This policy demonstrates our commitment to protecting the privacy and security of your personal information. It contains information regarding how we collect and use personal data or personal information about employees and applicants in accordance with the General Data Protection Regulation ((EU) 2016/679) (“GDPR”) and all other data protection legislation currently in force in the UK (“Data Protection Legislation”).
Pursuant to Data Protection Legislation, when processing data we will;
Each company within the group is registered as a Data Controller with the ICO, the registration numbers are as follows:
The AMT Group of Companies are “data controllers”. This means that we are responsible for determining the purpose and means of processing personal data relating to you.
“Personal data”, or “personal information”, means any information relating to an identified, or identifiable individual in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
There are “special categories” of sensitive personal data, meaning data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health conditions, sex life or sexual orientation, genetic data, and biometric data which require a higher level of protection.
This Data Protection Policy clarifies:
Employees’ obligations regarding handling of Personal Data are contained within the Employee Handbook and are as follows:
If an employee acquires any personal information in the course of their duties, they must ensure that:
What Personal Data do we collect, how do we collect it why do we process it and to whom is it shared?
Pre – Employment (Recruitment) – Personal Data:
-Name / Address
Condition for Processing Personal Data:
-Consent of individual by nature of application.
Some of the data we collect and process is considered Sensitive Personal Data and is detailed below:
Processing is necessary for carrying out obligations under employment, social security or social protection law, or a collective agreement.
All Sensitive Personal Data collected and processed is subject to strict controls. Access to the data is restricted to only those for whom access is necessary for processing the data, and the data is processed only as required to carry out our obligations as an employer. All employee data is kept securely in accordance with our Information Security policy.
Employees’ Personal Data may be shared with third parties for the following purposes:
Third parties which receive Personal Data from the AMT Group of Companies are required to:
Under certain circumstances, by law you have the right to:
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact James McGawley, Data Protection Officer in writing.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time.
To withdraw your consent, please contact James McGawley, Data Protection Officer. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
We have extensive security arrangements in place to protect personal data we hold on our systems. If you require full details on our security policy, please contact your account manager or the Data Protection Officer, the contact details for which are:
James McGawley
Data Protection Officer
AMT Group
174 Armley Road
Leeds
LS12 2QH
Telephone: 0844 826 2300
Email: james.mcgawley@amtvehiclerental.co.uk
We store Personal Data for differing periods depending on the type of Personal Data and in particular as follows:
Personal Data supplied by a customer on behalf of its client(s) in relation to the provision of services is stored until:
Personal Data held about employees is kept:
In each case the above applies unless a legal obligation or other legitimate interest requires us to store the data for a longer period.
We carry out regular audits of any Personal Data we hold to ensure as far as possible that we do not hold any Personal Data that is no longer required.
If you have a complaint regarding any aspect of our collection or processing of personal data or our data protection policy, please contact:
James McGawley
Data Protection Officer
AMT Group
174 Armley Road
Leeds
LS12 2QH
Telephone: 0844 826 2300
Email: james.mcgawley@amtvehiclerental.co.uk
On receipt of a complaint regarding Data Protection, within 1 working day we will acknowledge the complaint and provide a response. Where a complaint requires an extension to that time limit we will inform the complainant and provide a formal response with the conclusions to any investigation with utmost urgency.
All complaints received are logged for reference, detailing the original complaint, the details of any investigation and the resolution.
Where we are not able to reach a satisfactory resolution, individuals are advised of their right to report their concern to the Information Commissioners Office or to seek judicial remedy.
A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes.
When we become aware of a personal data breach, we will establish the likelihood and severity of the resulting risk to individuals’ rights and freedoms. Where necessary, we will promptly inform those affected. We will tell them:
When we become aware of any personal data breach we will document and justify any decisions made regarding it.
Where required and where feasible, we will notify the ICO of the breach within 72 hours. Where we are unable to provide a full explanation of the breach within 72 hours we will still provide notification of the breach and an explanation of the delay, with the results of the corresponding explanation being provided as soon as they are available.
We will document any breach, whether or not the ICO or any affected individuals are notified, as follows:
Personal data breaches should be reported to:
James McGawley
Data Protection Officer
AMT Group
174 Armley Road
Leeds
LS12 2QH
Telephone: 0844 826 2300
Email: james.mcgawley@amtvehiclerental.co.uk
We use essential cookies to make our site work. By clicking 'Accept', you agree to our website's cookie use as described in our Cookie Policy.