Privacy and Cookies Policy
Data Protection Policy
Blue Octopus Recruitment Limited ("We") are committed to protecting and respecting your privacy.
For the purpose of the Data Protection Act 1998 (the Act), the data controller is Blue Octopus Recruitment Limited of Octo House, 2 Station Road, Otley, LS21 3HX. Our nominated representative for the purpose of the Act is Chris Coleman.
Information We May Collect from You
We may collect and process the following data about you:
- Information that you provide by filling in forms on our site www.blueoctopus.co.uk (our site). This includes information provided at the time of registering to use our site, making an application, purchasing from our site, subscribing to our service, acceptance for inclusion on a mailing list or database, posting material or requesting further services. We may also ask you for information when you report a problem with our site.
- This information will include your name, address, email address, phone numbers, work and education history, full CV and any other sensitive personal data as defined in the Act including your responses to and the results of assessments administered through the site, plus your nationality which we are required to collect by law.
- If we place you with our clients, we shall also request and hold copies of documentation showing your legal right to work in the UK (or the country in which you have chosen to work). We may record and store any telephone calls you have with us for record keeping and quality control purposes. We may undertake credit references, and other lawful checks, where a recruitment client or third party requests such information.
- If you contact us (by email, telephone or letter), we may keep a record of that correspondence.
- We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
- Details of transactions you carry out through our site and of the fulfilment of your orders.
- Details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
- We also collect general information as a total in order to provide us with a better understanding of the users of our site as a group, but which does not contain personally identifiable information.
- We may also use the information for direct marketing via email or telephone.
- We may also store cookies as set out in more detail below.
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information. This is statistical data about our users' browsing actions and patterns, and does not identify any individual.
Where we Store Your Personal Data
All information you provide to us is stored on our secure servers.
The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Uses Made Of the Information
When someone visits www.blueoctopus.co.uk we collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. We collect this information in a way which does not identify anyone. We do not make any attempt to find out the identities of those visiting our site. We will not associate any data gathered from this site with any personally identifying information from any source. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
Disclosure of Your Information
We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may also disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If Blue Octopus Recruitment Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- To provide our recruitment service and facilitate the recruitment process.
- To send information provided by candidates to our clients in order for our clients to assess candidates eligibility for jobs.
Although we may provide information to service providers that handle information on our behalf, we will usually not share the information with third parties for secondary or unrelated purposes unless otherwise disclosed at the point of collection.
We will collect, store and process personal information about our staff, clients, candidates, suppliers and other third parties. We recognise the need to treat it in an appropriate and lawful manner. Please refer to our Data Protection Policy to understand how we collect, store and process personal information. Data Protection Policy
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Access to Information
You may access the profile, correct and update your details or withdraw your details at any time. To do this, you can access information or change information in accordance with applicable legal requirements. If you wish to do this, please contact us.
Cookies are pieces of data created when you visit a site and are stored in the cookie directory of your hard drive. They do not contain any personal information about you and cannot be used to identify an individual user. They are used to help you when you return to a website.
Blue Octopus uses a number of cookies for various purposes:
For authentication to help protect access to any data you supply or request from us (or our clients).
For location tracking to map the distance of a user’s location to a vacancy, which has been searched on the website. The website uses postcodes to pinpoint the location of the vacancies.
For maintaining a vacancy shortlist to allow websites visitors to keep a list of vacancies for later references. Vacancies are kept in the shortlist for a period of 21 days on your personal device. This is designed to make it easier for users to locate vacancies that are of interest to them. When shortlists are sent via the Shortlist Feature, Blue Octopus will take a reference of the email that has provided, no other personal information is stored from this session cookie.
Changes to Our Privacy and Cookies Policy
Any changes we may make to our privacy and cookies policy in the future will be posted on this page and, where appropriate, notified to you by email.
Information about us
Our Website is owned and operated by Blue Octopus Recruitment Limited (“our”, “we”, or “us”), Company Number 7088452. Our registered address is Octo House, 2 Station Road, Otley, LS21 3HX.
Accessing our site
Access to Our Website is permitted on a temporary basis, and we reserve the right to withdraw or amend the service we provide on Our Website without notice. We will not be liable if for any reason Our Website or the service is unavailable at any time or for any period.
