Governance and Policies 2019-08-22T15:51:27+00:00

DATA PROTECTION POLICY

A. INTRODUCTION

We may have to collect and use information about people with whom we work.  This personal information must be handled and dealt with properly, however it is collected, recorded and used, and whether it be on paper, in computer records or recorded by any other means.

We regard the lawful and correct treatment of personal information as very important to our successful operation and to maintaining confidence between us and those with whom we carry out business.  We will ensure that we treat personal information lawfully and correctly.

To this end we fully endorse and adhere to the principles of the General Data Protection Regulation (GDPR).

This policy applies to the processing of personal data in manual and electronic records kept by us in connection with our human resources function as described below. It also covers our response to any data breach and other rights under the GDPR.

This policy applies to the personal data of job applicants, existing and former employees, apprentices, volunteers, placement students, workers and self-employed contractors. These are referred to in this policy as relevant individuals.

B. DEFINITIONS

“Personal data” is information that relates to an identifiable person who can be directly or indirectly identified from that information, for example, a person’s name, identification number, location, online identifier. It can also include pseudonymised data.

“Special categories of personal data” is data which relates to an individual’s health, sex life, sexual orientation, race, ethnic origin, political opinion, religion, and trade union membership. It also includes genetic and biometric data (where used for ID purposes).

“Criminal offence data” is data which relates to an individual’s criminal convictions and offences.

“Data processing” is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

C. DATA PROTECTION PRINCIPLES

Under GDPR, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:

  1. processing will be fair, lawful and transparent
  2. data be collected for specific, explicit, and legitimate purposes
  3. data collected will be adequate, relevant and limited to what is necessary for the purposes of processing
  4. data will be kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay
  5. data is not kept for longer than is necessary for its given purpose
  6. data will be processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures
  7. we will comply with the relevant GDPR procedures for international transferring of personal data

D. TYPES OF DATA HELD

We keep several categories of personal data on our employees in order to carry out effective and efficient processes. We keep this data in a personnel file relating to each employee and we also hold the data within our computer systems, for example, our holiday booking system.

Specifically, we hold the following types of data:

  1. personal details such as name, address, phone numbers
  2. information gathered via the recruitment process such as that entered into a CV or included in a CV cover letter, references from former employers, details on your education and employment history etc
  3. details relating to pay administration such as National Insurance numbers, bank account details and tax codes
  4. medical or health information
  5. information relating to your employment with us, including:
    1. job title and job descriptions
    2. your salary
    3. your wider terms and conditions of employment
    4. details of formal and informal proceedings involving you such as letters of concern, disciplinary and grievance proceedings, your annual leave records, appraisal and performance information
    5. internal and external training modules undertaken

All of the above information is required for our processing activities. More information on those processing activities are included in our privacy notice for employees, which is available from your manager.

E. EMPLOYEE RIGHTS

You have the following rights in relation to the personal data we hold on you:

  1. the right to be informed about the data we hold on you and what we do with it;
  2. the right of access to the data we hold on you. More information on this can be found in the section headed “Access to Data” below and in our separate policy on Subject Access Requests”;
  3. the right for any inaccuracies in the data we hold on you, however they come to light, to be corrected. This is also known as ‘rectification’;
  4. the right to have data deleted in certain circumstances. This is also known as ‘erasure’;
  5. the right to restrict the processing of the data;
  6. the right to transfer the data we hold on you to another party. This is also known as ‘portability’;
  7. the right to object to the inclusion of any information;
  8. the right to regulate any automated decision-making and profiling of personal data.

More information can be found on each of these rights in our separate policy on employee rights under GDPR.

F. RESPONSIBILITIES

In order to protect the personal data of relevant individuals, those within our business who must process data as part of their role have been made aware of our policies on data protection.

We have also appointed employees with responsibility for reviewing and auditing our data protection systems.

G. LAWFUL BASES OF PROCESSING

We acknowledge that processing may be only be carried out where a lawful basis for that processing exists and we have assigned a lawful basis against each processing activity.

