Fardux (a Wellwise Group Company) takes information security very seriously to ensure privacy of the data we hold. We have put in place appropriate technical and organisational measures to ensure that our contractor’s personal details (and other data we hold) are held securely and that personal details are used in accordance with the General Data Protection Regulation (GDPR). Fardux Client’s and third party companies sharing personal data with us solely for business purposes are expected to act similarly. End User shall apply all due diligence necessary in order to prevent further processing in any manner incompatible with that purposes. Any misuse of our confidential data will be reported to the Information Commissioners Office (ICO) accordingly.
Fardux Limited fully supports the eight legal requirements on the General Data Protection Regulation (GDPR) and ensures our internal quality systems comply with the requirements:
- Personal data shall be processed fairly and lawfully and in a transparent manner.
- Personal data shall be obtained for specific, explicit and legitimate purposes, and shall not be further processed in any manner incompatible with that purpose.
- Personal data shall be adequate, relevant and limited to what is necessary to the purpose for which they are processed.
- Personal data shall be accurate and, where necessary, kept up to date.
- Personal data processed for any purpose shall not be kept for longer than is necessary and each employee or contractor will have the right to ask for their data to be deleted from our records if they wish to stop working for us.
- Appropriate technical and organizational measures shall be taken to process data in an appropriate manner to maintain security, to protect data we control and implement policies and supporting documents to outline and communicate this.We will notify any data breach to the regulator (ICO) within 72 hours.
This policy is applicable to all Wellwise Group Employees, temporary employees, Training Course Delegates, Clients and third party agents and contractors.
Information we may collect from you
We will collect and store Client and Training School Delegate information provided to us when undergoing our registration process:
- Personal Details (ie name and title; gender, date of birth)
- Contact Details (ie email address, mailing address and telephone numbers)
- Bank Account and transaction Details for payment purposes only
- Technical Data (ie IP address, log in data)
- Profile Data (ie username and password and feedback and survey responses)
- Image Data via CCTV (only if you attend our premises)
We do not knowingly collect “special category” personal data such as your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation, and genetic data and/or biometric data. We also do not collect information about criminal convictions or offences.
How do we use your personal data?
Personal Data will be processed fairly and lawfully, and will be obtained and processed solely for the administrative purposes and contractual necessity of the Company. Every effort will be made to keep personal data accurate and up to date and it is your responsibility to ensure that you inform us of any change of address, next of kin or any changes such as bank account in order that your personnel file and pay details may be kept up to date.
- To enable us to carry out our services
- To identify you
- To respond to your enquiries
- To allow you to register with our company for technical support
- To carry out billing and payments and administration activities
- To distribute periodic newsletters
Personal data will not be kept longer than is necessary, although legal retention of data will need to be adhered to. Third Party access to information concerning you, in relation to your work, will only be provided if you have provided written authorisation.
Wellwise Group has conducted a Risk Assessment to demonstrate we are complying with the General Data Protection Regulations (GDPR). This means we have properly considered the lawful basis upon which we collect personal data.
Using Data outside the EEA
Although we are based in England we may transfer your personal information to a location (for example, to a secure server) outside the European Economic Area, if we consider necessary for the purposes set out in this Privacy Notice.
Right of Access to Personal Files
Employees have a right to access their personal file upon reasonable notice to the Company.
Clients have the right to withdraw their consent for us to use their personal data if they no longer wish to be contacted and unsubscribe from our Newsletter distribution. Should this be the case you can contact Fardux Limited by email at any time to begin this process. We will delete your data within 30 days of written request.
Fardux Limited Website
We may use your IP address to assist us in administering our website. Your IP address is not linked to any data that could be used to identify you personally.
Linking to other Websites
Our website may contain links to other sites or resources that are provided solely for your convenience. Fardux Limited is not responsible for the availability of external sites or resources linked to our website, and does not endorse and is not responsible or liable for any content, advertising, products or other materials on or available from such sites or resources. Transactions that occur between you and any third party are strictly between you and the third party and are not the responsibility of Fardux Limited. None of the personal information described above is passed to any of these sites.
How do we keep your personal data secure?
Fardux Limited has security measures in place designed to prevent data loss, to preserve data integrity, and to regulate access to the data. Only authorized Fardux Limited and third parties processing data on our behalf have access to your personal data.
The security measure we have in place include:
- Regular reviews of information collection, storage and processing practices to protect against unauthorized access
- Use of secure technologies (e.g. SSL Certificates and encryption of remote access data)
- Password protection to our website private area (you are responsible for keeping this password confidential and we ask you not to share your password with anyone).
- Regular backup to encrypted secure storage
- All Company Mobile telephones have fingerprintaccess technology
All Data Breaches will be investigated and an incident report recorded. Relevant Data Breaches will be reported to the ICO (Information Commissioners Office) the UK Regulator for information rights. Measures will be put in place to correct the root cause of the breach.
Should you require any further information regarding this policy please contact our QHSE department (email@example.com).