The Petroplan group of companies (“Petroplan”) needs to keep certain information on its employees, contractors and prospective contractors/recruitment candidates and client contacts for its legitimate business interests of carrying out its day to day operations, meeting its business objectives of recruitment and candidate placement and complying with legal obligations.
Petroplan is committed to ensuring any personal data will be dealt with in line with the current Data Protection Legislation.
Data Protection Legislation means:
To comply with the law, personal information will be collected and used fairly, stored safely and not disclosed to any other person unlawfully.
This document also highlights key data protection procedures within the Petroplan group. It is provided to all employees of Petroplan. It is mandatory that all employees confirm their commitment to comply with its terms at all times.
Definitions
In line with the current Data Protection Legislation, Petroplan will ensure that personal data will:
‘Processing’ includes, without limitation, obtaining, saving, using, holding, amending, sharing, disclosing, destroying and deleting personal data. Personal data includes paper-based data as well as soft copies.
In relation to the personal data it processes, Petroplan will seek to ensure:
It is possible that personal data we collect may be transferred, stored and/or processed outside the European Economic Area (“EEA”). Countries outside the EEA may not offer the same level of data protection as the United Kingdom however we will take steps to ensure that all data is treated securely and in accordance with this policy, only doing so where the recipient of the data is contractually obliged to comply with UK data protection laws.
We have various offices outside the UK which will handle local job opportunities. Our overseas offices have access to our candidate and client database so that we may provide a truly global service. We may also transfer personal data to our overseas offices or overseas clients so that candidates can be considered for roles outside the UK and for payroll and other administrative purposes. Petroplan is unable to provide services to any contractor who is not happy for their data to be accessible/transferred in this way since it is crucial that all active candidate details are on our database.
Information we collect
In order to provide the best tailored employment opportunities, we need to process certain information about candidates, contractors and Petroplan employees. Specifically, we collect the following information:
We may also be provided with information which is classed as special categories of personal data or otherwise treated differently under GDPR. This could include information about previous convictions or medical well-being/physical condition for example. No-one is obliged to provide this information, however if they do, we will interpret this as them agreeing to this policy and giving us explicit consent to us providing this information to the relevant client and using the information in the ways described in this policy.
We may also be provided with details of other individuals (including, without limitation, referees, family members (including children) or next of kin/persons to be contacted in an emergency). By doing so the relevant candidate/contractor/employee is confirming that they have that person’s consent to provide us with their details, to process the information for the intended purpose and to contact them for the intended purpose if necessary and/or appropriate.
We also collect very limited data relating to Clients and Suppliers to enable us to ensure our relationship and services run smoothly. We generally only need to have contact details for individual contacts at the Client (such as their names, work location, telephone numbers and email addresses). We also undertake compliance checks including “know your client” information and collect payment details (bank account details/tax registration number).
It is important that the personal information we hold is accurate and current.Please keep us informed by emailing us at [email protected] if your personal information changes during the period which we hold your data.
Notification
Petroplan’s purpose for processing personal data are recorded on the public register maintained by the Information Commissioner’s Office (ICO). We notify and renew our notification on an annual basis as the law requires.
If there are any interim changes, these will be notified to the Information Commissioner’s Office (ICO) within 28 days.
Responsibilities
Overall responsibility for the security of personal data rests with Petroplan’s Board of Directors.
The Board of Directors are responsible for:
All staff of Petroplan who process personal information must undertake GDPR training and ensure they not only understand, but also act in line with this policy. Any questions or concerns about the interpretation or operation of this policy should be taken up, in the first instance, with Jos Thomerson, Director of Operations, and Anna Bryant, General Counsel.
Any breach of this policy will be taken seriously and will result in formal disciplinary proceedings.
Any employee who considers that the policy has not been followed in respect of their own personal data should raise the matter with Jos Thomerson, Director of Operations, and Anna Bryant, General Counsel.
Policy Implementation
Petroplan shall:
Petroplan will ensure that:
Data Retention Policy
We will keep the personal data held by us for the periods defined below, after which we will delete the relevant information we hold relating to such individual:
Employee Knowledge
Each employee will receive a copy of this data protection policy as part of their induction and will be required to sign to confirm receipt and understanding. Any questions should be raised with Jos Thomerson, Director of Operations, and Anna Bryant, General Counsel.
Each employee will receive an annual reminder of this data protection policy in a team meeting or via e-mail.
Data Security
Petroplan will take steps to ensure that personal data is kept secure at all times against unauthorised or unlawful loss or disclosure. The following measures will be taken:
Any unauthorised disclosure of personal data to an unauthorised third party by an employee will result in disciplinary proceedings.
Subject Access Requests
Anyone whose personal information Petroplan process has the right to know:
All data subjects have the right to request a copy of the personal data which we hold about them by contacting us at [email protected] They may request modification, updating or deletion of any such information. We will respond to any such request within 30 days (although we may be allowed to extend this period in certain cases).
Data subjects have the right to transfer their data from us to another data controller. We will assist – either by directly transferring the data, or by providing a copy for to the data subject to transfer to the alternative data controller themselves.
Data subjects also have the right to lodge a complaint with the Information Commissioner’s Office (ICO). Details are as follows:
Phone: 0303 123 1113
Email: [email protected]
Post: Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
The following information will be required before access is granted:
We may also require proof of identity (e.g. passport, driving licence or birth certificate) before access is granted.
We aim to comply with requests for access to personal information as soon as possible but will ensure it is provided within 30 days of receiving the written request as required by law, unless there is a good reason for delay. In such cases, the reason for delay will be explained in writing to the individual making the request.
We do however reserve the right to withhold the following:
Review
This policy will be reviewed at intervals of 3 years to ensure it remains up to date and compliant with the law.