From time to time, we may restrict access to some parts of Our Website, or the whole of Our Website, to users who have registered with us.
Intellectual property rights
We are the owner or the licensee of all intellectual property rights in Our Website, and in the material published on it. Those works are protected by copyright laws and treaties around the world. All such rights are reserved.
You may print off one copy, and may download extracts, of any page(s) from Our Website for your personal reference and you may draw the attention of others within your organisation to material posted on our Website.
You must not modify the paper or digital copies of any materials you have printed off or downloaded in any way, and you must not use any illustrations, photographs, video or audio sequences or any graphics separately from any accompanying text.
Our status (and that of any identified contributors) as the authors of material on Our Website must always be acknowledged.
You must not use any part of the materials on Our Website for commercial purposes without obtaining a licence to do so from us or our licensors.
Reliance on Information Posted
Commentary, advertising, entries and other materials posted on Our Website are not intended to amount to advice on which reliance should be placed. We therefore disclaim all liability and responsibility arising from any reliance placed on such materials by any visitor to Our Website, or by anyone who may be informed of any of its contents.
You agree that you must evaluate, and bear all risks associated with, the use of any content on Our Website, including any reliance on the accuracy, completeness, or usefulness of such content. You acknowledge that you may not rely on any content posted on Our Website which have been created by us, submitted to us, or posted by users or other third parties (including without limitation: commentary, advertising, entries and any other materials and information).
The views and opinions of authors expressed on Our Website do not necessarily state or reflect those of Blue Octopus and they may not be used for advertising or product endorsement purposes.
When visiting Our Website, your web browser may produce pop-up advertisements. These advertisements were most likely produced by other websites you visited or by third party software installed on your computer. Blue Octopus does not endorse or recommend products or services for which you may view a pop-up advertisement on your computer screen while visiting Our Website.
Our Website Changes Regularly
We aim to update Our Website regularly, and may change the content at any time. If the need arises, we may suspend access to our site, or close it indefinitely. Any of the material on Our Website may be out of date at any given time, and we are under no obligation to update such material.
The material displayed on Our Website is provided without any guarantees, conditions or warranties as to its accuracy, quality of information, completeness or usefulness. We do not endorse or recommend any commercial products, processes or services. To the extent permitted by law, we, other members of our group of companies and third parties connected to us hereby expressly exclude:
- All conditions, warranties and other terms which might otherwise be implied by statute, common law or the law of equity.
- Any liability for any direct, indirect or consequential loss or damage incurred by any user in connection with Our Website or in connection with the use, inability to use, or results of the use of Our Website, any websites linked to it and any materials posted on it, including, without limitation any liability for:
- loss of income or revenue;
- loss of business;
- loss of profits or contracts;
- loss of anticipated savings;
- loss of data;
- loss of goodwill;
- wasted management or office time; and
- for any other loss or damage of any kind, however arising and whether caused by tort (including negligence), breach of contract or otherwise, even if foreseeable.
This does not affect our liability for death or personal injury arising from our negligence, nor our liability for fraudulent misrepresentation or misrepresentation as to a fundamental matter, nor any other liability which cannot be excluded or limited under applicable law.
Information about You and Your Visits to Our Site
Transactions Concluded Through Our Site
Contracts for the supply of goods and/or services formed through Our Website or as a result of visits made by you are governed by our Terms and Conditions of Supply, a copy of which is available upon request.
Uploading Material to Our Website
Whenever you make use of a feature that allows you to upload material to Our Website, or to make contact with other users of Our Website, you must comply with our content standards set out below. You warrant that any such contribution does comply with those standards, and you indemnify us for any breach of that warranty.
We will not be responsible, or liable to any third party, for the content or accuracy of any materials posted by you or any other user of Our Website.
We have the right to remove any material or posting you make on Our Website if, in our opinion, such material does not comply with the content standards set out below.
Viruses, Hacking and Other Offences
You must not misuse Our Website by knowingly introducing viruses, trojans, worms, logic bombs or other material which is malicious or technologically harmful. You must not attempt to gain unauthorised access to Our Website, the server on which Our Website is stored or any server, computer or database connected to Our Website. You must not attack Our Website via a denial-of-service attack or a distributed denial-of service attack.
