Cameron Signs is committed to data protection and data privacy. With the General Data Protection Regulation (GDPR) becoming enforceable from 25 May 2018, we have undertaken a GDPR readiness programme to review our entire business, the way we handle data and the way in which we use it to provide our services and manage business operations.
We hold personal data on all our employees, clients and suppliers to meet legal obligations and to perform vital internal functions. This notice details the personal data we may retain, process and share with third parties relating to employment and vital business operations. We are committed to ensuring that your information is secure, accurate and relevant. To prevent unauthorised access or disclosure, we have implemented suitable physical, electronic, and managerial procedures to safeguard and secure personal data we hold.
We have issued this notice to describe how we handle
personal information that we hold about our staff, job
applicants, clients and suppliers (collectively referred
to as "you").
We respect the privacy rights of individuals and are
committed to handling personal information responsibly and
in accordance with applicable law. This notice sets out
the personal data that we collect and process about you,
the purposes of the processing and the rights that you
have in connection with it.
If you are in any doubt regarding this notice, please
contact David Cameron, Partner.
In registering as a supplier, client or contractor we will ask you to provide us with the some or all of the following personal information:
We will mainly use your data to administer our contracted duties with you and undertake credit reference checks where appropriate.
We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff and contractors. We may need to disclose your details if required to the police, regulatory bodies or legal advisors. We will only ever share your data in other circumstances if we have your explicit and informed consent.
We request that suppliers, contractors and clients make best attempts to ensure data held by us is up to date and accurate. In the event of any changes to data or the discovery of any inaccuracies please contact David Cameron, Partner.
When we process your data we will have already carefully assessed the lawful justification for doing so, the parameters in which the data is processed, the length of time the data is held for, the secure storage of your data and undertaken impact assessments to ensure your rights are delivered. Cameron Signs operates a Data Protection and Information Security Policy which is supported by a practical handbook for our employees.
You have a right to ask us to stop processing your personal data, and if its not necessary for the purpose you provided it to us for,) we will do so. Contact David Cameron, Partner if you have any concerns. You have a right to ask for a copy of the information we hold about you. If there are any discrepancies in the information we provide, please let us know and we will correct them.
We may change this Privacy Statement from time to time. If we make any significant changes in the way we treat your personal information we will make this clear on our Website or by contacting you directly. If you have any questions, comments or suggestions, please let us know by contacting David Cameron, Partner.
During your employment with us, or when making an application for employment, we may process personal data about you and your dependents, beneficiaries and other individuals whose personal data has been provided to us. The types of personal information we may process include, but are not limited to:
Sensitive personal data ( "special categories of
personal data" under the General Data Protection
Regulation ) includes any information that reveals your
racial or ethnic origin, religious, political or
philosophical beliefs, genetic data, biometric data for
the purposes of unique identification, trade union
membership, or information about your health/sex life.
Generally, we try not to collect or process any sensitive
personal information about you, unless authorised by law
or where necessary to comply with applicable laws. In some
circumstances, we may need to collect some sensitive
personal information for legitimate employment-related
purposes:
for example:
If you are applying for a role with us then we collect
and use this personal data for recruitment purposes ‐ in
particular, to determine your suitability for a specific
role. This includes assessing your skills, qualifications
and verifying your information, carrying out reference
checks or background checks (where necessary) and to
generally manage the hiring process and communicate with
you about it.
If you are accepted for a role with us, the data collected
during the recruitment process will form part of your
ongoing employee record.
We collect and process personal data relating to our
employees to meet our obligations under the employment
contract and to comply with our legal obligations. We take
the security of your data seriously and are committed to
being transparent about how we collect and use that data
and to meeting our data protection obligations. Once you
become an employee, we collect and use this personal
information for managing our employment or working
relationship with you ‐ for example, your employment
records and contract information (so we can manage our
employment relationship with you), your bank account and
salary details (so we can pay you), your equity grants
(for benefits plan administration) and details of your
spouse and dependents (for emergency contact and benefits
purposes). Where we process special categories of personal
data, such as information about ethnic origin, sexual
orientation, health or religion or belief, this is done
for the purposes of equal opportunities monitoring. Data
that we use for these purposes is anonymised or is only
collected with the express consent of employees, which can
be withdrawn at any time.
We have policies and controls in place to try to ensure
that your data is not lost, accidentally destroyed,
misused or disclosed, and is not accessed without
authorisation and only accessed or used for specific legal
purposes. You have some obligations under your employment
contract to provide the organisation with data. You may
also have to provide the organisation with data in order
to exercise your statutory rights, such as in relation to
statutory leave entitlements. Failing to provide this data
may mean that you are unable to exercise your statutory
rights. We process our employees' personal information
through a global human resources system ("HR System")
called Atlas, which is a tool that helps us to administer
HR and employee compensation and benefits at an
international level and which allows staff members to
manage their own personal information in some cases. This
is provided by Citation who utilise third-party servers
via Microsoft Azure to hold its HR System data and other
business services; these are both based in the United
Kingdom and have been assessed against stringent security
requirements to ensure that all appropriate security
controls are in place to protection personal information.