Where no other lawful basis applies, we may seek to rely on the employee’s consent in order to process data.

However, we recognise the high standard attached to its use. We understand that consent must be freely given, specific, informed and unambiguous. Where consent is to be sought, we will do so on a specific and individual basis where appropriate. Employees will be given clear instructions on the desired processing activity, informed of the consequences of their consent and of their clear right to withdraw consent at any time.

H. ACCESS TO DATA

As stated above, employees have a right to access the personal data that we hold on them. To exercise this right, employees should make a Subject Access Request. We will comply with the request without delay, and within one month unless, in accordance with legislation, we decide that an extension is required. Those who make a request will be kept fully informed of any decision to extend the time limit.

No charge will be made for complying with a request unless the request is manifestly unfounded, excessive or repetitive, or unless a request is made for duplicate copies to be provided to parties other than the employee making the request. In these circumstances, a reasonable charge will be applied.

Further information on making a subject access request is contained in our Subject Access Request policy.

I. DATA DISCLOSURES

The Company may be required to disclose certain data/information to any person. The circumstances leading to such disclosures include:

  1. any employee benefits operated by third parties;
  2. disabled individuals – whether any reasonable adjustments are required to assist them at work;
  3. individuals’ health data – to comply with health and safety or occupational health obligations towards the employee;
  4. for Statutory Sick Pay purposes;
  5. HR management and administration – to consider how an individual’s health affects his or her ability to do their job;
  6. the smooth operation of any employee insurance policies or pension plans;
  7. to assist law enforcement or a relevant authority to prevent or detect crime or prosecute offenders or to assess or collect any tax or duty.

These kinds of disclosures will only be made when strictly necessary for the purpose.

J. DATA SECURITY

All our employees are aware that hard copy personal information should be kept in a locked filing cabinet, drawer, or safe.

Employees are aware of their roles and responsibilities when their role involves the processing of data.  All employees are instructed to store files or written information of a confidential nature in a secure manner so that it is only accessible by people who have a need and a right to access them and to ensure that all PCs, laptops etc are secured when unattended. No files or written information of a confidential nature is to be left where it can be accessed by unauthorised people.

Where data is computerised, it should be coded, encrypted or password protected both on a local hard drive and on a network drive that is regularly backed up. If a copy is kept on removable storage media, that media must itself be kept in a locked filing cabinet, drawer, or safe.

Employees must always use the passwords provided to access the computer system and not abuse them by passing them on to people who should not have them.

Personal data relating to employees should not be kept or transported on laptops, USB sticks, or similar devices, unless prior authorisation has been received. Where personal data is recorded on any such device it should be protected by:

  1. ensuring that data is recorded on such devices only where absolutely necessary.
  2. using an encrypted system — a folder should be created to store the files that need extra protection and all files created or moved to this folder should be automatically encrypted.
  3. ensuring that laptops or USB drives are not left where they can be stolen.

Failure to follow the Company’s rules on data security may be dealt with via the Company’s disciplinary procedure. Appropriate sanctions include dismissal with or without notice dependent on the severity of the failure.

K. THIRD PARTY PROCESSING

Where we engage third parties to process data on our behalf, we will ensure, via a data processing agreement with the third party, that the third party takes such measures in order to maintain the Company’s commitment to protecting data.

L. INTERNATIONAL DATA TRANSFERS

The Company does not transfer personal data to any recipients outside of the EEA.

M. REQUIREMENT TO NOTIFY BREACHES

All data breaches will be recorded on our Data Breach Register. Where legally required, we will report a breach to the Information Commissioner within 72 hours of discovery. In addition, where legally required, we will inform the individual whose data was subject to breach.

More information on breach notification is available in our Breach Notification policy.

N. TRAINING

New employees must read and understand the policies on data protection as part of their induction.

All employees receive training covering basic information about confidentiality, data protection and the actions to take upon identifying a potential data breach.

