General Data Protection Regulation Statement
Under the GDPR, the data protection principles set out our main responsibilities. Calber Facilities Management Limited shall abide to Article 5 of the GDPR requirements that personal data shall be:
a) processed lawfully, fairly and in a transparent manner in relation to individuals;
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”
It is the responsibility of every employee in the organisation to apply GDPR principles to the processes they do for and on behalf of Calber Facilities Management Limited.
The organisation will monitor its data processes in the business and make appropriate changes / improvements where needed.
This General Data Protection Regulation Policy was created 27th April 2018 and will be reviewed annually or as and when there are developments or changes in our business.
Calber Facilities Management Limited
Calber Facilities Management are a total facilities management service provider and is a privately owned, family managed company who have the scope, skills and experience to ensure we can cater for any client requirement in a controlled and professional manner.
This privacy notice tells you what to expect when Calber Facilities Management Limited process personal information.
It applies to information we collect about.:
Job applicants and our current and former employees.
Complaints and other individuals in relation to a data protection or freedom of information complaint or enquiry;
People who use our services
Completing the contact form on our website or social media
Writing to us
Calling or visiting our office
We would use this data in any of the following ways:
Calber Facilities Management Limited are committed to protecting and respecting your privacy.
Visiting our website
HTTP Secure is an extension of the Hypertext Transfer Protocol for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is encrypted by Transport Layer Security, or formerly, its predecessor, Secure Sockets Layer. The protocol is therefore also often referred to as HTTP over TLS, or HTTP over SSL
This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
Calber use a third party service provider to help maintain the security and performance of the Calber.co.uk website
Our website includes social media features, such as Facebook and Twitter links. If you interact with these features, they may collect your IP address, which page you are visiting on our website. These features are hosted by a third party and your interactions with these third parties and their features are governed by the privacy notice of the company providing them.
Using our helpdesk
When we are contacted, the call automatically will go to our helpdesk. We will always ask for the caller’s name to identify themselves. Contact details may be taken so we can relay messages or use them to get back to an enquiry. Details will not be kept unnecessary and will deleted when no longer needed for our enquiries.
Emails you send
We use Transport Layer Security (TLS) to encrypt and protect email traffic. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.
We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
Caution – Information sent by unencrypted e-mail over the Internet is not secure and is at risk of being intercepted and read by people other than those for whom it is intended.
This e-mail may contain confidential or legally privileged information, intended for the addressee only. Any opinions presented are those of the author and do not necessarily represent those of Calber Facilities Management Limited If you are not the intended recipient, any disclosure, copying, distribution or reliance upon the contents of this e-mail is prohibited. This e-mail does not create a legally binding contract between sender and recipient. Calber Facilities Management Limited will not be liable for damages as a result of alterations of this e-mail by a third party or as a result of any virus.
Please notify the sender if you are not the intended recipient, so that Calber Facilities Management Limited may ensure proper delivery. Please then delete the message.
We rarely receive complaints, but when we do have a complaint; we file it containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint. We will only ask for the minimal personal data. We will only use the personal information we collect to process the complaint and to check on the level of service we provide. Sometimes we might need disclose the complainant’s identity if the compliant is about a person. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis. We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle. Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.
Calber Facilities Management Limited do their best to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
The General Data Protection Regulations starts on 25th May 2018, client’s details are on our records because it was provided to us previously for legitimate business reasons only. It has been provided to us with contact details and we have not been asked to remove them from our records.
Data privacy / data security is extremely important to us. We will only use our customer’s business details to process their account(s) and also to provide the products and services you have requested from us.
Some customers will have limited access to our computer applications where they will be able to access their accounts only. Customers can view both their own and our business details related to that account. It also shows all the equipment we service on your site(s) and the history of work carried out and a Calber employee reference number.
Calber Facilities Management Ltd will only contact you for legitimate business reasons only. We ensure that any information sent to you is useful in order for you to make informed business decisions and we will try our very best to ensure the information is relevant and informative. We promise not to spam you or share your data with anyone else and we will store your details securely.
If any of your business information needs updating or you no longer consent us retaining your company details, please let us know by email or by contacting the office as quickly as possible. You are free to withdraw your consent at any time by informing us either electronically or in writing.
Our Data / Personal Data
As part of our agreement, the updated GDPR terms will support any existing data processing provisions that are already in place.
Contractors / Suppliers & Third Parties
The General Data Protection Regulations starts on 25th May 2018, contractors/supplier’s business details are on our records because it was provided to us previously for legitimate business reasons only. It was provided to us with your contact details and we have not been asked to remove them from our records.
