Data Protection Policy

Aim and Scope of Policy

This policy outlines how Premier Fleet Solutions Ltd collects, uses, discloses and manages client, learner and employee data. It applies to the processing of personal data in manual and electronic records in connection with its training activities and human resources function as described below. It also covers the Company’s response to any data breach and other rights under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

This policy applies to the personal data of job applicants, existing and former employees, self-employed contractors, clients and learners and third parties who have access to data held by Premier Fleet Solutions Ltd. These are referred to in this policy as relevant individuals.

“Personal data” is information that relates to an identifiable person who can be directly or indirectly identified from that information, for example, a person’s name, identification number, location, online identifier. It can also include pseudonymised data.

“Special categories of personal data” is data which relates to an individual’s health, sex life, sexual orientation, race, ethnic origin, political opinion, religion, and trade union membership. It also includes genetic and biometric data (where used for ID purposes).

“Criminal offence data” is data which relates to an individual’s criminal convictions and offences.

“Data processing” is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Premier Fleet Solutions Ltd makes a commitment to ensuring that personal data, including special categories of personal data and criminal offence data (where appropriate) is processed in line with GDPR and domestic laws and all its employees conduct themselves in line with this, and other related, policies. Where third parties process data on behalf of the Company, the Company will ensure that the third party takes such measures in order to maintain the Company’s commitment to protecting data. In line with current data protection legislation, the Company understands that it will be accountable for the processing, management and regulation, and storage and retention of all personal data held in the form of manual records and on computers.

Premier Fleet Solutions Ltd are registered with the ICO – Reference ZB539740

Premier Fleet Solutions Ltd completed an ICO audit to monitor the current rating for data protection and completed the actions to ensure compliance with Data Protection laws.  

Types of data held

Personal data is kept in personnel files, learner files or within the Company’s HR systems or CRM. All hard copies are kept in locked cabinets.  The following types of data may be held by the Company, as appropriate, on relevant individuals:

• name, address, phone numbers, email addresses – for individual and next of kin
• Date of Birth
• CVs and other information gathered during recruitment
• references from former employers
• National Insurance numbers
• Driving licence numbers and images
• job title, job descriptions and pay grades
• conduct issues such as letters of concern, disciplinary proceedings
• holiday records
• internal performance information
• medical or health information
• sickness absence records
• tax codes
• terms and conditions of employment
• training details.

Data Protection Principles

Premier fleet Solutions Ltd will only collect personal data that is necessary for our operations:

All personal data obtained and held by the Company will:

• be processed fairly, lawfully and in a transparent manner
• be collected for specific, explicit, and legitimate purposes

This could be:

• Consent  – this will be freely given, specific, informed and unambiguous. Individuals have the right to withdraw consent at any time.
  • A contractual necessity
  • Compliance with a legal obligation
  • Protection of vital interests
  • A public task
  • Legitimate interests pursued by us

• be adequate, relevant and limited to what is necessary for the purposes of processing
• be kept accurate and up to date. Every reasonable effort will be made to ensure that inaccurate data is rectified or erased without delay
• not be kept for longer than is necessary for its given purpose in line with the disposal schedule
• be processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures
• comply with the relevant data protection procedures for international transferring of personal data.

Data Subject Rights

Premier Fleet Solutions Ltd respect the rights of data subjects.

Personal data will be processed in recognition of an individuals’ data protection rights, as follows:

• the right to be informed
• the right of access
• the right for any inaccuracies to be corrected (rectification)
• the right to have information deleted (erasure)
• the right to restrict the processing of the data
• the right to portability
• the right to object to the inclusion of any information
• the right to regulate any automated decision-making and profiling of personal data.

Access to Data

Relevant individuals have a right to be informed whether the Company processes personal data relating to them and to access the data that the Company holds about them. Requests for access to this data will be dealt with under the following summary guidelines:

• the Company will not charge for the supply of data unless the request is manifestly unfounded, excessive or repetitive, or unless a request is made for duplicate copies to be provided to parties other than the employee or learner making the request
• the Company will respond to a request without delay. Access to data will be provided, subject to legally permitted exemptions, within one month as a maximum. This may be extended by a further two months where requests are complex or numerous.

Relevant individuals must inform the Company immediately if they believe that the data is inaccurate, either as a result of a subject access request or otherwise. The Company will take immediate steps to rectify the information.

