GDPR – Data Protection and Privacy Policies
Data Protection Policy
This policy applies to all employees, workers, contractors, volunteers and work experience placements. It is essential that you understand this policy and adhere to it.
J Blockbuster Ltd Data Protection Officer, Juliane Block has overall responsibility for implementing this policy. You are invited to speak with the Data Protection Officer, should you have any questions about the implementation of this policy.
J Blockbuster Ltd holds personal data relating to employees, clients/customers/service users/students, suppliers and other individuals for different business purposes.
The aim of this policy is to protect personal data relating to individuals.
- To ensure that employees of J Blockbuster Ltd understand the General Data Protection Regulation (GDPR) and how it applies to personal data which they have access to in order to perform their work activities.
- To make sure that employees report any potential or breaches of data protection and privacy and potentially new plans for data processing to the Data Protection Officer.
- To outline how J Blockbuster Ltd will collect and use your data.
Our business purposes for the processing of personal data are:
- Correspondence purposes, with customers/clients/service users/employees/former employees/potential employees, and suppliers.
- Recruitment, including checking references and any criminal records checks which are justified by law.
- Management of employees including monitoring and managing staff access to systems and facilities and employee absences, administration and assessments.
- Financial management.
- Legal, regulatory, corporate governance obligations and compliance.
- Business development and marketing our company J Blockbuster Ltd
- Operational reasons, including recording transactions, training and quality control, ensuring the confidentiality of commercially sensitive information, security vetting, and compliance checking.
- Compliance with service level agreements.
- Customer service, investigating complaints and improving services.
- To provide specialist consultancy investment advice.
In the EU’s General Data Protection Regulation (GDPR), Personal Data is defined as “ . . . any information relating to an identified or identifiable natural person (“data subject”).
An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, psychological, genetic, mental, economic, cultural or social identify of that person.
Personal data is information relating to identifiable individuals, including job applicants, employees and former employees, agency workers, volunteers, consultants, contractors, clients/customers, service users, suppliers and marketing contacts.
This personal data may include an individual’s contact details, educational background, financial and pay details, certificates and diplomas, education and skills, marital status, nationality, job title and CV.
Sensitive Personal Data
Information relating to an individual’s racial or ethnic origin, political opinions, religion and beliefs, trade union membership, physical or mental health, criminal records history must be strictly protected and controlled in accordance with this policy.
Where exceptional circumstances apply, or we are required to hold this data by law, explicit consent will be clearly sought with an explanation on why the information is being collected and to whom it will be disclosed.
Procedures and Principles
- Personal data must be processed fairly and lawfully and for no longer than is necessary.
- The processing of data must necessary to deliver the goods and services which we provide.
- We must not unduly prejudice an individual’s privacy.
- Our Terms of Business contain a Privacy Notice on data protection which provides the purposes for which we hold personal data on customers/service users/clients/students; Our Terms of Business also explain what information we share with third parties and why (this includes, expert witnesses, professional advisers, service providers, regulatory bodies etc, within the film industry. Customers are informed that they have a right of access to the personal data that we hold about them.
- New employees receive an Employee Privacy Notice on induction when we collect personal data which explains what personal data we hold and why and also that they have a right of access to the personal data that we hold about them.
- We will ensure that any personal data remains accurate and relevant and only used for the purpose or purposes, for which it was obtained.
- Personal data on paper should be retained in a secure lockable cabinet where unauthorised personnel cannot gain access to it.
- Printed documents should be shredded when no longer required.
- Information saved on computer systems should be password protected using strong passwords that are changed regularly.
- The storing of personal data on memory sticks or CDs should be kept to a minimum and storage devices must be locked away securely when not in use.
- Personal data must not be saved on a mobile device, such as a laptop, tablet or smartphone, unless it is encrypted or password secure.
- Personal data must not be transferred anywhere outside the UK without the express permission of the Data Protection Officer.
- All personnel, contractors, volunteers and work experience placements are required to report any actual or potential breaches in data protection and privacy to the Data Protection Officer so that an investigation and preventative action can be undertaken.
- A failure to comply with this policy will be investigated and may be subject to disciplinary action.
- J Blockbuster Ltd may wish to contact customers/clients/service users for Investment marketing purposes, however contact will only be made where additional consent for the purpose of marketing products/services has been given by the intended recipient.
