Our GDPR Statement of Compliance
Aggregates ‘R’ Us recognises that the effective management of its data and records is necessary to comply with its legal and regulatory obligations and contributes positively to the overall management of the business. This document provides the policy framework through which this effective management can be achieved and audited.
Scope of the Policy
- This policy applies to all data records created, received or maintained by staff in the business in the course of carrying out its functions.
- Records are defined as all those documents which facilitate the business carried out and which are thereafter retained (for a set period) to provide evidence of it transactions or activities. These records may be created, received or maintained in hard copy or electronically.
- In respect of personal data and sensitive personal data, this policy relates to retention periods which enable us to comply with the requirements of our ‘Personal Data Processing Policy’ and the requirements of the ‘General Data Protection regulations’.
Responsibilities
- The business has a corporate responsibility to maintain it’s records and record keeping systems in accordance with the regulatory environment and legislative frameworks. The Chief Executive has overall responsibility for this policy.
- The person responsible for records and data management in the business will give guidance for good records management practice and will promote compliance with this policy so that information will be retrieved or deleted easily, appropriately and timely.
- In respect of personal data and sensitive personal data processed, the Company has appointed a Data Protection lead who will ensure compliance with the General Data Protection regulations and report to Board on all related matters.
- Individual employees must ensure that records for which they are responsible are accurate and are maintained and disposed of in accordance with the business’s records management guidelines, data processing policy and data retention policy.
Relationship with Existing Policies
This policy has been drawn up within the context of:
- General Data Protection Regulation (GDPR)
- Freedom of Information Policy
- Other legislation/regulation (including financial, audit, equal opportunities and ethics) affecting the business
Safe Disposal of Records
Where paper records have been identified for destruction they should be disposed of in an appropriate way. All staff records, or sensitive policy information, should be shredded before disposal with a cross cut shredder. All other paper records should be bundled up and disposed of, to a waste paper merchant. Do not put records in the dustbin or a skip.
There are companies who can provide confidential waste bins and other services which can be purchased to ensure records are disposed of in an appropriate way.
Any electronic records that are due to be disposed of in line with this policy, will be deleted permanently and confidentially from all systems when it is appropriate to do so.
Retention Guidelines
Some of the following retention guidelines are governed by statute. Others are guidelines following best practice. Every effort has been made to ensure these retention periods are compliant with the General Data Protection Regulation 2018 and other regulatory requirements. Managing these retention guidelines will be deemed to be ‘normal processing’ under this legislation.
Data Retention Schedule
Please refer to the Data Retention Schedule for more information or specific timescales regarding the retaining of personal data.
