Enquiries

Enquiries

We would be delighted to hear from you and will can to respond to your email enquiries within 24 hours. Thank you for your interest in Marsh Industries.

    Advanced sewage treatment plant

    Privacy policy

    Marsh Industries Data Protection Policy

    Policy information

    Marsh Industries Ltd

    The board of directors have agreed that The Managing Director determines the purposes for which and the manner in which any personal data are held, or are to be processed.

    The scope of policy

    The policy applies to all sites and offices the Managing Director is responsible for. Marsh has instructed our agencies to ensure full compliance with all and future UK & EU legislation

    Policy operational date

    The policy will be reviewed every 3 years

    Policy prepared by

    The Directors of Marsh Industries

    Date approved by Board/ Management Committee

    This policy was approved on the 22nd January 2018

    Policy review date

    Review December 2024

    Introduction

    Purpose of policy

    Marsh Industries has introduced this policy:

    • complying with the law
    • following good practice
    • protecting clients, staff and other individuals
    • protecting the organisation

    Types of data

    Employees and customer details will be covered by this policy. For further data please visit the government website

    Policy statement

    Marsh Industries will:

    • comply with both the law and good practice
    • respect individuals’ rights
    • be open and honest with individuals whose data is held
    • provide training and support for staff who handle personal data, so that they can act confidently and consistently
    • Notify the Information Commissioner voluntarily, even if this is not required

    Please note the guidance from Marsh on when breaches should be reported as this is one of the main changes from the current Data Protection Act and GDPR

    Key risks

    Marsh Industries will to its best endeavours prevent

    • information about data getting into the wrong hands, through poor security or inappropriate disclosure of information
    • individuals being harmed through data being inaccurate or insufficient

    Responsibilities

    The Board / Company Directors

    Have overall responsibility for ensuring that the organisation complies with its legal obligations.

    Data Protection Officer

    The Managing Director is responsible for

    • Briefing the Board on Data Protection responsibilities
    • Reviewing Data Protection and related policies
    • Advising other staff on tricky Data Protection issues
    • Ensuring that Data Protection induction and training takes place
    • Notification to the Board
    • Handling subject access requests
    • Approving unusual or controversial disclosures of personal data
    • Approving contracts with Data Processors

    Outside Organisations

    Marsh will seek advice from the EEF, Northgate Arinso & its professional advisors to ensure compliance.

    Employees & Volunteers

    All staff and volunteers are required to read, understand and accept policies and procedures that relate to the personal data they may handle in the course of their work.

    Enforcement

    Breaches in compliance with Data Protection may result in disciplinary action

    Security

    Scope

    Business Continuity is included below but you may want to move this to a separate policy

    Setting security levels

    Brightwell Marketing & Blue Moon Computer Services will ensure adequate IT security systems are in place and maintained

    Security measures

    Marsh will ensure its IT, Computer consultants and marketing companies have a fully compliant system. The company Lawyers will address any breach in compliance by third parties.

    Data recording and storage

    Accuracy

    Marsh will have measures in place to ensure data accuracy. For example, where information is taken over the telephone, how is it checked back with the individual? If the information is supplied by a third party, what steps will be taken to ensure or check its accuracy?

    Updating

    Please note the separate requirements for the data we hold. For example, we cannot keep CVs for more than 6 months unless we have express permission from the candidates

    Storage

    All information is stored electronically where ever possible

    Retention periods

    A maximum period of 2 years with permission from individuals

    Archiving

    The company stores invoices, its own bank information for 10 years employee data is held only when employed by the company

    Right of Access

    Responsibility

    the directors are responsible for ensuring that right of access requests are handled within the legal time limit which is one month

    Procedure for making request

    Right of access requests must be in writing. There should be a clear responsibility for all employees to pass on anything which might be a subject access request to the appropriate person without delay.

    Provision for verifying identity

    Where the person managing the access procedure does not know the individual personally there should be provision for checking their identity before handing over any information

    Procedure for granting access

    If the request is made electronically, we will provide the information in a commonly used electronic format.

    The GDPR includes a best practice recommendation that, where possible, organisations should be able to provide remote access to a secure self-service system which would provide the individual with direct access to his or her information

    Transparency

    Commitment

    Marsh will explain its commitment to ensuring that Data Subjects are aware that their data is being processed and

    • for what purpose it is being processed
    • what types of disclosure are likely, and
    • how to exercise their rights in relation to the data

    Procedure

    When Marsh deems there are standard ways for each type of Data Subject to be informed, these will be given, for example:

    • the handbook for employees
    • in the welcome letter or pack for members, with occasional reminders in the newsletter
    • during the initial interview with clients
    • on the website

    Responsibility

    Individuals in the company are responsible for their actions when passing on information outside of working hours and the company premises.

    Lawful Basis

    Underlying principles

    GDPR states we must record the lawful basis for the personal data we hold a

    Opting out

    Marsh Industries is not relying on consent, but will give people the opportunity to opt out of their data being used in particular ways

    Withdrawing consent

    Marsh the organisation may wish to acknowledge that, once given, consent can be withdrawn, but not retrospectively. There may be occasions where the organisation has no choice but to retain data for a certain length of time, even though consent for using it has been withdrawn

    Employee training & Acceptance of responsibilities

    Induction

    All employees who have access to any kind of personal data will have their responsibilities outlined during their induction procedures

    Continuing training

    There are opportunities to raise Data Protection issues during employee training, team meetings, supervisions, etc.

    Procedure for staff signifying acceptance of policy

    The policy will be included in the Company Handbook

    Policy review

    Responsibility

    The board of directors are responsible for the review

    Procedure

    Site Manager will be briefed on Data Protection regulation

    Timing

    Review will be completed by December 2020

    About cookies

    This website uses cookies. By using this website and agreeing to this policy, you consent to Marsh’s use of cookies in accordance with the terms of this policy.

    Cookies are files sent by web servers to web browsers and stored by the web browsers.

    The information is then sent back to the server each time the browser requests a page from the server. This enables a web server to identify and track web browsers.

    There are two main kinds of cookies: session cookies and persistent cookies. Session cookies are deleted from your computer when you close your browser, whereas persistent cookies remain stored on your computer until deleted, or until they reach their expiry date.

    Cookies on our website

    Marsh uses the following cookies on this website, for the following purposes.

    When visiting this website you choose your language. Marsh stores this information so when you re-visit you are taken directly to the appropriate website.

    Refusing cookies

    Most browsers allow you to refuse to accept cookies.

    In Internet Explorer, you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector.

    In Firefox, you can adjust your cookies settings by clicking “Tools”, “Options” and “Privacy”.

    Blocking cookies will have a negative impact upon the usability of some websites.

    Go back to homepage