The nominated data controller/auditors/protection officers for the Company are trained appropriately in their roles under the GDPR.

All employees who need to use the computer system are trained to protect individuals’ private data, to ensure data security, and to understand the consequences to them as individuals and the Company of any potential lapses and breaches of the Company’s policies and procedures.

O. RECORDS

The Company keeps records of its processing activities including the purpose for the processing and retention periods in its HR Data Record. These records will be kept up to date so that they reflect current processing activities.

P. DATA PROTECTION COMPLIANCE

Our Data Protection Officer is:

Patrick O’Gorman
dpo@bcegi.co.uk
+44 (0) 746 748 1311

HEALTH AND SAFETY

STATEMENT OF INTENT

BCEGI is committed to eliminating incidents of injury and ill health to its employees and any other stakeholders affected by its activities. As part of this duty BCEGI will operate its business in compliance with its obligations under all applicable health and safety Regulations and – where appropriate – best practice standards and industry codes relevant to its operations.

In support of this commitment BCEGI will provide a safe place of work for its people, ensuring that all risks arising out of its business activities are identified and hazards effectively controlled. This includes providing instruction and training to its people to enable work to be carried out safely, and without ill health effects.

RESPONSIBILITIES

Responsibility for this Policy ultimately lies with the BCEGI Lead Director, supported by the Management Team and SHEQ Lead who are responsible for the implementation of the Policy Statement and all associated Management Standards. The Management Team – supported by Project Managers – must at all times demonstrate proactive and visible leadership in relation to health and safety management, and are responsible for communicating BCEGI health and safety objectives throughout the organisation, and for ensuring that effective arrangements are in place and effective at a Project level. This Policy and associated Management Standards are mandatory across all BCEGI operations and as such all BCEGI Employees and Stakeholders are expected to comply with all related arrangements.

ARRANGEMENTS

Arrangements for the management of Health and Safety are contained within the BCEGI Integrated Management System (IMS), and are made available to all employees, supply chain partners and affected parties. This policy is subject to continual review to ensure that it remains relevant to the scope of BCEGI operations and to account for changes in its working practices.

AUTHORISATION

Dongwen Yu
Lead Director
1st February 2019

Archive: 2018 Health and Safety Policy
2017 Health and Safety Policy
2016 Health and Safety Policy

ENVIRONMENT

STATEMENT OF INTENT

BCEGI recognises the importance of minimising the impact of its activities on the environment and is committed to eliminating incidents of pollution whilst continually reducing the environmental footprint associated with delivering its business operations. As part of this duty BCEGI will operate its business in compliance with its obligations under all applicable environmental Regulations and – where appropriate – relevant best practice standards and industry codes.

In support of this commitment BCEGI will routinely evaluate its environmental aspects and impacts in order to reduce the waste it produces and energy it consumes, whilst protecting the natural environment at its project and office locations and promoting the use of sustainable materials and technologies throughout its supply chain. This includes providing instruction and training to its people to enable work to be carried out sustainably, and without adverse impacts on the environment.

RESPONSIBILITIES

Responsibility for this Policy ultimately lies with the BCEGI Lead Director, supported by the Management Team and SHEQ Lead who are responsible for the implementation of the Policy Statement and all associated Management Standards. The Management Team – supported by Project Managers – must at all times demonstrate proactive and visible leadership in relation to environmental management and are responsible for communicating BCEGI environmental objectives throughout the organisation, whilst ensuring that effective arrangements are in place at a Project level. This Policy and associated Management Standards are mandatory across all BCEGI operations and as such all BCEGI Employees and Stakeholders are expected to comply with all related arrangements.

ARRANGEMENTS

Arrangements for the management of its environmental aspects are contained within the BCEGI Integrated Management System (IMS), and are made available to all employees, supply chain partners and affected parties. This policy is subject to continual review to ensure that it remains relevant to the scope of BCEGI operations and to account for changes in its working practices.