By breaching this provision, you would commit a criminal offence under the Computer Misuse Act 1990. We will report any such breach to the relevant law enforcement authorities and we will co-operate with those authorities by disclosing your identity to them. In the event of such a breach, your right to use Our Website will cease immediately.
We will not be liable for any loss or damage caused by a distributed denial-of-service attack, viruses or other technologically harmful material that may infect your computer equipment, computer programs, data or other proprietary material due to your use of Our Website or to your downloading of any material posted on it, or on any website linked to it.
Linking To Our Site
With our written consent you may link to Our Website, provided you do so in a way that is fair and legal and does not damage our reputation or take advantage of it, but you must not establish a link in such a way as to suggest any form of association, approval or endorsement on our part where none exists.
You must not establish a link from any website that is not owned by you.
Our Website or any part thereof must not be copied and/or framed on any other site. We reserve the right to withdraw linking permission without notice. The website from which you are linking must comply in all respects with the content standards set out below.
If you wish to make any use of material on Our Website other than that set out above, please address your request to the Blue Octopus Info Email.
Links from Our Site
Where Our Website contains links to other sites and resources provided by third parties or users, these links are provided for your information only. We have no control over the contents of those sites or resources, and accept no responsibility for them or for any loss or damage that may arise from your use of them.
You may use Our Website only for lawful purposes. You may not use Our Website:
- In any way that breaches any applicable local, national or international law or regulation.
- In any way that is unlawful or fraudulent, or has any unlawful or fraudulent purpose or effect.
- For the purpose of harming or attempting to harm minors in any way.
- To send, knowingly receive, upload, download, use or re-use any material which does not comply with our content standards set out below.
- To transmit, or procure the sending of, any unsolicited or unauthorised advertising or promotional material or any other form of similar solicitation (spam).
- To knowingly transmit any data, send or upload any material that contains viruses, Trojan horses, worms, time-bombs, keystroke loggers, spyware, adware or any other harmful programs or similar computer code designed to adversely affect the operation of any computer software or hardware.
You also agree:
- Not to access without authority, interfere with, damage or disrupt:
- any part of Our Website;
- any equipment or network on which Our Website is stored;
- any software used in the provision of Our Website; or
- any equipment or network or software owned or used by any third party.
These content standards apply to any and all material which you contribute to Our Website (contributions), and to any interactive services associated with it.
You must comply with the spirit of the following standards as well as the letter. The standards apply to each part of any contribution as well as to its whole.
- Be accurate (where they state facts).
- Be genuinely held (where they state opinions).
- Comply with applicable law in the UK and in any country from which they are posted.
Contributions must not:
- Contain any material which is defamatory of any person.
- Contain any material which is obscene, offensive, hateful or inflammatory.
- Promote sexually explicit material.
- Promote violence.
- Promote discrimination based on race, sex, religion, nationality, disability, sexual orientation or age.
- Infringe any copyright, database right or trade mark of any other person.
- Be likely to deceive any person.
- Be made in breach of any legal duty owed to a third party, such as a contractual duty or a duty of confidence.
- Promote any illegal activity.
- Be threatening, abuse or invade another´s privacy, or cause annoyance, inconvenience or needless anxiety.
- Be likely to harass, upset, embarrass, alarm or annoy any other person.
- Be used to impersonate any person, or to misrepresent your identity or affiliation with any person.
- Give the impression that they emanate from us, if this is not the case.
- Advocate, promote or assist any unlawful act such as (by way of example only) copyright infringement or computer misuse.
Suspension and Termination
- Immediate, temporary or permanent withdrawal of your right to use Our Website.
- Immediate, temporary or permanent removal of any posting or material uploaded by you to Our Website.
- Issue of a warning to you.
- Legal proceedings against you for reimbursement of all costs on an indemnity basis (including, but not limited to, reasonable administrative and legal costs) resulting from the breach.
- Further legal action against you.
- Disclosure of such information to law enforcement authorities as we reasonably feel is necessary.
Privacy and Data Protection
We have taken steps to ensure that any information provided to us through the use of Our Website is safe and secure. Please refer to our Privacy and Cookies Policy and our Data Protection Policy for further information.
