Skip to content

Policy and Procedure:

 

Three Star Coaches is committed to:

 

  1. Fully complying with all the requirements of the General Data Protection Regulation (GDPR).

  2. The efficient management of its records for the effective delivery of our services.

 

Scope:

 

This policy explains how we will comply with its responsibilities and obligations under the GDPR and its principles relating to the storage and destruction of personal data.

 

This policy gives guidance about disposing, deleting and retaining the personal data for which we have a responsibility and/or obligation under the GDPR.

 

This policy applies to:

 

  • All personal data that is stored by us whether kept on paper, electronically and/or digitally.

  • All staff

 

This policy should be read and used in conjunction with our other following policies:

 

  • Data protection

  • Privacy

 

Objective:

 

The objectives of this policy are to:

 

  • Ensure we follow the GDPR and its principles relating to the storage, disposal and destruction of personal data

  • Ensure we comply with all applicable legal and regulatory requirements

  • Ensue personal data is stored securely

  • Ensure that personal data is not out of date

  • Keep personal data accurate

  • Assist with responding to subject access requests

  • Ensure personal data that has been placed in storage can be found and retrieved quickly and efficiently

  • Ensure the storage, disposal and destruction of personal data is carried out in a consistent and controlled manner.

  • Assist with audits

  • Minimise storage requirements and costs

  • Assist in the identification of the location of personal data

  • Clarify responsibilities for implementing, complying and monitoring this policy

 

Definitions:

 

Personal data means any information relating to an identified or identifiable person ('data subject') such as a name, postal/email address, telephone number or identification number.

 

Special categories of personal data mean personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation and data concerning criminal convictions or offences

 

Data subject means any individual whose personal data is processed by Three Star Coaches.

 

Processing means any use of personal data such as the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, dissemination, erasure and destruction. (This means that virtually anything Three Star Coaches does with personal data will be processing).

 

Data controller means the organisation which decides the purposes and means of the processing of personal data

NB: The data controller for the purposes of this policy is Three Star Coaches.

 

Data processor means an individual or organisation that processes personal data on behalf of a data controller

 

Personal data breach means a breach of security leading to the accidental, or unlawful, destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

 

Consent means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data.

 

Staff means anyone working at or for us on a permanent or temporary basis, including, Directors and permanent, interim and temporary employees.

 

Principles:

 

The relevant data protection principles for the purposes of this policy are that personal data must be:

 

  • Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’)

  • Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’)

  • Kept in a form which permits identification of data subjects for no longer than is necessary

    for the purposes for which the personal data are processed; personal data may be stored for longer periods in so far as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, subject to implementation of the appropriate technical and organisational measures in order to safeguard the rights and freedoms of the data subject (‘storage limitation’)

  • Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

 

NB: Keeping personal data unnecessarily may use up valuable storage space, incur unnecessary costs and impose on us a significant liability risk.

 

Roles and Responsabilities:

 

Three Star Coaches have ultimate responsibility for ensuring compliance with the GDPR, the data protection principles and this policy;

 

  • The Managing Director has overall responsibility for ensuring compliance with the GDPR, the data protection principles.

 

Management and Staff:

 

Line managers are responsible for operational day to day adhering to the GDPR requirements , and ensuring staff’s adherence with this policy.

 

All staff have a responsibility to comply with the GDPR, the data protection principles when carrying out their duties.

 

Important - Failure to comply with this policy may result in legal and/or disciplinary action.

 

Staff Training:

 

All staff are required to attend/undertake training and failure to do so could result in disciplinary action

 

Disposal and Destruction:

 

When the retention periods expire we must dispose of and destroy all personal data unless either the Managing Director or the Operations Director authorises that such data should be retained.

 

Important: Retaining or destroying personal data in breach of this policy may be considered serious gross misconduct and lead to dismissal.