AUTHORISATION

Dongwen Yu
Lead Director
1st February 2019

Archive: 2018 Environmental Policy
2017 Environmental Policy

QUALITY MANAGEMENT

STATEMENT OF INTENT

BCEGI’s mission is to exceed expectations in all aspects of its construction, development and investment activities, and in doing so aims to be recognised as the trusted partner for all its clients and stakeholders. In order to achieve this aim BCEGI is committed to providing its Customers with defect-free products and services, delivered on time and within budget, and has implemented an organisation-wide Integrated Management System (iMS) which – as a minimum – complies with relevant statutory legislation, industry best practice, stakeholder needs, and the requirements of BS EN ISO9001:2015

RESPONSIBILITIES

Responsibility for establishing this Policy ultimately lies with the BCEGI Lead Director who will ensure that suitable resources are in place to enable compliance with relevant Company standards and Customer requirements. The BCEGI Management Team – supported by the SHEQ Manager – are responsible for the continual review of BCEGI Company performance, the provision of appropriate organisational context and the setting of strategic direction, and for providing a framework for setting quality objectives that enhance BCEGI Customer satisfaction. The Management Team – supported by Project Leads – must at all times demonstrate proactive and visible leadership in relation to quality management and are responsible for communicating BCEGI quality objectives throughout the organisation, and for ensuring that effective arrangements are in place and effective at a Project level. This Policy and associated Management Standards are mandatory across all BCEGI operations and as such all BCEGI Employees are expected to comply with all related arrangements.

ARRANGEMENTS

Arrangements for the management of Quality are contained within the BCEGI Integrated Management System (iMS), including controls to ensure the continual monitoring of quality performance across the organisation, and the ongoing review of the effectiveness and suitability of quality management measures within the iMS.

AUTHORISATION

Dongwen Yu
Lead Director
1st February 2019

Archive: 2018 Quality Policy
2017 Quality Policy

COOKIES POLICY

About this cookie policy

This Cookie Policy explains what cookies are and how we use them. Please make sure you read this policy so you can understand what types of cookies we use, how we collect and use information from and about you.

What are cookies?

Cookies are small text files that are sent to your PC, mobile phone or tablet when you visit a website. They stay on your device and are sent back to the website they came from when you visit it again.

Cookies are used by BCEGI website to make your experience more efficient by:

  • Recognising when you log in and any preferred settings.
  • Giving you a browsing experience that is unique to you which we believe improves your site experience.
  • Analysing how you use our website and our services, so we can improve them.

How do we use cookies?

We and third parties may use cookies and tracking technologies to collect information from websites, Applications, and other online services for a variety of reasons, such as to enable us to improve your experience of the services, to understand how users interact with our online services and advertisements, and to deliver advertising. For example, we use these technologies to allow us to know when and for how long you use our services, and to remember your preferences and settings and other functionality you have requested. We and third parties may use the technologies to link your activities across the devices you may use. This helps us learn about how you use the services and enables us to provide you with a seamless experience across your devices. We may also use cookies and tracking technologies to deliver advertising and marketing messages that we think may be relevant to you based on your online activities over time, across the various devices you may use, and across third-party services– a common practice across the internet and known as interest-based advertising or behavioral advertising.

More information about analytics and advertising cookies is detailed below.

  1. Strictly Necessary Cookies

These cookies enable services you have specifically asked for. For those types of cookies that are strictly necessary, no consent is required. These cookies are essential in order to enable you to move around the Website and use it features, such as accessing secure areas of the Website. Without these cookies services you have asked for, like shopping baskets or e-billing, cannot be provided.

  1. Performance Cookies

These cookies collect information about how you use our websites — for instance, which pages you go to most. This data may be used to help optimize our websites and make them easier for you to navigate. These cookies are also used to let affiliates know if you came to one of our websites from an affiliate and if your visit resulted in the use or purchase of a product or service from us, including details of the product or service purchased. These cookies don’t collect information that identifies you. All information these cookies collect is aggregated and therefore anonymous.