Jurisdiction and Applicable Law
The above logos Blue Octopus and Octo are registered trademarks of Blue Octopus Recruitment Limited.
If you have any concerns about material which appears on Our Website, please contact the Blue Octopus Info Email.
Thank you for visiting Our Website.
None of us likes to be the subject of a complaint, but if Blue Octopus is truly committed to providing a quality service to clients and candidates, Blue Octopus needs to pick up on any dissatisfaction when it does arise and address it as best they can. Blue Octopus therefore operates a complaints handling process that seeks to ensure that it:
- knows about client or candidate dissatisfaction if and when it does arise;
- takes all reasonable steps to ensure that the dissatisfaction is addressed and resolved wherever possible;
- reassures all clients or candidates who do complain that the practice will address their concerns without delay and that it takes all complaints seriously;
- learns from experience to lessen the risk of complaints in the future.
As required by our complaints policy we will consider any complaint received in as objective a manner as possible and seek to resolve the dissatisfaction. In particular we will offer to meet with the complainant when possible and suggest appropriate redress.
This Complaints Handling Procedure tells you how we will deal with your complaint and how long it is likely to take. It also provides important information about what you can do if you are not happy with the way in which we are dealing with your complaint, or about our final decision. Our Complaints Policy contains further information about what you can expect from us when you make a complaint.
Designated Complaints Handler
If you have any concerns about our service, our work, or our charges and you wish to make a complaint, please contact our Designated Complaints Handler, Kelly Laurenson.
You can write to Kelly Laurenson at Blue Octopus Recruitment Limited, Octo House, 2 Station Road, Otley, LS21 3HX. If the complaint relates to work that has been carried out by Kelly Laurenson, she will ask another manager at the same level to undertake the investigation.
Step One: Acknowledging your Complaint
Within five working days of receiving your complaint, your complaint will be recorded in our Complaints Register and a separate file will be opened in which we will store any correspondence and other documents relating to your complaint. Within two working days we will also send you a letter acknowledging your complaint.
Step Two: Investigating your Complaint
Within ten working days of receiving your complaint, we will review your file and any other relevant documentation and send you a letter telling you how we propose to deal with your complaint. Examples of what we might say in this letter are as follows:
- If your complaint is straightforward we might make suggestions as to how we can put things right or we may offer you some form of redress;
- If your complaint is more complicated we might ask you to confirm, explain or clarify any issues;
- We may ask to meet with you to discuss things face-to-face and we would hope to be in a position to meet with you no longer than fourteen working days after first receiving your complaint. If you would prefer not to meet, or if we cannot arrange this within an agreeable timescale, we will write to you fully setting out our views on the situation and making suggestions as to how we can put things right, or asking you to confirm, explain or clarify any issues. Within three working days of any meeting, we will write to you again to confirm what took place and to confirm any offer of redress that we have made.
Whichever form our investigation takes, we will aim to give you our decision within six weeks of receiving your complaint (or sooner if possible).
Step Three: Appealing against our Decision
If you are not satisfied with our decision, please let us know and we will review our decision again. We will let you know the result of any appeal; our final decision, within five working days of receiving your appeal.
Step Four: Employment Agencies Standards Office and/or The Recruitment and Employment Confederation
If you are still not satisfied, you can then contact the Employment Agencies Standards Office at the Department for Business, Innovation and Skills (BIS). You also have the option to contact The Recruitment & Employment Confederation, the trade association for the recruitment industry. You should write to the following addresses:
Department for Business, Enterprise & Regulatory Reform (BERR)
Employment Agency Standards (4140)
1 Victoria Street
Professional Standards Manager
The Recruitment & Employment Confederation
First Floor 27-45 Stamford Street
Blue Octopus will maintain records of all complaints received and action taken on them. The Designated Complaints Handler is also responsible for conducting a review of all complaints records each year to enable her to report to the company on any trends. It is essential that all personnel learn from their experience and address any underlying problems. In this way Blue Octopus can use its complaints data to help to prevent future difficulties.
Data protection policy
- Everyone has rights with regard to how their personal information is handled. During the course of our activities we will collect, store and process personal information about our staff, clients, candidates, suppliers and other third parties. We recognise the need to treat it in an appropriate and lawful manner.
