B-Plan Information Systems Limited (‘B-Plan’) recognises their responsibility and are committed to a policy of preserving the confidentiality of data as required by the General Data Protection Regulations (GDPR). We act as Data Controllers, retaining and process information about staff, customers, and other users of our services. To comply with the law, information must be collected and used fairly, stored safely and securely and not be disclosed to any third person unlawfully.
STATUS OF POLICY
The Data Controllers have approved this policy. Any person who feels that this policy has not been adhered to in respect of their own personal data should raise this with the Company Directors and/or the Aptos Operations Director as appropriate.
The Company Directors and the Aptos Operations Director are Data Controllers under the GDPR, and are responsible for their implementation. All staff members are responsible for ensuring that any personal data supplied to ‘B-Plan’ is accurate and up to date.
All staff members are responsible for ensuring that personal data is held securely and is not disclosed to any unauthorised third parties. This applies to electronic and paper records. Any unauthorised disclosure will be treated as a breach of GDPR and dealt with appropriately.
‘B-Plan’ will retain some items of information for longer than others depending on how it will be used and any statutory obligations. For example ‘Support Logs’ will be kept indefinitely; as they provide a valuable source of information for diagnosing product faults and resolutions, these logs may identify the individual who initially raised the log.
THE RIGHT OF ACCESS TO INFORMATION
The GDPR provides an individual with the right to access personal data relating to him/her which is held by ‘B-Plan’. This applies to data held electronically and also manual records that are in a relevant filing system. Any individual who wishes to exercise this right should make the request to the Aptos Operations Director in writing.
The company will only release any information upon receipt of written request, along with proof of identity. The requested information will be provided within 40 days of receipt of the request, unless there is sufficient reason for delay.
The right of access applies to all individuals.
Certain information (for example confidential references given by a third party) will not be disclosed without obtaining the referee’s consent to disclose the information.