From time to time, we will need to ask for and store personal information connected to your employment with the Company. We will ensure that we fully adhere to the eight principles of the Data Protection Act 1998 and the six principles of the General Data Protection Regulation (GDPR).
For the avoidance of doubt, the following definitions apply to this policy:
Personal data – Any information relating to an identified or identifiable natural person.Processing – Any operation (or set of) which is performed on personal data.
This policy applies to data held and processed on our employees and freelance consultants, but also extends to any personal data held on other contractors, clients, and suppliers.
All data will be processed fairly and lawfully and will only be obtained for specific (and lawful) reasons. Information will only be collected and processed to the extent needed to fulfil our operational needs or comply with any legal requirements. All data will be handled with appropriate security and confidentiality, and we will ensure that any employees with responsibility for processing data are adequately trained on data protection and relevant legislation.
When requesting data about you, we will specify the purpose for which that data will be used. From time to time, to ensure our held information is up to date, we may check the accuracy of the data held on you and ask you to confirm any changes.
Employees are responsible for checking that any information provided to the Company is accurate and up to date and for informing us of any changes e.g., if you change your address. We cannot be held responsible for any errors where an employee has not informed us of such changes.
Everyone at Manifest is responsible for ensuring that any personal data they hold is kept securely and is not disclosed orally, in writing or online, either accidentally or otherwise. Unauthorised disclosure of personal information will be regarded as a disciplinary matter.
Data will not be held for longer than necessary and will be processed in keeping with your individual rights. This means that, where appropriate, you will be informed that we are processing data about you (e.g., for the payment of salary or to monitor diversity within the business). All data will be kept securely and will not be transferred to another country without adequate protection being in place.
All Manifest employees must immediately report any actual or suspected data protection breaches to the People Team which will be investigated in line with our Data Protection Breach Guidelines.
Personal information will be coded, encrypted or password protected and regularly backed up. Data held in hard copy or on removable storage media will be kept in a locked filing cabinet or drawer.
Under data protection laws, if Manifest holds any data on you, you have the following rights:
Right to be informed – The right to be told how your personal data is used.Right of access – The right to know and have access to the personal data we hold about you.Right to data portability – The right to receive your data in a common and machinereadable electronic format.Right to be forgotten – The right to have your personal data erased.Right to rectification – The right to have your personal data corrected where it is inaccurate or incomplete.Right to object – The right to complain and object to the processing of your data.Right to purpose limitation – The right to limit the extent of the processing of your personal dataRights related to automated decision-making and profiling – The right not to be subject to decisions without human involvement.You may ask to see details of the personal information we hold about you. Depending on the nature of the request, a small admin fee may be charged. This will be no more than £10. If you would like to see a copy of your personal information, please put your request in writing to the People Team. If you find that any of the information held on you is incorrect or incomplete, please provide written confirmation to the People Team who will ensure this is updated.