Coventry and Warwickshire Reinvestment Trust
Privacy, Data Protection and Data Retention Statement
This statement defines CWRTs approach to, and arrangements for, acquiring, recording, holding, and using the private information of both clients and employees.
2. Data Protection
All CWRTs activities in this area will be in accordance with Data Protection legislation as amended and updated from time to time. The Data Controller is Coventry and Warwickshire Reinvestment Trust Ltd (CWRT). CWRT is registered by the Information Commissioner’s Office and the company’s data protection registration number is Z9306273.
3. Information Sought and Held
Only information necessary for the ongoing smooth running and/or future development of the business will be acquired and held.
This includes information sought from clients and prospective clients to be used in connection with loans and business support services offered by CWRT. Information may be acquired and held as a consequence of contractual requirements specified by funding partners.
It also includes that personal information required of employees and directors in order that CWRT can discharge its employment and FCA registration obligations.
CWRT will take appropriate technical and organisational measures to guard against theft and unauthorised processing of personal data, and against accidental loss, damage or destruction.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added, and the cookie helps analyse web traffic or lets you know when you visit a site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to client needs. We only
use this information for statistical analysis purposes and then the data is removed from the system.
6. Link to Other Websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
7. Consent to Hold and Use Information
Officers will always ensure that CWRT has notified individuals providing personal information of the reasons why the information is being sought and they will seek consent in writing, or by an appropriate annotation of an on-line form, (or by verbal consent if the information is basic contact data needed to respond to an enquiry), before recording and using the information. This applies to information acquired in person, by phone, email, letter, or through a web portal.
The nature of the consent/agreement to hold and use information will be in accordance with legislation.
8. Use of Information
Depending on the nature of the consent/agreement to hold information, CWRT will use it for one or more of the following purposes
· Payroll and tax
· Employee performance, disputes, and complaints
· Registrations and accreditations (including FCA)
· Data verification
· Credit referencing
· Assessing possible money laundering and terrorist funding
· Legal and policing reasons including intellectual property requirements
· Accounting purposes
· Providing data to funders as specified in contracts
· Sharing with partners and suppliers
· Assessing suitability to join initiatives
9. Retention and Discarding Information
CWRT will make every effort to discard information no longer needed whether it be held in hard copy or digital format. In pursuit of this aim the organisation will define the retention period for each type of record and ensure that this timing is notified to information providers.
10. Access to Information Held
CWRT undertakes to provide details of information held about an individual (a Data Subject) on request and in a timely manner. All requests to access personal data (Subject Access Requests) held by CWRT should be addressed in writing to the Data Protection Officer. Note that verbal requests cannot be accepted. Once a requester is identified, CWRT aims to locate and provide the information requested within 30 calendar days. It will provide an explanation if it is unable to provide the information.
CWRT confirms that a Data Subject: has the right to see all the personal information it holds about a subject, is entitled to be given a summary of the information held and why it is held and how long it can be kept. This right is limited by certain exemptions set out in Data Protection legislation.
11. Right to Erasure
Data Subjects have the right to have their data ‘erased’ in certain circumstances. CWRT will
without undue delay, erase any data if one of the following applies:
a. When the original purpose for the personal data is no longer necessary or the data itself is no longer necessary for the purpose.
b. When the individual no longer consents.
c. The individual uses their right to object to data processing (Article 21)
d. There is a legal obligation for the data to be erased.
Data Subjects should address a written request to have their data erased to the Data Protection Officer. As in paragraph 10 above, verbal request cannot be accepted.
12. Information Security
All staff and directors are responsible for ensuring that:
· Any personal data, which they process, is kept securely in accordance with this statement and the Financial Information Security policy.
· Personal data is not disclosed accidentally or otherwise to any unauthorised third party.
In addition, staff will ensure that adequate security measures are taken. For example:
· Adherence to CWRT’s clear desk policy
· Passwords will only be disclosed to relevant staff members when required.
· Computer screens will be locked when stepping away from desks.
· Personnel cabinets will always be locked when not in use and when in use will not be left unattended.
· Emails will be used with care ensuring that data is sent only to the intended recipients.
· Data will not be saved to staff members personal computers or mobile devices.
· Breaches in security will be reported to the Data Protection Officer within 48hours.
13. Staff Training
Appropriate training will be provided for every staff member and director to ensure that the responsibilities covered by this statement are discharged fairly and competently. Guidance will be provided to assist staff.
Archived documents are kept at an offsite location, currently Squab Hall Farm, Harbury Lane, Bishops Tachbrook, Leamington Spa, Warwickshire, CV33 9QB.
15. Audit and Oversight
CWRT’s Finance Risk and Strategy Committee (FRS) has authority for overseeing this statement. The findings of an annual audit of the statement undertaken by staff will be reviewed by the FRS and appropriate updates, amendments and corrective actions will be noted and/or authorised.
16. Our complaints procedure:
CWRT’s customers are at the heart of its business and all staff are committed to providing the highest quality service. So, if you’re not happy with our service, please let us know so we can put things right.
The Data Protection Officer will deal with any written complaint about a subject request and about what information has been disclosed. The Data Protection Officer can be contacted at:
Coventry & Warwickshire Reinvestment Trust Enterprise Centre
Coventry University Technology Park Puma Way
Coventry CV1 2TX
If you remain, dissatisfied you have the right to refer the matter to the Information Commissioner’s Office (ICO):
|By Post||ICO Helpline|
|0303 123 firstname.lastname@example.org|