- Any breach of this policy will be taken seriously and may result in disciplinary action.
About this policy
- The types of information that we may be required to handle include details of current, past and prospective candidates employees, suppliers, clients and other businesses interested in our services that we communicate with. The information, which may be held on paper or on a computer or other media, is subject to certain legal safeguards specified in the Data Protection Act 1998 (the Act) and other regulations. The Act imposes restrictions on how we may use that information.
- This policy sets out our rules on data protection and the legal conditions that must be satisfied in relation to the obtaining, handling, processing, storage, transportation and destruction of personal information.
- The Data Protection Compliance Manager is responsible for ensuring compliance with the Act and with this policy. That post is held by Marc Wrench. Any questions or concerns about the operation of this policy should be referred in the first instance to the Data Protection Compliance Manager.
- If you consider that the policy has not been followed in respect of personal data about yourself or others you should raise the matter with the Data Protection Compliance Manager.
Definition of data protection terms
- Data is information which is stored electronically, on a computer, or in certain paper-based filing systems.
- Data subjects for the purpose of this policy include all living individuals about whom we hold personal data. A data subject need not be a UK national or resident. All data subjects have legal rights in relation to their personal data.
- Personal data means data relating to a living individual who can be identified from that data (or from that data and other information in our possession). Personal data can be factual (such as a name, address or date of birth) or it can be an opinion (such as a performance appraisal.
- Data controllers are the people who or organisations which determine the purposes for which, and the manner in which, any personal data is processed. They have a responsibility to establish practices and policies in line with the Act. We are the data controller of all personal data used in our business.
- Data users include employees whose work involves using personal data. Data users have a duty to protect the information they handle by following our data protection and security policies at all times.
- Data processors include any person who processes personal data on behalf of a data controller. Employees of data controllers are excluded from this definition but it could include suppliers which handle personal data on our behalf.
- Processing is any activity that involves use of the data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring personal data to third parties.
- Sensitive personal data includes information about a person's racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health or condition or sexual life, or about the commission of, or proceedings for, any offence committed or alleged to have been committed by that person, the disposal of such proceedings or the sentence of any court in such proceedings. Sensitive personal data can only be processed under strict conditions, and will usually require the express consent of the person concerned.
Data protection principles
Anyone processing personal data must comply with the eight enforceable principles of good practice. These provide that personal data must be:
- Processed fairly and lawfully.
- Processed for limited purposes and in an appropriate way.
- Adequate, relevant and not excessive for the purpose.
- Not kept longer than necessary for the purpose.
- Processed in line with data subjects' rights.
- Not transferred to people or organisations situated in countries without adequate protection.
Fair and lawful processing
- The Act is intended not to prevent the processing of personal data, but to ensure that it is done fairly and without adversely affecting the rights of the data subject. The data subject must be told who the data controller is (in this case Blue Octopus Recruitment Limited), who the data controller's representative is (in this case the Data Protection Compliance Manager), the purpose for which the data is to be processed, and the identities of anyone to whom the data may be disclosed or transferred.
- For personal data to be processed lawfully, certain conditions have to be met. These may include, among other things, requirements that the data subject has consented to the processing, or that the processing is necessary for the legitimate interest of the data controller or the party to whom the data is disclosed. When sensitive personal data is being processed, more than one condition must be met. In most cases the data subject's explicit consent to the processing of such data will be required.
- Data about staff may be processed for legal, personnel, administrative and management purposes and to enable the data controller to meet its legal obligations as an employer, for example to pay staff, monitor their performance and to confer benefits in connection with their employment. Examples of when sensitive personal data of staff is likely to be processed are set out below:
- information about an employee's physical or mental health or condition in order to monitor sick leave and take decisions as to the employee's fitness for work;
- the employee's racial or ethnic origin or religious or similar information in order to monitor compliance with equal opportunities legislation;
- in order to comply with legal requirements and obligations to third parties.
- Data about candidates, clients, suppliers and other third parties may be processed for the following purposes:
- To provide our recruitment service to clients and facilitate the recruitment process.
- To send information provided by candidates to our clients in order for our clients to assess candidates eligibility for jobs.
- Administration and processing of work-seekers personal data for the purposes of work-finding services.
- Advertising, marketing and public relations.
