Privacy Policy

This statement is provided with the intention of complying with the General Data Protection Regulation (GDPR)

Complete Compliance Solutions (CCS) will hold and process the following information:

• Personal and contact details including name, address, telephone numbers and email address.
• Particulars of employment including job title, hourly rate/salary and benefits.
• Financial information including bank details, N.I. number.
• Particulars of right to work in the UK.
• Particulars of qualifications and skills including licences, certificates and training.
• Emergency contact information.
• Particulars of performance, including tasks, exam results, attendance, sickness and absence.
• Sensitive information including protected characteristics under the Equality Act 2010 for equal opportunities monitoring and compliance.
• IT information including email addresses, log-ins and passwords.
• Particulars of processes e.g. disciplinary, grievance, performance management processes undertaken.
• Copies of letters and other communications between CCS and its clients.

CCS is the controller and processor of this information. This data has been gathered by consent and in the legitimate interesting of assisting CCS in fulfilling their contractual obligations. It will also be necessary for us to hold and process this data in the interests of your health, safety and welfare at work.

The Data Protection Officer responsible for the protection of your data is:

Greig Downie
T/A Complete Compliance Solutions
Cheriton Bungalow,
Llwyndu Lane,
Glais,
Swansea,
SA7 9JG

Tel - 07584 824740
Email – [email protected]

Your data will be used to monitor performance, communicate important documents and information, check skills, qualifications and experience, appraise performance and safeguard your health, safety and wellbeing in the workplace.

This is done based on receiving consent from data subjects confirming that data is being processes in accordance with contractual agreements and the legitimate interests of both parties. The failure to provide data or consent may result in CCS being unable to satisfy its contractual obligations.

The recipient of data is CCS and we anticipate that we may need to share your data with a number of organisations to ensure legal and statutory compliance. It is not anticipated that there will be any transfer of data to a third country. Accordingly, it is considered that safeguards for the transfer of data to a third country are not necessary at this time.

Data subject’s employment data will be held for the duration of their employment and for a further period thereafter of twelve months. This period has been set for the protection of CCS throughout your employment and for a period thereafter in the event of any employment tribunal claims. If such a claim has been filed, the data will be retained for a period of six years following resolution of that claim and for six years following the resolution of any further claims. This period has been determined for the protection of CCS in the event any professional negligence or breach of contract claims should CCS require representation to defend any claims.

Data subject’s financial data will be held for the duration of their employment and for a further period thereafter of twelve months. This period has been set for the protection of CCS throughout your employment and for a period thereafter in the event of any employment tribunal claims. If such a claim has been filed, the data will be retained for a period of six years following resolution of that claim and for six years following the resolution of any further claims. This period has been determined for the protection of CCS under HMRC requirements in the event any professional negligence or breach of contract claims should CCS require representation to defend any claims. Data subjects have the right to be informed of fair processing of information with a view to transparency of data. This policy is intended to fulfil that right.

Data subjects have the right to access the information CCS holds. Data subjects should make such a request in writing to the Data Protection Officer using the contact information on page 1 of this policy. Data subjects have the right to request information CCS holds is rectified if it is inaccurate or incomplete.

Data subjects should contact the Data Protection Officer, using the contact information on page 1 of this policy and provide them with the details of any inaccurate or incomplete data. CCS will ensure that this is amended within in one month. CCS may extend this period to two months in complex cases.

Data subjects have the right to erasure in the form of deletion or removal of personal data where there is no compelling reason for its continued storage or processing. CCs have the right to refuse to erase data where this is necessary in the right of freedom of expression and information, to comply with a legal obligation for the performance of a public interest task, exercise of an official authority, for public health purposes in the public interest, for archiving purposes in the public interest, scientific research, historical research, statistical purposes or the exercise or defence of legal claims. CCS will advice data subjects of the grounds for refusal should any such request be refused.

Data subjects have the right to restrict CCS’s processing of data until the accuracy of data is verified.

Data subjects have the right to restrict processing of data where they object to the processing (except where it is necessary for the performance of a public interest task or purpose of legitimate interests) and where we consider that CCS’s legitimate grounds override Data subject’s interests.

Data subjects have the right to restrict CCS processing data when processing is unlawful and data subjects oppose erasure and request restriction instead.

Data subjects have the right to restrict CCS processing data where CCS no longer need the data and the data subject requires the data to establish, exercise or defend a legal claim.

Data subjects have the right to data portability in that they may obtain and reuse their data for their own purposes across different services from one IT environment to another in a safe and secure way without hindrance to usability. The exact method will change from time to time. Data subjects will be advised of the method in place should they choose to exercise this right.

Data subjects have the right to object to the following:

• Data processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority.
• Direct marketing
• Data processing for purposes of scientific/historical research and statistics

The data collected by CCS is not anticipated to fall within the above categories.

Whilst there is no anticipated automated decision making relating to the data provided, data subjects have rights where there is automated decision making, including profiling. CCS may only do this where it is necessary for entry into, or performance of, a contract, authorised by EU or UK law based on your explicit consent. Whilst it is not anticipated that this will occur, where it does CCS will provide information about this processing, provide the data subject with ways to request human intervention or challenge a decision.

Data subjects have the right to withdraw consent at any time.

Data subjects have the right to lodge a complaint with a supervisory authority such as the Information Commissioner’s Office or any other regulators or accreditors that may regulate or provide accreditations to us from time to time.