GDPR - IFS has updated its Group Privacy Notice
IFS GROUP OF COMPANIES PRIVACY NOTICE
Group Privacy Notice
1.1. Protecting our staff and customers’ personal data is important to the IFS Group of Companies. This Privacy Notice sets out how we collect, use, store, share and protect your personal data in compliance with Data Protection legislation.
1.2. This notice will be regularly reviewed to ensure we continue to meet our obligations in processing your personal data and protecting your privacy. In order to do so, we reserve the right to update, modify and amend this notice at any time as required. We recommend that you regularly check our website to keep informed of any updates.
1.3. We are committed to protecting your personal data and to implementing appropriate technical and organisational security measures to safeguard against any unauthorised or unlawful processing and against any accidental loss, destruction, or damage.
2. The Types of Data Collected
In order to run our business, we need to collect various types of personal data. This personal data includes: name, address, contact details such as telephone number, mobile phone number, email address, date of birth, bank details and, additionally for staff, ID card photographs and next of kin details. In certain circumstances, and as part of our regulatory requirements, we may collect special categories of personal data including, but not limited to, any disabilities or special needs information.
3. Statutory Information
Not all data processing requires your consent as the company has a legal obligation to collect and process personal information for the purposes of:
3.1 Contracts of Employment and Recruitment If you submit a job application we will use your personal data for recruitment-related purposes, which may include contacting you via email, telephone, SMS or post. We will retain your application form, as required, in order to satisfy our legal obligations. Contracts of Employment will be issued, retained and managed by the HR department in accordance with all employment legislation.
3.2 Finance There is a legal obligation to ensure all finance functions, including account creation, invoicing, payroll and pension administration are compliant with Her Majesty’s Revenue & Customs (HMRC) regulations and applicable laws.
3.3 Transport In order to carry out the management of the fleet, company cars and transport operations, the company will require personal information to ensure the vehicles and drivers all fulfil our legal obligations to the Department for Transport (DfT).
3.4 Health & Safety at Work (HASAW) Personal information will be gathered, and shared, to ensure compliance with all our legal obligations to the Health & Safety Executive (HSE) and HASAW legislation.
4. Legitimately/Contractual Held Information
The company has a legitimate and contractual obligation to gather and process certain types of personal information to be able to operate effectively and efficiently. This information will be retained and disposed of in accordance with both legal (currently 6 years) and company guidelines. Any request for disposal will be considered in light of these retention periods. The company will not sell or distribute this information to any other third party, other than to fulfil the contractual obligation to the customer or staff member. The data held for these purposes include:
- CCTV images which can be used, not only in support of freight operations, but also UK and EU accepted codes and best practice.
- In some instances the satisfactory completion of a Basic Disclosure Criminal Record Check (CRC) certificate may be required for a position in the company. A separate statement of permission is required for the purposes of gathering and completing the process, however the information will be held on p-files once completed.
- Customer bank details and addresses to ensure the satisfactory completion of contractual sales related obligations (this includes delivery/collection names and addresses for consignments despatched by customers).
- Company mobile telephone records.
- ID card photographs taken for ID Cards which are a recommended requirement of EU300, DfT and CAA compliance.
- Attendance records (Timeware) used to manage the departments and run the business.
- Minutes of meetings transcribed and circulated to departments for action or information.
- Photos of people, places and events for the legitimate promotion of the company in related industry publications, websites or newspapers.
5. Consent Required
5.1 Other personal information may be gathered for the benefit of staff outside of their contractual obligations. Personal information gathered for these purposes will require consent, an example of which would be:
- Where names and addresses (may include dates of birth) are provided to establish personal group medical insurance or private pensions details.
5.2 Consent for use for these purposes will be actively sought from staff, and records kept. Personal information which you supply to us, either for yourself, or any of your dependants for these purposes, will only be shared or passed on with prior consent and will not be sold or transferred for financial gain by the company. Specific permission where appropriate will be sought regarding the process of completing a Basic Disclosure Criminal Record Check.
6. Your Rights
6.1 Right of Access You have the legal right to be provided with details regarding the processing of your personal data, and to obtain a copy of the personal data we hold about you, subject to applicable exemptions and the data protection of others. To help the Company better deal with your request you will need to provide us with the information necessary to identify you and to identify the personal data you require. In order to make a subject access request you should send an email to; HRDept@antrim.ifsgroup.com or make a request in writing to: HR Department, IFS Global Logistics Ltd, Seven Mile Straight, Antrim, BT41 4QE. There may be a charge for this request if it is manifestly unfounded or excessive. The cost will be based on the administrative cost of providing the information.
6.2 Response Time The Company will respond to your request within one month of receipt or inform you of a date in circumstances where an extension may be required.
7. Update / More Information
If, at any time, you wish to object to the information we legitimately hold on you, update the information we hold about you or, for further information on how the company maintains the security of your information, and your rights to access information we hold on you, please contact the Company Data Protection Officer. Contact details and a copy of this privacy notice are available on the company website and in the company internal public folder. Our policy and SOPs regarding data protection and handling are also available to view internally in the IFS Quality Matrix public folder.