  1. Functionality Cookies

These cookies allow our websites to remember choices you make while browsing. For instance, we may store your geographic location in a cookie to ensure that we show you our website localized for your area. We may also remember preferences such as text size, fonts, and other customizable site elements. They may also be used to keep track of what featured products or videos have been viewed to avoid repetition. The information these cookies collect will not personally identify you, and they cannot track your browsing activity on non-BCEGI websites.

  1. Third Party Cookies

This website uses a number of supplies who also set cookies on our website on our behalf in order to deliver the services that they are providing. A list of all third party cookies that are used on this Website and what each is used for are YouTube and Fusion Theme.

We use the following cookies on our site:

Type Cookie Name Description
Google Analytics Cookies 1P_JAR These cookies are used to collect information about how visitors use our website. We use the information to compile reports and to help us improve the website. The cookies collect anonymous information, such as the number of visitors to the web, where visitors have come to the website from and pages visited.
_gat_gtag_
_ga
_gid
Google Maps Cookies APISID These cookies are used by Google to store user preferences and information of Google maps
SAPISID
SSID
YouTube Cookies PREF We embed videos from YouTube on our website. These cookies do not identify you personally unless you are logged into Google, in which case it is linked to your Google account. They are used to measure your bandwidth when you watch a video in order to adjust video settings accordingly, or to track and gather information about when you watch YouTube videos on different websites.
SID
VISITOR_INFO1_LIVE
YSC
LOGIN_INFO
enabledapps.uploader
CONSENT

How do you change cookie preferences or block cookies?

We provide multiple choices in respect of the information we process about you. You can choose to opt-out, object to, or restrict our use of your personal information, delete, change or correct your personal information or access your personal information.

You can also change or withdraw your consent from the browsers. For further information to manage cookies on popular browsers please refer to: https://www.aboutcookies.org/how-to-delete-cookies/

If you block cookies on our website, you may be unable to access certain areas of our website and certain functions and pages will not work in the usual way.

Learn more about who we are, how you can contact us and how we process personal data in our Privacy Policy.

Changes to this Cookie Policy

We may update this Policy from time to time. Please regularly check this Policy to ensure you are aware of the most updated version.

This Cookie Policy was last updated on 30 July 2018.

BCEGI UK TAX STRATEGY

Chinese state owned Beijing Construction Engineering Group (BCEG) was founded in 1953 and began to expand internationally in 1990 with the establishment of Beijing Construction Engineering Group International (BCEGI). BCEGI is an international property developer and construction company specialising in bringing projects to fruition through strategic partnerships, investment and solid relationships. Today BCEGI is established in the UK (BCEGI Holdings (UK) Limited), along with America and Canada (BCEGI US).
This tax strategy sets out the approach to tax of all the UK entities of BCEGI Holdings (UK) Limited (collectively referred to hereafter as BCEGI UK) and to meet our requirements under Paragraph 19, Schedule 19 of the UK Finance Act 2016. This document has been approved by the board of directors for the period ended 31 December 2018 and will be reviewed and where necessary, updated, on a periodic basis.

Our Approach to Tax

As a Chinese state owned group, BCEGI UK’s overarching attitude to tax is to comply with all of our statutory reporting requirements in any territory we operate. We always act in accordance with all relevant tax laws and regulations and believe in paying the correct amount of tax when it is rightly due.
In pursuing our commercial objectives, we will consider, along with input from our professional advisors where required, the most appropriate way to conduct our affairs to comply with all applicable tax laws, rules, regulations and disclosure requirements, making use of any government offered reliefs and incentives. Effective tax rate is not a key performance indicator within BCEGI UK.
One of our key objectives is to ensure the reputation of BCEGI is not compromised. We will not enter into artificial transactions for the purpose of gaining a tax advantage.

