DATA PROTECTION POLICY

Stein Electrical & Mechanical Solutions Limited is routinely required to gather and retain information from individuals and a variety of suppliers, business contacts, employees and others.

This policy describes how personal data must be collected, handled, and stored to meet the company’s data protection standards and to comply with the law.

This policy ensures that Stein:

  • Complies with Data Protection law
  • Protects the rights of staff and all stakeholders
  • Is open about how it stores and processes data
  • Protects itself from risks of data breach

Data protection law

The Data Protection Act 2018 describes how organisations must collect, handle and store personal information. These rules apply whether data is stored electronically or in ‘hard’ fashion. To comply with the law, personal information must be collected and used fairly, stored safely, and not disclosed unlawfully.

The 8 principles of the act are as follows;

  • Data must be processed fairly and lawfully.
  • Be obtained only for specific, lawful purposes.
  • Be adequate, relevant, and not excessive.
  • Be accurate and kept up to date.
  • Not be held for any longer than necessary.
  • Be processed in accordance with the rights of data subjects
  • Be protected in appropriate ways.
  • Not be transferred outside the European Economic Area unless that country or territory also ensures an adequate level of protection.

Scope

This policy applies to all staff employed by Stein and all people working on behalf of Stein. It applies to all data that the company holds relating to identifiable individuals, even if that information technically falls outside of the Data Protection Act 2018. This can include the names, postal addresses, email addresses, telephone numbers or any other information relating to individuals.

Responsibilities

Everyone who works for Stein has some responsibility for ensuring data is collected, stored and handled properly. The Directors are ultimately responsible for ensuring that Stein meets its legal obligations, continually leading the review of procedures and related policies in line with an agreed schedule.

General Guidelines

  • The only people able to access data covered by this policy should be those who need it for their work
  • Data should never be shared informally – when access to confidential information is required, employees can request it from their line managers
  • Employees should keep all data secure by taking sensible precautions.
  • Personal data should not be disclosed to unauthorised people, either within the company or externally.
  • Data should be regularly reviewed and updated if found to be out of date. If no longer required, it should be deleted and disposed of.

Data Storage

These rules describe how and where data should be safely stored. When data is stored on paper, it should be kept in a secure place where unauthorized people cannot see it. These guidelines also apply to data that is stored electronically but has been printed out.

  • When not required, the paper files should be kept in a locked facility, such as a filing cabinet or drawer.
  • Employees should make sure that paper print outs are not left where unauthorized people could see them
  • Data printouts should be shredded and disposed of securely when no longer required.
  • When data is stored electronically, it must be protected from unauthorised access using strong passwords that are changed regularly and never shared between employees.
  • If data is stored on removable media, such as CD or DVD, these should be kept locked away securely when not being used.
  • Data should only be stored on designated drives and servers and should only be uploaded to approved cloud computing services.
  • Servers containing personal data will be sited in a secure location.
  • Data shall be backed up frequently. These backups should be tested regularly.
  • Data should never be saved directly to laptops or other mobile devices such as tablets or smartphones.
  • All servers and computers containing data should be protected by approved security software and a firewall.

Data Accuracy

The law requires Stein to take reasonable steps to ensure data is kept accurate and up to date. It is the responsibility of all employees who work with data to take reasonable steps to ensure it is accurate and up to date. Data will be retained in as few places as possible – staff should not create any unnecessary additional data sets.

Access Requests

All individuals who are the subject of personal data held by Stein are entitled to;

  • Ask what information the company holds about them and for what purpose
  • Ask how to gain access to it
  • Be informed how to keep it up to date
  • Be informed how the company is meeting its data protection obligations

Disclosing data for other reasons

In certain circumstances, the Data protection Act allows personal data to be disclosed to law enforcement agencies without consent of the data subject.

Under these circumstances, Stein will disclose requested data. However, Billy Stein, Managing Director, will seek advice from the company’s legal advisors where necessary.

This policy is publicly available by contacting us at [email protected]

Approved By: Billy Stein, Managing Director

Approved: 2024

Review: 2025