GDPR Policy
Quattro Plant LTD - GDPR Policy Statement
Quattro Plant Ltd. is committed to ensuring compliance with the requirements of the Data Protection Act 2018. This means recognising the balance between keeping information confidential and secure and the need to be able to use and share it where necessary.
Our 6 key management system principles for the processing of personal information:
- All personal information shall be processed lawfully, fairly and in a transparent manner,
- Shall be collected for specific, explicit and legitimate purposes and only processed in accordance with the purpose(s) it is collected,
- Personal information data shall be limited, relevant and accurate as necessary for the purpose it is collected,
- Personal information shall be kept up-to-date where required,
- Personal information shall be stored in a format adequate to readily identify the subject for no longer than necessary,
- All personal information shall be processed in a secure manner including unauthorised access controls.
Quattro Plant Ltd. and our IT Systems supplier (MORCAN) both hold Cyber Essentials certification as part of our protection of our and your data.
How we Store your Personal Information
Your information is securely stored electronically on the company server in files that can only be accessed by approved individuals and will only be used for the intended purposes.
We will keep all information for the duration of your employment and up to the statutory 6 years after termination of employment. We will then dispose of your information by deleting all electronic copies of your information and cross shredding of paper based records.
Quattro Plant Ltd will only use a registered (ICO) and compliant (EU GDPR) company for the data wiping and data destruction of all obsolete or used data bearing media from PC’s, laptops, servers, printers and mobile devices.
We will receive a certificate of destruction at the end of each project which details the destruction of all media by quantity and where applicable by serial number and host asset.
Your Data Protection Rights
Under the Data Protection Act 2018, you have rights including:
- Right of access – you have the right to ask us for copies of your personal information, and other supplementary information,
- Right to rectification – you have the right to ask us to rectify personal information you think is inaccurate.
- You also have the right to ask us to complete information you think is incomplete,
- Right to erasure – you have the right to erase your personal information in certain circumstances,
- Right to restrict processing – you have the right to ask us to restrict the processing of your personal information in certain circumstances,
- Right to data portability – you have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances,
- Right to object – you have the right to object to the processing of your personal information in certain circumstances.
John Murphy
Managing Director
Quattro Plant Ltd
May 2024
As HR Manager of Quattro Plant Ltd, I countersign this policy statement and shall ensure it is communicated and implemented.
Melanie Webb
HR Manager
Quattro Plant Ltd
May 2024
THIS POLICY REMAINS VALID UNTIL IT IS REVISED AND/OR RE-ISSUED
Date of Issue: 05/04/24
M Webb – HR Manager
Doc Ref: GDPR
Document Title: GDPR
Version: 1.0