GDPR - Privacy Notice

 

This document provides a privacy notice to allow data to be processed under a number of grounds and for various business-related purposes. It sets out how the data entered using CASS APPs may be used and also implications for operatives and employees at CASS

 

 

1.    CASS needs to keep and process information about gang and individual worker’s in the field when they/you use a CASS Data Capture APP.  CASS utilise many APPs with which it is intended to streamline and simplify certain surveys/works/information/scene site data for reports and recording works.  Equally we use certain APPS to fulfil other requirements in the context of works and site information capture in the course of a working period.

 

2.    The information we hold and process will be used for CASS management and administrative use only. We will keep and use it to enable CASS to run the business and manage our relationship with our teams, our clients and the associated CASS management teams and works coordinators in the context of day to day field operations

 

3.    CASS expects that the gang/worker effectively, to record and store any such data  lawfully and appropriately, during the field operations, whilst you are working for us and at the time when your employment ends and after you have left. This includes using information to enable us to comply with the GDPR regulations, to comply with any legal requirements, pursue the legitimate interests of the Company and protect our legal position in the event of legal proceedings.

 

4.    As a company CASS may sometimes need to process your data to pursue our business interests, for example to prevent fraud, administrative purposes or reporting potential crimes. CASS will not process your data where our legitimate business interests are overridden by your own interests.

 

5.    Much of the information CASS hold in regard to direct workers to CASS and employees will have been provided by you, the individual but some may come from other internal sources, such as your manager, or in some cases, external sources, such as referees.

 

6.    The sort of information we hold includes your application form and references, your contract of employment and any amendments to it; correspondence with or about you, for example letters to you about a pay rise or, at your request, a letter to your mortgage company confirming your salary; information needed for payroll, benefits and expenses purposes; contact and emergency contact details; records of holiday, sickness and other absence; information needed for equal opportunities monitoring policy; and records relating to your career history, such as training records, appraisals, other performance measures and, where appropriate, disciplinary and grievance records.

 

7.    You will also inevitably be referred to in many CASS company documents and records that are produced by you and your colleagues in the course of carrying out your duties.  In particular you should refer to the Data Protection Policy.

 

8.    Where necessary, CASS may keep information relating to your health, which could include reasons for absence and GP reports and notes. This information will be used in order to comply with our health and safety and occupational health obligations – to consider how your health affects your ability to do your job and whether any adjustments to your job might be appropriate. We will also need this data to administer and manage statutory and company sick pay and other entitlements.

 

9.    Where CASS process special categories of information relating to your racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, biometric data or sexual orientation, we will always obtain your explicit consent to those activities unless this is not required by law or the information is required to protect your health in an emergency. You have the right to withdraw your consent for CASS to process your data at any time.

 

10.  In addition, CASS do monitor computer, telephone/mobile telephone use, as detailed in our computer/telephone/electronic communications/expenses policy, available in the staff handbook. We also keep records of your hours of work.

 

11.  Other than as mentioned below, CASS will only disclose information about you to third parties if we are legally obliged to do so or where we need to comply with our contractual duties to you, for instance we may need to pass on certain information to an external payroll provider, pension or health insurance schemes.

 

12.  CASS may transfer information about you to other group companies for purposes connected with your employment or the management of the company’s business.

 

13.  In limited and necessary circumstances, your information may be transferred outside of the EEA or to an international organisation to comply with our legal or contractual requirements. We have in place safeguards to ensure the security of your data.

 

14.  Your personal data will be stored for the duration of your employment and held after your employment ends based on legal or financial regulations and requirements appertaining to data of the particular nature being held.

 

15.  If in the future we intend to process your personal data for a purpose other than that which it was collected we will provide you with information on that purpose.

 

Your rights

 

14. Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA) you have a number of rights with regard to your personal data. You have the right to request from us access to and rectification or erasure of your personal data, the right to restrict processing or object to processing as well as in certain circumstances the right to data portability.

 

15. If you have provided consent for the processing of your data you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.

 

16. You have the right to lodge a complaint to the Information Commissioners’ Office if you believe that we have not complied with the requirements of the GDPR or DPA with regard to your personal data.

 

Please see below for the identity and contact details of Data Controller and Data Protection Officer

 

17. CASS is the controller and processor of data for the purposes of the DPA and GDPR.

 

18. If you have any concerns as to how your data is processed you can contact the

Quality Manager SHEQ Manager,

 

Andrew Moxey andrew.moxey@cassworldwide.com

 

and CASS Data Controller

Simon Millington simon.millington@cassworldwide.com