FMS Data Policy
-
FMS Client Data Policy
Following the issuance of the new General Data Protection Regulation (henceforth known as GDPR) FMS have updated this data policy in accordance with the requirements of the regulation.
1.1 Forms of Data
An internal audit (document reference FMS-IT-001-1) was conducted of the various forms of data as defined by the regulation held, stored or processed by the company. Items of data found to come under the remit include;
-
Company names and addresses
-
Name of contacts
-
Contact phone numbers
-
Email addresses
-
Bank account details where applicable for accounting requirements
-
Subcontractors UTR numbers
1.2 Collection and Process of Data
Data can be collected through a number of different mediums; following enquiries via email and telephone; existing clients, suppliers, and subcontractors; and new clients, suppliers and subcontractors
All our client information is stored in our (Computer Aided Facilities Management) CAFM system which is accessed by authorised personnel only. Laptops and mobiles are locked when not in use to deter unauthorised persons from accessing confidential information.
FMS Integrated Building Services will never sell customer information on to third parties, and we will only pass on information such as addresses where it is necessary to do so in order to complete contractual obligations or services. Any information provided by our customers will be used solely for business purposes.
1.3 Breach of Data Laws
In the event of any breach of the GDPR legislation, we will advise the relevant regulator of a breach within 72 hours unless we are able to demonstrate that the breach is unlikely to result in a risk to an individual or client’s rights and freedoms.
-
-
-
Examples of a Personal Data Breach
-
-
-
access by an unauthorised third party;
-
deliberate or accidental action (or inaction) by a controller or processor;
-
sending personal data to an incorrect recipient;
-
computing devices containing personal data being lost or stolen;
-
alteration of personal data without permission; and
-
loss of availability of personal data.
1.4 Use of Technology
Employees issued with company mobiles, laptops and tablets are mandated to ensure they keep their devices locked with a secure password when not in use. Employees are to ensure that devices are kept on their person at all times, or if this is not possible, they are securely locked away. Any employee not adhering to the above may face investigation and potential disciplinary action. Employees must not share their access information to persons not authorised to have access.
1.5 Employee Procedures
Due to the nature of our business, it may be that employees have access to client information. Employees are not to use any information provided by our clients for anything other than the use that it was intended for. Should any employee be found to be in breach of this an investigation will be conducted which may result in disciplinary action.
1.6 Client Rights
Under the new regulations you have the right to request any information held by ourselves. Should you wish for us to remove your contact information from our system we are obliged to do so. For any such requests for the removal of information, or to provide us with up-to-date contact information please email l.williams@fmservicesuk.com or alternatively call 0330 174 1793.
-
FMS Employee Data Policy
Following the issuance of the new General Data Protection Regulation (henceforth known as GDPR) FMS have updated this data policy in accordance with the requirements of the regulation.
2.1 Forms of Data
Whilst undertaking an internal audit the company has identified that it stores or utilises the following forms of personnel data;
-
Employee name
-
Employee Address
-
Contact telephone number
-
Email address
-
Next of kin name and number – for use in an emergency only
-
Bank account information – for the purpose of paying wages
-
Training records – for compliance purposes
-
CV, application form and cover letter
-
Contract of employment –for recruitment purposes
-
Sickness and attendance information – for employee management purposes
-
Performance reviews– for employee management purposes
-
Disciplinary and investigation records – for employee management purposes
These records are obtained at the initial recruitment staged and subsequently throughout your employment at the company. We will not sell or pass on employee information unless we have written consent to do so, or are bound by law.
2.2 Personal Data Breach
For the security purposes, all employee’s personnel records are kept in a locked, secure office with only the Data Protection Officer having access to the information. An employee can request to see what information the company stores from the authorised person.
In the instance of a personal data breach, the company will inform the employee within a 72 hour time frame unless we are able to demonstrate that the breach is unlikely to result in a risk to an employee’s rights and freedoms
-
-
-
Examples of a Personal Data Breach
-
-
-
access by an unauthorised third party;
-
deliberate or accidental action (or inaction) by a controller or processor;
-
sending personal data to an incorrect recipient;
-
computing devices containing personal data being lost or stolen;
-
alteration of personal data without permission; and
-
loss of availability of personal data.
2.3 Training Information
In order for us to be compliant on certain works, we are required to supply evidence that our employees are compliant with training legal requirements. Should FMS be required to share training information with customers we will only share such information with the appropriate persons and ensure that employees consent to do so.
2.4 Use of Technology
Employees issued with company mobiles, laptops, computers and tablets are mandated to ensure they keep their devices locked with a secure password when not in use. Employees are to ensure that devices are kept on their person at all times, or if this is not possible, they are securely locked away. Any employee not adhering to the above may face investigation and potential disciplinary action.
2.5 Access to Customer Information
Due to the nature of the business, FMS employees may have access to both FMS and client data and have a responsibility to ensure they adhere to the GDPR guidelines.
An employee must not access, read or obtain sensitive client data without written permission from the client, to be arranged through the main office. They must also ensure that no confidential information is passed on to third parties without prior written consent.
If an employee is aware of a breach to the above conditions, then they must notify the DPO within 24 hours in order for them to investigate within the legal timeframe.
2.6 Employee Rights
Under the new regulations you have the right to request any information held by ourselves. Should you wish for us to amend any incorrect information held by us then we are obliged to do so. For any such requests for the removal of information, or to provide us with up-to-date information please email l.williams@fmservicesuk.com or alternatively call 0330 174 1793.