Management of Tax

BCEGI UK take the management of our tax affairs very seriously, and tax is regularly discussed at board level (for example, when setting up new entities or dealing with significant transactions). As part of this approach, we entities seek advice from professional tax advisors and discuss the proposed transaction with our parent company in Hong Kong to ensure it is in line with the global BCEGI objectives.
Our experienced finance team is responsible for implementation and management of specific documented tax processes and policies to govern tax on a day to day basis, with support from professional advisors and the Group’s Corporate office where appropriate.
The UK Finance Director has overall responsibility for the oversight and management of the tax affairs of the UK entities, and is responsible for reporting to the Board regarding tax compliance and material tax uncertainties of the UK entities.

Working with HMRC

BCEGI UK seeks to have a collaborative and transparent working relation with HMRC based on honesty, openness and trust.
Where the interpretation or intent of legislation is unclear, we engage with our trusted professional advisors to clarify the correct treatment, and if appropriate, consider engagement with tax authorities in real time for clearance on position adopted.

Peter Chi
Finance Director
31 Jan 2019

DATA PROTECTION & CYBER SECURITY

STATEMENT OF INTENT

BCEGI is committed to the lawful and appropriate treatment of personal data and considers it critical to maintaining confidence between the business and all its stakeholders. The Company therefore fully endorses and adheres to the Principles of the General Data Protection Regulations in meeting both its statutory and contractual obligations in relation to information and cyber security (ICS). In doing so it will:

  • Adopt a risk-based approach to ensure that ICS risks are treated in a consistent and effective manner.
  • Protect and prevent information (e.g. confidential or sensitive) from unauthorised uses or disclosures.
  • Ensure that ICS is integrated into essential business activities.
  • Ensure that ICS delivers value and meets business requirements.
  • Prioritise ICS resources to protect the business applications where an ICS incident would have the greatest impact.
  • Comply with relevant legal and regulatory requirements to ensure that statutory obligations are met, stakeholder expectations are managed, and civil or criminal penalties are avoided.
  • Provide timely and accurate reporting on ICS performance to support business requirements and manage ICS risks.
  • Evaluate current and future ICS threats so that informed, timely action to mitigate risks can be taken.
  • Promote continuous improvement in ICS to reduce costs, improve efficiency and effectiveness, and promote a culture of continuous improvement.
  • Foster a security-positive culture that influences the behaviour of IT consumers to reduce the likelihood of ICS incidents occurring and limit their potential business impact.

RESPONSIBILITIES

Responsibility for this Policy ultimately lies with the BCEGI Lead Director.  Day to day responsibility lies with the IT Manager – supported by the Management Team – who is responsible for the implementation of the Policy Statement and associated arrangements.  This Policy Statement and associated arrangements are mandatory and apply to all employees, agency staff, temporary staff, professional bodies and supply chain partners who use any BCEGI IT services.   Workers are responsible themselves for not committing acts that are unlawful or leave the business open to Information & Cyber Security threats.

ARRANGEMENTS

This Policy Statement and associated arrangements are maintained in the BCEGI Integrated Management System (iMS).  They will be continually reviewed and improved in line with the needs of the business and to ensure ongoing compliance with legislation and best practice. It will be brought to the attention of all new workers during induction and will be available to all workers via the BCEGI iMS.

Compliance with this Policy Statement will be regularly monitored through the BCEGI internal audit programme, regular review of IT and business performance, monitoring of incidents and via the BCEGI Management Review process. Incidents of non-compliance may be treated as misconduct which may warrant dismissal from employment.

AUTHORISATION

Dongwen Yu
Lead Director
20th May 2019

Data Protection Policy

A. INTRODUCTION

We may have to collect and use information about people with whom we work.  This personal information must be handled and dealt with properly, however it is collected, recorded and used, and whether it be on paper, in computer records or recorded by any other means.

We regard the lawful and correct treatment of personal information as very important to our successful operation and to maintaining confidence between us and those with whom we carry out business.  We will ensure that we treat personal information lawfully and correctly.