Data privacy / data security is extremely important to us. We will only use your business details to process their account(s) and also to provide the products and services we have requested from them.
Calber Facilities Management Ltd will only contact you for legitimate business reasons only. We ensure that any information sent to you is useful in order for you to make informed business decisions and we will try our very best to ensure the information to relevant and informative. We promise not to spam you or share your data with anyone else and we will store your details securely.
If any of your business information needs updating or you no longer consent us to retain your company details, please let us know by email or by contacting the office as quickly as possible. You are free to withdraw your consent at any time by informing us either electronically or in writing.
Our Data / Personal Data
As part of our agreement we would like you to confirm the updated terms below, by signing where indicated. The updated GDPR terms will support any existing data processing provisions that are already in place.
Employees and applicants
If you are successful, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment plus 6 years following the end of your employment. This includes your criminal records declaration, fitness to work, records of any security checks and references.
If you are unsuccessful at any stage of the process, the information you have provided until that point will be retained for 6 months from the closure of the campaign
Information generated throughout the assessment process, for example interview notes, is retained by us for 6 months following the closure of the campaign.
Equal opportunities information is retained for 6 months following the closure of the campaign whether you are successful or not.
Decisions on Recruitment
Final recruitment decisions are made by hiring managers and members of our recruitment team. All of the information gathered during the application process is taken into account. You are able to ask about decisions made about your application by speaking to your contact within our recruitment team or by emailing firstname.lastname@example.org.
We offer opportunities for people to come and work with us on a secondment basis. We accept applications from individuals or from organisations who think they could benefit from their staff working with us.
Applications are sent directly to email@example.com. Once we have considered your application, if we are interested in speaking to you further, we’ll contact you using the details you provided.
We might ask you to provide more information about your skills and experience or invite you to an interview.
If we do not have any suitable work at the time, we’ll let you know but we might ask you if you would like us to retain your application so that we can proactively contact you about possible opportunities in the future. If you say yes, we will keep your application for 6 months.
If you are seconded to the Calber, we will ask that you complete a new starter pack.
We ask for this information so that we fulfil our obligations to avoid conflicts of interest and to protect the information we hold.
It will be retained for the duration of your secondment plus 6 years following the end of your secondment.
If you have a query regarding HR, including TUPE, please email firstname.lastname@example.org.
Alternatively please telephone our Reception on 01235 760225
Employment Third parties we use
Pensions Scheme Providers, income tax official’s immigrations authorities, opted health assurance or other opted scheme you agreed to upon agreeing your contract of employment.
GDPR aims to give you more control of your data. It provides new and strengthened rights as set out below:
Rights to access – you can ask us whether were processing your personal data, including where and what for. You can request an electronic copy of your personal date free of charge. If you require further copies of the data there may be a charge where permitted by the legislation.
Right to restrict processing – in certain circumstances, you can ask to restrict our use of your personal data we hold about you.
Right to rectification – you can ask us to correct inaccurate personal data we hold about you.
Right to delete – in certain circumstances, you can ask us to delete your personal data.
Right to lodge a complaint – you can lodge a complaint with the supervisory authority ICO but would ask if you would allow us to resolve any problems before you contact them.
You can read more about these rights here – https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/
Reporting a breach
Calber’s appointed DPO has an effective processes to identify, report, manage and resolve any personal data breaches.
The GDPR introduces a duty on all organisations to report certain types of personal data breaches to the ICO and, in some cases, to the individuals affected.
A personal data breach means a breach of security leading to the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
Calber only have to notify the ICO of a breach where it is likely to result in a risk to the rights and freedoms of individuals.
Where a breach is likely to result in a high risk to the rights and freedoms of individuals, Calber must notify those concerned directly and without undue delay.
In all cases Calber will maintain records of personal data breaches, whether or not they were notifiable to the ICO.
A notifiable breach has to be reported to the ICO within 72 hours of the business becoming aware of it, this will be done by the appointed DPO. The GDPR recognises that it will often be impossible to investigate a breach fully within that time-period and allows you to provide additional information in phases. Calber will make sure that our staff understand what constitutes a personal data breach, and that this is more than a loss of personal data.
Calber have an internal breach reporting procedure in place. This will facilitate decision-making about whether we need to notify the relevant supervisory authority or the public
Changes to this Privacy Notice
We keep our privacy notice under regular review. This privacy notice was last updated on 17th May 2018.
If you want to request information about GDPR and how we use data or to request a copy of your personal data we hold about you or to have any inaccuracies corrected you can email us or write to:
Data Protection Officer
Calber Facilities Management Limited
The Glenmore Centre
Grove Business Park