- Accounts and records.
- Staff Administration.
Processing for limited purposes
Personal data will only be processed for the specific purposes notified to the data subject when the data was first collected or for any other purposes specifically permitted by the Act. This means that personal data will not be collected for one purpose and then used for another. If it becomes necessary to change the purpose for which the data is processed, the data subject will be informed of the new purpose before any processing occurs. By creating a profile candidates are opting in to being contacted by the data controller or the data processor in relation to vacancies matching their selection criteria. This contact preference can be changed via the profile area of the Octo website. By not creating a profile candidates are opting out of contact not related to the specific vacancy being applied for.
Adequate, relevant and non-excessive processing
Personal data will only be collected to the extent that it is required for the specific purpose notified to the data subject. Any data which is not necessary for that purpose will not be collected in the first place.
Personal data will be accurate and kept up to date. Information which is incorrect or misleading is not accurate and steps will therefore be taken to check the accuracy of any personal data at the point of collection. Client data will be kept up to date through day to day interaction. Candidate data can be maintained by the candidates themselves, so Blue Octopus will not use a dedicated process to manage this. Inaccurate or out-of-date data will be destroyed.
Personal data will be kept only as long as necessary. This means that data will be destroyed or erased from our systems when it is no longer required.
When a candidate applies for a vacancy where Blue Octopus are acting as the data controller application data is retained for a period of 6 months from the vacancy being closed. Profile data is retained until the candidate deletes their profile via the Octo Website. When a candidate applies for a vacancy where Blue Octopus are acting as the data processor application data is retained for a period of 6 months from the vacancy being closed, unless this period is overriden by the client data protection policy displayed during the application process. Profile data is retained until the candidate deletes their profile via the Octo Website. For guidance on how long certain data is likely to be kept before being destroyed, contact the Data Protection Compliance Manager.
Processing in line with data subjects' rights
Data will be processed in line with data subjects' rights. Data subjects have a right to:
- Request access to any data held about them by a data controller.
- Prevent the processing of their data for direct-marketing purposes.
- Ask to have inaccurate data amended.
- Prevent processing that is likely to cause unwarranted substantial damage or distress to themselves or anyone else.
- Object to any decision that significantly affects them being taken solely by a computer or other automated process.
- We will ensure that appropriate security measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.
- The Act requires us to put in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. Personal data may only be transferred to a third-party data processor if he agrees to comply with those procedures and policies, or if he puts in place adequate measures himself.
- Maintaining data security means guaranteeing the confidentiality, integrity and availability of the personal data, defined as follows:
- Confidentiality means that only people who are authorised to use the data can access it.
- Integrity means that personal data should be accurate and suitable for the purpose for which it is processed.
- Availability means that authorised users should be able to access the data if they need it for authorised purposes. Personal data should therefore be stored on our central computer system instead of individual PCs.
- Security procedures include:
- Entry controls. Any stranger seen in entry-controlled areas should be reported.
- Secure lockable desks and cupboards. Desks and cupboards should be kept locked if they hold confidential information of any kind. (Personal information is always considered confidential).
- Methods of disposal. Paper documents should be shredded. Floppy disks and CD-ROMs should be physically destroyed when they are no longer required.
- Equipment. Data users should ensure that individual monitors do not show confidential information to passers-by and that they log off from their PC when it is left unattended.
Subject access requests
A formal request from a data subject for information that we hold about them must be made in writing. A £10 fee is payable by the data subject for provision of this information. Any member of staff who receives a written request should forward it to the Data Protection Compliance Manager immediately.
Providing information to third parties
Any member of staff dealing with enquiries from third parties should be careful about disclosing any personal information held by us. In particular they should:
- Check the identity of the person making the enquiry and whether they are legally entitled to receive the information they have requested.
- Suggest that the third party put their request in writing so the third party's identity and entitlement to the information may be verified.
- Refer to the Data Protection Compliance Manager for assistance in difficult situations.
- Where providing information to a third party, do so in accordance with the eight data protection principles.
Monitoring and review of the policy
This policy is reviewed annually by our board of directors to ensure it is achieving its stated objectives. Changes are updated to this policy will be noted on the Blue Octopus website.
Latest policy update: 2016-02-15