Data Disclosures

Premier Fleet Solutions Ltd  may be required to disclose certain data/information to any person. The circumstances leading to such disclosures include:

• any employee benefits operated by third parties
• disabled individuals – whether any reasonable adjustments are required to assist them at work
• individuals’ health data – to comply with health and safety or occupational health obligations towards the employee
• for Statutory Sick Pay purposes
• HR management and administration – to consider how an individual’s health affects his or her ability to do their job
• the smooth operation of any employee insurance policies or pension plans.
• Funded learners to ensure the funding criteria is achieved prior, during and at the end of learning

These kinds of disclosures will only be made when strictly necessary for the purpose.

Data Security

Premier Fleet Solutions Ltd adopts appropriate technical and organisational procedures designed to maintain the security of data when it is stored and transported. This could include encryption, pseudonymisation, access controls and staff training.

In addition, employees must:

• ensure that all files or written information of a confidential nature are stored in a secure manner and are only accessed by people who have a need and a right to access them
• ensure that all files or written information of a confidential nature are not left where they can be read by unauthorised people
• refrain from sending emails containing sensitive work related information to their personal email address
• check regularly on the accuracy of data being entered into computers
• always use the passwords provided to access the computer system and not abuse them by passing them on to people who should not have them
• use computer screen blanking to ensure that personal data is not left on screen when not in use.

If Premier Fleet Solutions Ltd plan to undertake high risk data processin we will conduct a DPIA (Data protection impact assessment). This will identify and help to minimise risks.

Personal data relating to employees, clients or learners should not be kept or transported on laptops, USB sticks, or similar devices, unless authorised by a Director. Where personal data is recorded on any such device it should be protected by:

• ensuring that data is recorded on such devices only where absolutely necessary
• using an encrypted system — a folder should be created to store the files that need extra protection and all files created or moved to this folder should be automatically encrypted
• ensuring that laptops or USB drives are not left lying around where they can be stolen.

Failure to follow the Company’s rules on data security may be dealt with via the Company’s disciplinary procedure. Appropriate sanctions include dismissal with or without notice dependent on the severity of the failure.

Non-Disclosure

Premier Fleet Solutions Ltd has a non-disclosure agreement which is entered into by all employees, subcontractors and organisations that they partner with.

Leavers

Premier Fleet Solutions Ltd have the right to protect client and learner data when an employee leaves the business. The following steps may be taken once it is known an employee is leaving.

• Enhanced monitoring of future emails and IT activity for unusual behaviour such as accessing documents for prolonged periods of time outside of working hours.
• A search of recent sent emails.
• Remind the employee – both in person and in their exit interview – of the ongoing duties of confidentiality and the restrictive covenants to which they are subject.
• Putting the employee on gardening leave immediately to restrict the ability to obtain confidential information (but bearing in mind that this then reduces the length of the restrictive covenant post termination).

• Confirming that any restrictive covenants will be enforced.
• Writing to the new employer to put them on notice as to the employee had access to confidential information.

Premier Fleet Solutions will also ask for all log ins and passwords  to online and software accounts and will subsequently change these or cancel them to prevent further access.

All company property such as laptops,  keys, security passes and fuel cards will be collected by a director.

Disposal Schedule

All data is held in line with Premier Fleet Solutions Ltd’s disposal schedule.

International data transfers

The Company does not transfer personal data to any recipients outside of the EEA.

Breach notification

Where a data breach is likely to result in a risk to the rights and freedoms of individuals, it will be reported to the Information Commissioner within 72 hours of Premier Fleet Solutions Ltd becoming aware of it and may be reported in more than one instalment.

Individuals will be informed directly in the event that the breach is likely to result in a high risk to the rights and freedoms of that individual.

If the breach is sufficient to warrant notification to the public, the Company will do so without undue delay.

Training

New employees must read and understand the policies on data protection as part of their induction.

All employees receive training covering basic information about confidentiality, data protection and the actions to take upon identifying a potential data breach.

The nominated data controller/auditors/protection officer for the Company is Sarah Martin who is trained appropriately in their role under data protection legislation.

All employees who need to use the computer system are trained to protect individuals’ private data, to ensure data security, and to understand the consequences to them as individuals and the Company of any potential lapses and breaches of the Company’s policies and procedures.

Records

Premier Fleet Solutions keeps records of our data processing activities.

Data Protection Officer

The Company’s Data Protection Officer is Sarah Martin.  She can be contacted on 07889 866179 or via email sarahmartin@premierfleetsolutions.com.