- Data protection statements must be included on emails and marketing documents.
- Data protection statements must be approved by the Data Protection Officer.
- All new marketing activities must be reviewed by the Data Protection Officer to ensure compliance with the GDPR and this Data Protection Policy.
- Software and equipment meet information security standards by scanning hardware and software regularly and the provision of secure cloud based storage.
- The organisation’s IT systems have been set up to ensure data is protected from loss or misuse by design and default.
- Servers containing personal data are kept in a secure location, away from general office space and are regularly backed up in accordance with J Blockbuster Ltd back up procedures.
- Servers and networks are protected by security software designed for business and a protective firewall.
Data Protection Officer Responsibilities
- Keep management updated about data protection responsibilities, risks and issues.
- Regularly review data protection procedures and policies.
- Ensure that personnel are trained on the implementation of this policy.
- Answer questions relating to data protection in the company J Blockbuster Ltd.
- Respond to subject access requests and requests to delete or correct inaccurate or incomplete data about an individual.
- Approve the sharing of data with third parties after checking their policies, processing activities, security arrangements and contracts in relation to data processing, including in relation to the provision of cloud based storage systems.
Personal Data is defined in the General Data Protection Regulation (GDPR) as “any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data online identifier or to one or more factors specific to the physical, phycological, genetic, mental, economic, cultural or social identity of that person”.
We collect and use your personal data so that we can:
- Provide investment services to you, which meet your needs.
- In order to provide these investment services we must first collect and store your data for correspondence purposes. We will ensure that the information we collect is only used for this intended purpose and does not invade your privacy.
- We will collect and store your data in accordance with GDPR and do our utmost to keep your information secure accurate and up to date and for no longer than is necessary.
- Certain records have to be keep for longer for tax and audit purposes.
- We will only contact you when necessary, or when you have requested or agreed that we may do so. We will not ask for any unnecessary information.
J Blockbuster Ltd may wish to contact you to inform you of Investment services which may be of interest to you, however we will ask you to give your additional and explicit consent for us to do this and you may change your mind and opt-out of receiving marketing correspondence at any time.
We may need to share your data with third parties contracted by J Blockbuster Ltd.
J Blockbuster Ltd only engages with third parties who are contractually obliged to store your details securely and only process them if responding to a request by you to:
- On completion of the request, third parties will dispose of your personal data securely in accordance with our terms and conditions of engagement with them.
- We only pass on personal data to a third party where we have your explicit consent, or where we are legally required to do so.
If you wish to see the personal data that we hold on you and know how we process it and for what purpose, you may contact our Data Protection Officer and request this. The Request is known as a Data Subject Access Request (DSAR) and you must make your request in writing.
In order to meet your request J Blockbuster Ltd will require proof of identity. You may provide a photo driving licence/passport and a utility bill dated within the last three months.
Juliane Block Director
20 Bunhill Row,
To make using our website easier, small data files are placed on your computer. These are known as Cookies. Most commercial websites do this too.
Cookies improve such things as:
- Remembering settings, so that you do not have to keep re-entering them whenever you visit a new page.
- Remembering personal information that you have provided, such as your address and postcode to save you from re-typing the data.
- Monitoring how you use the website, such as the first page you looked at, so that we can make sure that it meets your needs.
Our cookies are not used to identify you personally. They are just here to make the website work better for you. You can mange and/or delete these small files as you wish and you can opt out of Google Analytics cookies for all sites.
To find more about cookies and how to manage them, go to aboutcookies.org.uk
a) First Party Cookies
There are also cookies that store basic data on your interactions with the website www.j-blockbuster.com and the CMS running the website.
b) Third Party Cookies
These are cookies set on your machine by external websites whose services are used on our website. Cookies of this type are the sharing buttons across the site that enable visitors to share content onto social network websites. Cookies are currently used by Twitter, Facebook, and Google+. If you wish, you can prevent sites setting third party cookies.
c) Log Files
Log files enable us to record the use of the website. These logs are automatically generated from all our visitors. We use these files to make improvements to the layout of the website and to the information on it, based on the way that visitors move around the website. Log files do not contain any personal information.
d) Links to Other Websites