SR Supply Chain Consultants Ltd needs to gather and use certain information about individuals.
These can include customers, suppliers, business contacts, employees and other people the organisation has a relationship with or may need to contact.
This policy describes how this personal data must be collected, handled and stored to meet the company’s data protection standards — and to comply with the law.
The Data Protection Act 2018 describes how organisations — including SR Supply Chain Consultants Ltd must collect, handle and store personal information.
These rules apply regardless of whether data is stored electronically, on paper or on other materials.
To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully.
The Data Protection Act is underpinned by the data protection principles:
This policy applies to:
It applies to all data that the company holds relating to identifiable individuals, even if that information technically falls outside of the Data Protection Act 2018. This can include:
This policy helps to protect SR Supply Chain Consultants Ltd from some very real data security risks, including:
Everyone who works for or with SR Supply Chain Consultants Ltd has some responsibility for ensuring data is collected, stored, and handled appropriately.
Each team that handles personal data must ensure that it is handled and processed in line with this policy and data protection principles.
However, these people have key areas of responsibility:
The IT Support Officer is responsible for:
The Marketing Manager is responsible for:
These rules describe how and where data should be safely stored. Questions about storing data safely can be directed to the IT manager or data controller.
When data is stored on paper, it should be kept in a secure place where unauthorised people cannot see it.
These guidelines also apply to data that is usually stored electronically but has been printed out for some reason:
When data is stored electronically, it must be protected from unauthorised access, accidental deletion, and malicious hacking attempts:
Personal data is of no value to SR Supply Chain Consultants Ltd unless the business can make use of it. However, it is when personal data is accessed and used that it can be at the greatest risk of loss, corruption, or theft:
The law requires SR Supply Chain Consultants Ltd to take reasonable steps to ensure data is kept accurate and up to date.
The more important it is that the personal data is accurate, the greater the effort SR Supply Chain Consultants Ltd should put into ensuring its accuracy.
It is the responsibility of all employees who work with data to take reasonable steps to ensure it is kept as accurate and up to date as possible.
All individuals who are the subject of personal data held by SR Supply Chain Consultants Ltd are entitled to:
If an individual contacts the company requesting this information, this is called a subject access request.
Subject access requests from individuals should be made by email, addressed to the data controller at firstname.lastname@example.org. The data controller can supply a standard request form, although individuals do not have to use this.
Individuals will be charged £10 per subject access request. The data controller will aim to provide the relevant data within 14 days.
The data controller will always verify the identity of anyone making a subject access request before handing over any information.
In certain circumstances, the Data Protection Act allows personal data to be disclosed to law enforcement agencies without the consent of the data subject.
Under these circumstances, SR Supply Chain Consultants Ltd will disclose requested data. However, the data controller will ensure the request is legitimate, seeking assistance from the board and from the company’s legal advisers where necessary.
SR Supply Chain Consultants Ltd aims to ensure that individuals are aware that their data is being processed, and that they understand:
To these ends, the company has a privacy statement, setting out how data relating to individuals is used by the company.
Related policies, registration and certificates:
Password Policy: POL 27
ICO Registration Number: ZA121375
Cyber Essentials Certificate Number: QGCE 3032
On the 25th May 2018 the Data Protection Act 1998 will be replaced by the General Data Protection Regulation (GDPR). The condition for processing under the GDPR will be:
We collect and use learner information under Article 6 ad Article 9 for reasons of:
We hold learner data on our cloud, Aptem, CRM and e-portfolio and potentially Xero, accounts, until up until 3 years after the learner has completed their training. All servers are based in the UK and have the relevant security measures in place in the line with GDPR.
The information we collect through our registration forms is based on the requirements of the Chartered Institute of Procurement and Supply (CIPS), and in the case of apprentices, the ESFA. In order to comply with the General Data Protection Regulation, we will inform you whether you are required to provide certain information or whether it is voluntary.
We share learner information as required with the following parties:
We share learner information with on statutory basis. The data sharing is required for the awarding of the CIPS certifications and in the case of apprenticeships for the drawdown of levy funding. Please see the ESFA Data Sharing policy for more information.
Under the GDPR legislation, learners have the right to request access to the information we hold about them. To make a request for your personal information please contact email@example.com.
You have the right to:
If you have a concern about the way we collect or use your personal data please raise the concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/make-a-complaint/
If you would like to discuss please contact:
SR Supply Chain Consultants Ltd
Business First Centre
Customer Support Coordinator
Emma joined SRSCC in 2019 on a freelance basis taking on a teaching and learning consultancy role. She has 20 years of experience in education as a qualified teacher, working in adult learning, secondary and primary school settings in the UK as well as abroad, namely Japan, Hungary, and France.
More recently Emma has been teaching yoga, resilience, and mindfulness in primary schools to promote the physical and mental well-being of both pupils and staff.
Being multi-lingual and having a zeal for communication, cultural exchange and life-long learning Emma jumped at the opportunity to join the company as a Course Mentor. Building a good rapport with her learners, supporting them to overcome any challenges on their apprentice journey and facilitating them to fulfil their potential is her motivation.
Cumbrian born and bred in the Lake District, Emma enjoys the outdoors. When not relaxing in tree pose, she is most at home trail running in the hills with her husband and dog. Having clocked up 4 marathons to date, the application of her long-distance running mindset of perseverance, determination, discipline and patience is key to supporting her learners in their studies.
Ashlee has joined the SRSCC team as an Office Administrator, and with a level 2 and 3 in Business Administration, she fits right in!
Ashlee has a wide range of experience from working as a Legal Secretary for the Royal Air Force to managing a team. Ashlee is eager to use her customer service and business administration skills for her new role at SRSCC.
Sales and Business Development Assistant
Declan recently graduated University studying BSc Business and Management with Marketing achieving a 2:1 and was looking for a role in Business Development to put his knowledge and education to the test.
He has a strong desire to grow the SRSCC brand and customer base. Working alongside our Business Development and Relationship Manager; he looks to strengthen both our Commercial and Apprenticeship learner portfolio by liaising with potential and existing learners through building customer relationships and understanding their requirements.