TUTIS holds and processes information about employees, contractors, and other data subjects for personal, administrative and commercial purposes. When handling such information, the company, and all staff or others who process or use any personal information, must comply with the Data Protection Principles. In summary these state that personal data shall:
Definitions:
Notification of Data Held:
The Company shall notify all staff contractors and other relevant data subjects of the types of data held and processed by the company concerning them, and the reasons for which it is processed.
Staff Responsibilities:
Rights to Access Information
Staff, Contractors and other data subjects in the Company have the right to access any personal data that is being kept about them either on computer or in structured and accessible manual files. Any person may exercise this right by submitting a request in writing to the appropriate designated data controller.
The Company aims to comply with requests for access to personal information as quickly as possible, but will ensure that it is provided within 30 days unless there is good reason for delay. In such cases, the reason for the delay will be explained
Subject Consent
In some cases, such as the handling of sensitive information or the processing of confidential data, the Company is entitled to process personal data only with the consent of the individual.
The Company may process sensitive information about a person's health, disabilities, criminal convictions, race or ethnic origin, or trade union membership in pursuit of the legitimate interests of the Company.
The Company also asks for information about particular health needs, such as allergies to particular forms of medication, or conditions such as asthma or diabetes. The Company will only use such information to protect the health and safety. The Company will keep different types of information for differing lengths of time, depending on legal, academic and operational requirements
Compliance
Compliance with the Act is the responsibility of all concerned and members of staff. Any deliberate or reckless breach of this Policy may lead to disciplinary, and where appropriate, legal proceedings. Any individual, who considers that the policy has not been followed in respect of personal data about him or herself, should raise the matter with the designated data controller initially. If the matter is not resolved it should be referred to the staff grievance or complaints procedure.