We may also collect and use personal information when it is necessary for other legitimate purposes, such as to help us conduct our business more effectively and efficiently ‐ for example, for general IT security management, accounting purposes or financial planning. We may also process your personal information to investigate violations of law or breaches of our own internal policies. The IT Department will record and monitor usage of all our IT equipment, user activity, voice traffic, email and Internet usage as deemed necessary. The IT Department will observe the strictest confidentiality when undertaking these activities. They will make their report directly to David Cameron, Partner] who will determine the actions that may need to be taken in any particular case. Our site(s) is/are protected by circuit television (CCTV) systems throughout its premises as deemed necessary and employees should expect all areas (other than those where use would contravene common decency) to be visible on a television monitoring system. Any information obtained from systems will be used with strict adherence to the GDPR. Information will be used for the prevention and detection of crime and to ensure compliance with our policies and procedures and our legal obligations. This may include using recorded images as evidence in disciplinary proceedings.
We may also use your personal data where we consider it necessary for complying with laws and regulations, including collecting and disclosing employee personal information as required by law (e.g. for tax, health and safety, anti-discrimination laws), under judicial authorisation, or to exercise or defend our legal rights.
Our legal basis for collecting and using the personal data described above will depend on the personal data concerned and the way we collect it. We will normally collect personal data from you only where we need it to perform a contract with you (i.e. to manage the employer/employee relationship), where we have your freely given consent to do so, or where the processing is in our legitimate interests and only where this interest is not overridden by your own interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person. Any processing based on consent will be made clear to you at the time of collection or use ‐ consent can be withdrawn at any time by contacting David Cameron, Partner. Who we share your personal data with We take care to allow access to personal data only to those who require such access to perform their tasks and duties, and to third parties who have a legitimate purpose for accessing it. Whenever we permit a third party to access personal information, we will implement appropriate measures to ensure the data is used in a manner consistent with this notice and that the security and confidentiality of the data is maintained.
In addition, we make certain personal data available to third parties who provide services to us. We do so on a "need to know basis" and in accordance with applicable data protection and data privacy laws. For example, some personal data will be available to our employee benefit plans service providers and third-party companies who provide us with employment law advice, health and safety support, payroll support services, expenses, tax and travel management services. Transfers to other third parties We may also disclose personal data to third parties on other lawful grounds, including:
We may need to transfer personal data to countries outside of the United Kingdom. When we export your personal data to a different country, we will take steps to ensure that such data exports comply with applicable laws. For example, if we transfer personal data outside the European Economic Area (EEA), such as to the United States, we will implement an appropriate data export solution such as entering into contracts with the data importer that contain EU model clauses or taking other measures to provide an adequate level of data protection.
Personal data will be stored in accordance with applicable laws and kept for as long as needed to carry out the purposes described in this notice or as otherwise required by law. Generally, this means your personal information will be retained until the end or your employment, employment application, or work relationship with us plus a reasonable period of time thereafter to respond to employment or work-related inquiries or to deal with any legal matters (e.g. judicial or disciplinary actions), document the proper termination of your employment or work relationship (e.g. to tax authorities), or to provide you with ongoing pensions or other benefits. For more information, please see our Data Retention Policy, which outlines our current document retention schedule.
You may exercise the rights available to you under data protection law as follows:
We respond to all requests we receive from individuals
wishing to exercise their data protection rights in
accordance with applicable data protection laws.
You can read more about these rights at: https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/
To exercise any of these rights, please contact David
Cameron, Partner.
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures. This notice was drafted with clarity in mind. It does not provide exhaustive detail of all aspects of our collection and use of personal information. However, we are happy to provide any additional information or explanation needed. If you want to make a complaint about the way we have processed your personal information, you can contact the Information Commissioner’s Office in their capacity as the statutory body which oversees data protection law ‐ www.ico.org.uk/concerns
This notice may be updated periodically to reflect any necessary changes in our privacy practices. In such cases, we will inform you by email/letter/website. We encourage you to check this notice periodically to be aware of the most recent version.
Please address any questions or requests relating to this notice to David Cameron, Partner.
The following are our key third-party processors who will, during your employment, process your personal data.
We outsource our HR system to Citation who hold records on all our employees, which may include:
We outsource our Health and Safety management to Citation, who may hold records on the following:
Citation’s systems use a secure cloud solution. Information on Citation’s security is available by contacting David Cameron, Partner.
Address: 9 Clydesmill Grove, Glasgow G32 8NL
Country: SCOTLAND, Europe
E-mail: sales@cameronsigns.com
Telephone: +44 (0) 141 642 0033