriate to get your consent to such processing, the organisation will do so. You are responsible for ensuring that the Employer is informed of any changes in your personal details, e.g., change of address. Glasslyn Vets will endeavour to ensure personal data held by the organisation is up to date and accurate. The Practice will take every reasonable step to ensure that inaccurate data is deleted or amended. The Practice is under legal obligation to keep certain data for a specified period of time. Where personal data is no longer needed for the purpose for which it was collected, the Practice will delete it, unless required to keep it for a period of time in order to protect its’ legitimate interests.
Security and disclosure of data Glasslyn Vets will comply with its legislative obligations in terms of security of employee personal data and will take all reasonable steps to ensure that appropriate security measures are in place to protect the confidentiality of both electronic and manual data. Security measures will be reviewed from time to time, having regard to the technology available, the cost and the risk of unauthorised access. Employees with designated access to employee personal data must implement all organisational security policies and procedures, e.g., use of computer passwords, locking filing cabinets. HR data will only be processed for employment-related purposes and, in general, will not be disclosed to third parties, except where required or authorised by law or with the agreement of the employee. Personnel files will be stored securely and employees who have access to these files must ensure that they treat them confidentially. Employees working with payroll data must treat all personal data they receive confidentially and must not disclose it, except in the course of their employment. Security and disclosure of third party data You will have access to a certain amount of personal data relating to colleagues, customers and other third parties. You must ensure the confidentiality of such data and must adhere to the data protection principles, by not disclosing such data, except where necessary in the course of your employment, or in accordance with law. You must not remove or destroy personal data except for lawful reasons. Any breach of the data protection policy is a serious matter and may lead to disciplinary action up to and including dismissal. If you have any doubt regarding your obligations, you should speak with your manager. Sharing Employee Data with Third Parties The Employer to Glasslyn Vets may process data relating to you for personnel, administration and management purposes (including, where necessary, sensitive data relating to your health) and may, when necessary for these purposes, make such data available to its advisers, to parties providing products and/or services to the Employer to Glasslyn Vets (including, without limitation IT systems suppliers, pension, benefits and payroll administrators), to regulatory authorities (including the Revenue Commissioners), to any potential purchasers of the Employer or its business (on a confidential basis) and as required by law. Medical data
Advertisement
Glasslyn Vets carries out pre-employment medicals as part of the recruitment process. This data will be retained by the Practice. Occasionally, it may be necessary to refer employees to the organisation’s doctor for a medical opinion and all employees are required by their contract of employment to attend in this case. The Employer may receive certain medical information, which will be stored in a secure manner with the utmost regard for the confidentiality of the document. The Practice does not retain medical reports on job applicants who do not become employees for longer than is necessary. You are entitled to request access to your medical reports. You are required to submit sick certificates in accordance with the sick pay policy. These will be stored by the Practice, having the utmost regard for their confidentiality.
Closed circuit monitoring (where relevant) The Employer to Glasslyn Vets operates CCTV, the purpose of its operation is to assist the Employer to Glasslyn Vets to achieve its security objectives of ensuring the personal safety and protection of staff and residents of the Employer to Glasslyn Vets as well as protecting the assets of the Employer to Glasslyn Vets. The Employer to Glasslyn Vets reserves the right to use any evidence obtained in this manner in respect of a disciplinary issue which may arise. Data Protection Lead Laura Curtin is the data protection officer to lead for Glasslyn Vets. The data protection officer to lead will comply with its legislative obligations applicable to their role. She bears overall responsibility for ensuring compliance with data protection legislation. All employees must co-operate with the data protection officer to lead when carrying out their duties. The data protection officer to lead is also available to answer queries or deal with employees’ concerns about data protection. Subject Access Request You are entitled to request from the Employer to Glasslyn Vets a copy of all personal data held by the employer to Glasslyn Vets, whether in hard copy or soft copy form. The Practice will provide this data within 30 days. There is no charge for requesting this data. You must make a request in writing to the data protection officer to lead, stating the exact data required. The Employer / data protection officer will assess any data access request and you will not be provided with, nor are you entitled to data relating to other employees or third parties. It may be possible to block out data relating to a third party or conceal his or her identity, and if this is possible the organisation may do so. Employees who express opinions in writing, whether on computer or manual format about other employees in the course of their employment should bear in mind that their opinion may be disclosed in an access request, e.g., performance appraisals. An employee who is dissatisfied with the outcome of an access request has the option of using the Practice’s Grievance Procedure. Data Portability You have the right to ‘data portability,’ as prescribed by the General Data Protection Regulation (GDPR), as being you may request that certain personal data provided by you to the Practice is transferred directly to a third party.
Right to request erasure / removal of personal data
You have the right to request erasure / removal of personal data held by the Employer to Glasslyn Vets that is causing you distress. An objection should be made in writing to the data protection officer to lead, outlining the data in question and the harm being caused to the employee. The Employer/ data protection officer to lead will assess such requests on a case by case basis and respond accordingly, in compliance with its legislative obligations. Review Glasslyn Vets reserves the right to change this policy taking into account changes in the law and the experience of the policy in practice and you will be informed of any changes in policy. The data protection lead reserves the right to implement and amend further policies.
