Here at the Woodhart Group Limited including Woodhart Carpentry, Woodhart Construction and Woodhart Lofts & Extensions (WHG) we want you to be absolutely confident that we are treating your personal data responsibly and that we are doing everything we can to make sure that the only people who can access this data have a genuine need to do so.
This notice details why we collect your personal data and what we do with it in accordance with the General Data Protection Regulation (GDPR).
This document to divided up into the following sections.
Sales & Marketing
Data Retention Policy
|Data Catagory||Sub Category||Description||Stored Where||Who has access||Why do we store it||Retention Time Policy||Action to be take at the end of the period|
|HR||Job Applicants (Non Successful)||CV & Notes||Paper & Public Folder Email||Managers & Directors||Recruitment Purposes||3 Months||Scheduled shredding of paper records and email archive.|
|HR||Job Applicants (Interviewed)||CVs, ID & Notes||Paper & Email||Managers & Directors||Recruitment Purposes||6 Months||Scheduled shredding of paper records and email archive|
|HR||Employed Staff||CVs, Contact details, General HR Files, Payroll details, copy of driving licence, passport||Paper (Locked filing cabinet)m electronic files on server||Office admin Manager, Directors||Essential employment record keeping||7 Years||Scheduled shredding of paper records and email archive.|
|HR||User Account||Network User||Computer server network||Admin, Managers, Directors||Encrypted active directory (Server)||3 Months||Password is reset upon departure of the staff members|
|Accounts||Accounts||Trading accounts||Safe, safe backup on secure encrypted server||Admin Office Manager, Directors||HMRC requirements||7 Years||Scheduled maintenance of Safe to clear older records, shredding of expired paper records|
|Accounts||Accounts||Supplier||Sage, sage backup on secure encrypted server Paper||Admin Office Manager, Directors||Suppliers often used again, Labour force can be seasonal.||7 Years||Scheduled maintenance of Safe to clear older records, shredding of expired paper records|
|Misc Client Data||General Office||General Emails Letters, paperwork||Exchange Email, encrypted server||Mailbox owner, Directors||An audit trail for all company email communicati- ons, retained for legal reasons.||10 Years||Automated Scheduled deletion of all company emails that are in excess of 10 years old.|
|Sales||Sales||Contact details, quote records||Email, encrypted server||All Staff||To track our sales progress.||10 Years||Automated Scheduled deletion of all company emails that are in excess of 10 years old.|
|Client Data||Website||Contact Details||Contact Database in website||Website Design Company, Directors||To collate details of website enquiry forms||Maximum of 9 months.||Delete record from website history.|
Data & Privacy Protection Policy
We will take all reasonable steps to protect data that we hold, including backups, anti-virus, encryption, software security, complex passwords and physical access. Here is a breakdown of what how we protect the data we hold:
We make a daily backup onto our in-house local encrypted server.
We make a daily backup of all user and client data which is stored on our servers, and this is stored on a UK based cloud backup server. The backup is encrypted.
We use MacAfee Internet security / Bitdefender which is on an annual rolling renewal. This also carries out a full network scan
We use in the cloud via Microsoft / Giacom , when they hit our local pcs they are inspected via the anti-virus on the device
All of our user network passwords must meet a minimum complex structure.
All mobile devices with access to our systems will have an enforced pin code protection policy (We can erase the content of any phone remotely)
We have and maintain a have a hardware firewall on our router and also on you pcs /macs. All are turned on and enabled
Our company wireless network is secured with the current best encryption method with an encryption key.
We will endeavour to install all software updates as soon as we are aware they exist. All Operating System updates are regularly installed as part of our Microsoft software management system.
Our offices are protected by a intruder alarm, and access control is implemented and monitored to the main front/back doors as well as our internal sensitive areas. Members of staff have a unique alarm code.
When computers are decommissioned we employ a secure company to dispose of them responsibly
Data Transmission Policy
On occasions we have to transmit/share personal data information such as personal names, addresses in order to carry out our services or provide payroll solutions. Whenever possible these are done via our anti-virus email hosting system or authorised persons.
You have the right in respect of our processing of your personal data which are
We no longer need it
If we are processing your personal data by consent and you withdraw that consent
If we no longer have a legitimate ground to process your personal data or
We are processing your data unlawfully
If you want to exercise any of these rights please contact us on 01273 539124 or email firstname.lastname@example.org
Data Breach Policy
In the event of a breach being detected, we will take the following action:
Level One: A virus infection
Definition – A virus or malicious software infection is detected.
Action – All computers will be scanned for viruses, and malicious software. If a computer cannot be cleaned to a satisfactory level, we will wipe the computer and rebuild from scratch. If no proof is found of personal data leaving our network, no further action will be taken.
Level Two: A breach of our AD security
Definition – Proof that our Active Directory (network username and password system) has been breached, either electronically or by a person.
Action – All user passwords will be reset. Reset all wireless passwords. Scan Entire Network with Trend. Scan all devices with our anti-malicious software tools. No further action will be taken if there is no evidence that data has been stolen.
Level Three: A breach has occurred and evidence exists that any of our data has been stolen.
Definition – Evidence has been found that suggests data has been stolen.
Action – Reset all passwords. Reset all wireless passwords. Scan entire network with Trend. Scan all devices with our anti-malicious software tools. Report the case to the Information Commissioners Office (ICO).
WHG is registered with the Information Commissionaire’s Office (iCO) Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF
Any queries from WHG staff, consultants/suppliers or customers should be directed to the Managing Director.
I consent to you holding my data in accordance with the above policy and GDPR.