This privacy notice tells you what to expect when our organisation collects personal data and how to contact us should you wish to discuss any aspect of how we handle that data.
Our Group parent company, Belasko Group Limited, is registered in Guernsey under company number 63580. Our main operating activities are performed by its two wholly owned subsidiaries:
Although the nature of our business does not oblige us to appoint a Data Protection Officer, we do have a central point of contact for data protection queries.
The best means of contact for any query regarding data protection is via email at firstname.lastname@example.org
If you have any questions or concerns regarding how we work with personal data please don’t hesitate to contact us via the above email address.
We store and process only the data that we need and we delete it when it’s no longer required. Unless otherwise stated we don’t pass this data to anyone else and all electronic data is stored on our server in Guernsey. If you would like more detail please contact us via the above email address.
We store personal data on our employees so that we can run the company and pay our employees. This includes names and contact details, pre-employment screening information, performance and disciplinary data, and health information and bank details; it also includes emergency contacts and next-of-kin information as provided to us by each employee. We retain data for former employees only for as long as we are required to by law and where there is no statutory retention period we use the CIPD’s best practice guidelines.
We store and process customer data in order that we can correspond with, make payments to and receive payments from, our customers. When we have not done business with you for one year or longer we will delete your personal data from our systems in line with the Belasko data retention policy.
We store personal data on our shareholders to enable us to verify the identity of our owners, receive payments from them and allow us to pay dividends as applicable. If a shareholder sells their holding we would delete personal data in line with the Belasko data retention policy after the date of the sale.
Our phone system retains logs of the calls we make and receive (unless, for incoming calls, the caller’s number is withheld). Only the date and time of the call and the phone number (where available) are retained and the logs are stored for no longer than a year.
We currently do not maintain mailing lists for marketing purposes, however, if we were to use your data for this purpose in the future, we would need your consent to do so. We would keep a record of that consent for as long as you choose to receive marketing information. If you withdrew your consent we would record the fact that you had done so for audit purposes and we would remove you from the list.
Our IT systems are hosted and supported by a third party provider of IT services. As you would expect, the contract between us and our IT support partner contains appropriate clauses regarding information security and data protection and we carry out regular service reviews.
Our IT systems are located in secure data centres in Guernsey to protect them against theft and environmental risks (flood, fire, power cuts, etc.). All our computer systems run up to date anti-virus software and system updates are applied regularly to protect against potential security problems. All of the user login IDs on our systems are restricted so that each user has access only to the data that he or she requires.
Laptops are only used to gain remote access to our systems when we are out of the office and so no data is actually stored on laptops. Our staff have access to their work email from their mobile phones, which we secure with a mobile device management system so we can remotely wipe any device if it is lost or stolen.
We use Transport Layer Security (TLS) to encrypt and protect email traffic. If your email service does not support TLS you should be aware that any emails we send or receive may not be protected in transit.
We monitor any emails sent to us, including file attachments, for security threats such as phishing scams, viruses or other malicious software. Please note that you have a responsibility to ensure that any email you send to us is within the bounds of the law.
You have a number of rights under the laws of data protection. As we mentioned earlier please contact email@example.com if you have any queries or concerns. We retain a log of requests that we receive and remove entries when they are one year old.
You can contact us to request a copy of any personal data we hold about you on our systems or in our files, along with information about what we use it for. We must respond to you in a reasonable time and always within a month. Unless the request is particularly complex or onerous there’s no cost to you for making these requests.
We must ensure that the data we hold about you is accurate. If you tell us that something is wrong, we will correct it and then confirm to you that we have done so.
If you ask us to erase your personal data we must do so unless there is a legitimate reason for us to keep it. For example if you are a customer and we need some of your personal data in order to satisfy our contract with you (say, to interact with you or to send you information), we will keep just the information we need for those purposes.
If there is some dispute between you and us regarding the use of your personal data, you have the right to ask us to restrict the processing of your data. This means we can continue to store it but we can’t do anything else with it until the dispute is resolved. We will inform you prior to beginning processing once the restriction has been removed.
We are the data controller for any information you provide as part of our recruitment process. All of the information you provide during the process will only be used for the purpose of processing your application or to fulfil legal or regulatory requirements if necessary.
We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes and your data will be stored on our IT systems in Guernsey.
We may look up applicants’ profiles on social media, though we don’t copy that information or store it on our systems.
We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for. The information we ask for is used to assess your suitability for employment: you don’t have to provide what we ask for but it might affect your application if you don’t.
Unsuccessful applicants’ data will be retained for no more than a year and then deleted.
This privacy notice is designed to be clear and concise. We are happy to provide any additional information you need: please contact us on firstname.lastname@example.org
Should you have any cause for complaint, please write to us at:
Data Protection Representative
Belasko Group Limited
St Peter Port
If you are dissatisfied with the way in which your complaint has been handled you may contact your local data protection supervisory authority, or write to our local Information Commissioners at:
The Office of the Data Protection Authority
St Martin’s House
St. Peter Port
Jersey Office of the Information Commissioner
5 Castle Street