McLEAR needs to collect and use certain types of information about people with whom it deals in order to conduct its operations. These include current, past and prospective employees, suppliers, developers, business partners, customers and others with whom we have dealings. For example, we may occasionally be required to collect and use certain types of personal information to comply with government requirements and/or other legal obligations as well as other statutory and/or administrative functions.
Regardless of how we collect, record and/or use personal data, we are required to ensure that certain data protection standards are adhered to in all of our data processing operations.
Data Protection Statement
We take the issue of data protection very seriously and consider the lawful and correct treatment of personal information by McLEAR as very important to the successful operation of the company and in maintaining the confidence of those with whom we deal.
To this end we fully endorse and strive to adhere to the Data Protection Principles enumerated in the Data Protection Act 1998 (the “DPA”) as well as the European General Data Protection Regulation (GDPR).
This means that the data we hold is:
- used fairly and lawfully
- used for limited, specifically stated purposes
- used in a way that is adequate, relevant and not excessive
- kept for no longer than is absolutely necessary
- handled according to people’s data protection rights
- kept safe and secure
- not transferred outside the European Economic Area without adequate protection
The DPA can be viewed at; http://www.legislation.gov.uk/ukpga/1998/29/contents
Status of the Policy
This policy does not form part of the formal contract of employment of our staff but it is a condition of employment that employees will abide by the rules and policies made by McLEAR. Any failures to follow the policy can therefore result in disciplinary proceedings.
The McLEAR Data Protection Team
McLEAR has a Data Protection Team comprising representatives from Legal, Compliance, Human Resources and IT Departments. The McLEAR Data Protection Team is responsible for co-ordinating and implementing the McLEAR Data Protection policies and procedures. The McLEAR Data Protection Team is supported by and report to the Executive Management Board of McLEAR Ltd.
Responsibilities of Staff
To help uphold this Data Protection Policy, McLEAR personnel will abide by the IT and Communication Systems Policy (Schedule 26 of the McLEAR Handbook) which covers:
- Equipment security and passwords
- Systems and data security
- Use of E-mail
- Using the internet
- Personal use of our systems
- Use of Social Media
We follow the Data Protection Act at all times when asking for or handling your information including:
- Personal data shall be processed fairly and lawfully.
- Data is processed only for the purpose(s) for which it was collected.
- Data is adequate, relevant and not excessive.
Rights to Access Information
All requests for access to Personal Data (Subject Access Requests) processed by McLEAR should be directed to the Data Protection Officer, McLEAR Ltd, 14-16 Great Chapel Street, London, W1F 8FL, United Kingdom or via firstname.lastname@example.org
Any electronic data we hold about you will be stored securely behind a minimum of 2 firewalls for no longer than is necessary to fulfil the purposes for which it was obtained. However, we will maintain certain elements of your Order Information for as long as the HMRC rules require, which are currently 6 years from the end of the financial year of the transaction.
Data Type: Financial
Retention Period: 6 years + 1
Data Type: Customer
Retention Period: Retained while subject remains a customer plus 2 years or until deletion requested
Reason: Support and Marketing
Data Type: Non-customer
Retention Period: 2 years unless deletion requested
When the scheduled time for data deletion arrives, that data will be anonymised or securely removed from our systems and be overseen by our Head of IT.
Destruction of Paper Records
Documents that contain confidential information such as parties’ names and addresses, or which could be used by third parties to commit fraud shall be disposed of as confidential waste, requiring cross-cut shredding and incinerating.