To this end we fully endorse and adhere to the principles of the General Data Protection Regulation (GDPR).

This policy applies to the processing of personal data in manual and electronic records kept by us in connection with our human resources function as described below. It also covers our response to any data breach and other rights under the GDPR.

This policy applies to the personal data of job applicants, existing and former employees, apprentices, volunteers, placement students, workers and self-employed contractors. These are referred to in this policy as relevant individuals.

B. DEFINITIONS

“Personal data” is information that relates to an identifiable person who can be directly or indirectly identified from that information, for example, a person’s name, identification number, location, online identifier. It can also include pseudonymised data.

“Special categories of personal data” is data which relates to an individual’s health, sex life, sexual orientation, race, ethnic origin, political opinion, religion, and trade union membership. It also includes genetic and biometric data (where used for ID purposes).

“Criminal offence data” is data which relates to an individual’s criminal convictions and offences.

“Data processing” is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

C. DATA PROTECTION PRINCIPLES

Under GDPR, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:

  1. processing will be fair, lawful and transparent
  2. data be collected for specific, explicit, and legitimate purposes
  3. data collected will be adequate, relevant and limited to what is necessary for the purposes of processing
  4. data will be kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay
  5. data is not kept for longer than is necessary for its given purpose
  6. data will be processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures
  7. we will comply with the relevant GDPR procedures for international transferring of personal data

D. TYPES OF DATA HELD

We keep several categories of personal data on our employees in order to carry out effective and efficient processes. We keep this data in a personnel file relating to each employee and we also hold the data within our computer systems, for example, our holiday booking system.

Specifically, we hold the following types of data:

  1. personal details such as name, address, phone numbers
  2. information gathered via the recruitment process such as that entered into a CV or included in a CV cover letter, references from former employers, details on your education and employment history etc
  3. details relating to pay administration such as National Insurance numbers, bank account details and tax codes
  4. medical or health information
  5. information relating to your employment with us, including:
    1. job title and job descriptions
    2. your salary
    3. your wider terms and conditions of employment
    4. details of formal and informal proceedings involving you such as letters of concern, disciplinary and grievance proceedings, your annual leave records, appraisal and performance information
    5. internal and external training modules undertaken

All of the above information is required for our processing activities. More information on those processing activities are included in our privacy notice for employees, which is available from your manager.

E. EMPLOYEE RIGHTS

You have the following rights in relation to the personal data we hold on you:

  1. the right to be informed about the data we hold on you and what we do with it;
  2. the right of access to the data we hold on you. More information on this can be found in the section headed “Access to Data” below and in our separate policy on Subject Access Requests”;
  3. the right for any inaccuracies in the data we hold on you, however they come to light, to be corrected. This is also known as ‘rectification’;
  4. the right to have data deleted in certain circumstances. This is also known as ‘erasure’;
  5. the right to restrict the processing of the data;
  6. the right to transfer the data we hold on you to another party. This is also known as ‘portability’;
  7. the right to object to the inclusion of any information;
  8. the right to regulate any automated decision-making and profiling of personal data.

More information can be found on each of these rights in our separate policy on employee rights under GDPR.

F. RESPONSIBILITIES

In order to protect the personal data of relevant individuals, those within our business who must process data as part of their role have been made aware of our policies on data protection.

We have also appointed employees with responsibility for reviewing and auditing our data protection systems.

G. LAWFUL BASES OF PROCESSING

We acknowledge that processing may be only be carried out where a lawful basis for that processing exists and we have assigned a lawful basis against each processing activity.

Where no other lawful basis applies, we may seek to rely on the employee’s consent in order to process data.

However, we recognise the high standard attached to its use. We understand that consent must be freely given, specific, informed and unambiguous. Where consent is to be sought, we will do so on a specific and individual basis where appropriate. Employees will be given clear instructions on the desired processing activity, informed of the consequences of their consent and of their clear right to withdraw consent at any time.

