AM Services Group is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.
AM Services Group may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 20/2018.
What is “Data Protection”?
The General Data Protection Regulations (GDPR) gives individuals rights and protection regarding how their personal data is used by organisations. Personal Data is any information about a living individual which allows them to be identified from that data (for example a name, photographs, videos, email address, or address). Identification can be by the information alone or in conjunction with any other data. It applies to both paper based and electronic information.
AM Services Group is made up of a number of different companies and all are responsible for your personal data as “data controllers”. We may need to share personal data across the group companies from time to time.
This policy is in place to ensure everyone is aware of their responsibilities and outlines how we comply the with core principles of the GDPR.
Sensitive personal data is referred to as “special category data” which specifically includes genetic data, biometric data and data concerning health matters.
In accordance with the requirements outlined in the GDPR, personal data will be:
- Processed lawfully, fairly and in a transparent manner in relation to individuals.
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes.
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- Accurate and, where necessary, kept up-to-date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods, insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals.
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
The GDPR also requires that “the controller shall be responsible for, and able to demonstrate, compliance with the principles
What is the legal basis for processing your Personal Data?
Under the GDPR, data will lawfully be processed under the following conditions:
- Consent has been obtained
- Processing is necessary for: o Compliance with legal obligation o The performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
Protecting the vital interests of a data subject or another person o For the purposes of legitimate interests pursued by the controller or a third party except where such interests are overridden by the interests, rights o or freedoms of the data subject.
Most of the data we control is processed because it is necessary for our legitimate interests for example contacting customers with marketing information. We may also process data if it is necessary for the performance of a contract with you for example, processing data on an employee to enable payment of wages.
Where consent is to be used as a legal basis for processing your data, we will ensure that it is freely given and you fully understand to what you are consenting to. We will also ensure you understand your right to with draw consent at anytime.
An example of where we may obtain your consent is if we need to write to an employees doctor to obtain medical information or refer someone to occupational health.
Special Category Data
Special category data is sensitive personal data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation.
In relation to this type of data, particular criteria must be met in order for your data to be legitimately processed. In most cases this will include you giving your formal consent and well as us having a legitimate reason for processing the data.
What rights does the data subject have?
You have a number of legal rights in relation to your personal data:
Right to Correct and Update Information We Hold on You If the data we hold on you is no longer correct, is incomplete or out of date, let us know and your data will be updated. Where we are not able to do this we will let you know why. We will also advise any third party that the data has been disclosed to where possible so they can also update their data.
Right to Access Your Information You have a right to access the information we hold on you. This is known as a Subject Access Request (SAR). To make such a request, you will need to write to or email Human Resources. We are obliged to respond within one month. We may need to verify your identify prior to the release of any information. In most cases the information will be supplied electronically.
We may ask you to be specific in your request as to which personal data the request is in relation to. This will enable us to ensure we provide you with the information to you efficiently.
Where a request is manifestly unfounded or excessive, we hold the right to refuse the request. If this is the case we will inform you of this and the reason for the refusal.
Right to Erasure You hold the right to request the deletion of their personal data where there is no compelling reason for its continued processing.
AM services Group has the right to refuse this request if the data is being processed for valid reasons.
Right to be Informed You have the right to be given “fair processing information” usually through a privacy notice. This will explain the lawful reason for processing your information, how long your data will be retained and your right to complain if you are unhappy with the way your data has been managed.
A privacy notice will be supplied in regards to the processing of personal data.
The Right to Restrict Processing You have the right to restrict processing of your personal data in certain circumstances (for instance if the you object to the processing for valid reasons.)
The Right to Data Portability You have the right to request your data in a structured format so it can be passed on to another data controller, for example another employer.
The Right to Object You have the right to object to the processing of your data in certain circumstances e.g. if the company relied on a legitimate interest to process your data and you are not happy with this.
- Confidential paper records will be kept in a locked away with restricted access.
- Confidential paper records will not be left unattended or in clear view anywhere with general access.
- Digital data is coded, encrypted or password-protected, both on a local hard drive and on a network drive that is regularly backed up off-site.
- Where data is saved on removable storage or a portable device, the device will be kept in a locked filing cabinet, drawer or safe when not in use.
- Memory sticks will not be used to hold personal information unless they are password-protected and fully encrypted.
- All electronic devices are password-protected to protect the information on the device in case of theft.
- Computer users are regularly prompted to change their password.
- Emails containing sensitive or confidential information are password-protected if there are unsecure servers between the sender and the recipient.
- Where personal information that could be considered private or confidential is taken or held off our premises, either in electronic or paper format, employees will take extra care to follow the same procedures for security.
A personal data breach refers to a breach of security which has led to the destruction, loss, alteration unauthorised disclosure of or access to personal data.
Where a breach is likely to result in a risk to result in a risk to the rights and freedoms of individuals the Information Commissioners Office (ICO) will be informed within 72 hours. The risk of a breach having a detrimental effect on an individual will be assessed on a case by case basis.
In the event a breach is likely to result in high risk to the rights and freedoms of an individual we will notify the person concerned directly.
CCTV & Monitoring
We monitor computer and telephone use and may have CCTV in your working area. Clear and prominent signs will be on display when the CCTV cameras are placed discreetly or where people do not expect to be under surveillance. We also may keep records of your hours of work by way of our signing in and out systems whether electronic or paper based. This may be used for monitoring your attendance and timekeeping as well as for payroll purposes.
Data will not be kept for longer than necessary. Unrequired data will be securely destroyed. Please see our Data Protection and Privacy Matrix for further information.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
For more information please speak with your manager or Human Resources.
Other policies we have are:
Equality and Diversity Policy – CLICK HERE
Quality Policy Mission Statement – CLICK HERE
Environmental Policy – CLICK HERE
General Health and Safety Policy Statement – CLICK HERE