H. ACCESS TO DATA

As stated above, employees have a right to access the personal data that we hold on them. To exercise this right, employees should make a Subject Access Request. We will comply with the request without delay, and within one month unless, in accordance with legislation, we decide that an extension is required. Those who make a request will be kept fully informed of any decision to extend the time limit.

No charge will be made for complying with a request unless the request is manifestly unfounded, excessive or repetitive, or unless a request is made for duplicate copies to be provided to parties other than the employee making the request. In these circumstances, a reasonable charge will be applied.

Further information on making a subject access request is contained in our Subject Access Request policy.

I. DATA DISCLOSURES

The Company may be required to disclose certain data/information to any person. The circumstances leading to such disclosures include:

  1. any employee benefits operated by third parties;
  2. disabled individuals – whether any reasonable adjustments are required to assist them at work;
  3. individuals’ health data – to comply with health and safety or occupational health obligations towards the employee;
  4. for Statutory Sick Pay purposes;
  5. HR management and administration – to consider how an individual’s health affects his or her ability to do their job;
  6. the smooth operation of any employee insurance policies or pension plans;
  7. to assist law enforcement or a relevant authority to prevent or detect crime or prosecute offenders or to assess or collect any tax or duty.

These kinds of disclosures will only be made when strictly necessary for the purpose.

J. DATA SECURITY

All our employees are aware that hard copy personal information should be kept in a locked filing cabinet, drawer, or safe.

Employees are aware of their roles and responsibilities when their role involves the processing of data.  All employees are instructed to store files or written information of a confidential nature in a secure manner so that it is only accessible by people who have a need and a right to access them and to ensure that all PCs, laptops etc are secured when unattended. No files or written information of a confidential nature is to be left where it can be accessed by unauthorised people.

Where data is computerised, it should be coded, encrypted or password protected both on a local hard drive and on a network drive that is regularly backed up. If a copy is kept on removable storage media, that media must itself be kept in a locked filing cabinet, drawer, or safe.

Employees must always use the passwords provided to access the computer system and not abuse them by passing them on to people who should not have them.

Personal data relating to employees should not be kept or transported on laptops, USB sticks, or similar devices, unless prior authorisation has been received. Where personal data is recorded on any such device it should be protected by:

  1. ensuring that data is recorded on such devices only where absolutely necessary.
  2. using an encrypted system — a folder should be created to store the files that need extra protection and all files created or moved to this folder should be automatically encrypted.
  3. ensuring that laptops or USB drives are not left where they can be stolen.

Failure to follow the Company’s rules on data security may be dealt with via the Company’s disciplinary procedure. Appropriate sanctions include dismissal with or without notice dependent on the severity of the failure.

K. THIRD PARTY PROCESSING

Where we engage third parties to process data on our behalf, we will ensure, via a data processing agreement with the third party, that the third party takes such measures in order to maintain the Company’s commitment to protecting data.

L. INTERNATIONAL DATA TRANSFERS

The Company does not transfer personal data to any recipients outside of the EEA.

M. REQUIREMENT TO NOTIFY BREACHES

All data breaches will be recorded on our Data Breach Register. Where legally required, we will report a breach to the Information Commissioner within 72 hours of discovery. In addition, where legally required, we will inform the individual whose data was subject to breach.

More information on breach notification is available in our Breach Notification policy.

N. TRAINING

New employees must read and understand the policies on data protection as part of their induction.

All employees receive training covering basic information about confidentiality, data protection and the actions to take upon identifying a potential data breach.

The nominated data controller/auditors/protection officers for the Company are trained appropriately in their roles under the GDPR.

All employees who need to use the computer system are trained to protect individuals’ private data, to ensure data security, and to understand the consequences to them as individuals and the Company of any potential lapses and breaches of the Company’s policies and procedures.

O. RECORDS

The Company keeps records of its processing activities including the purpose for the processing and retention periods in its HR Data Record. These records will be kept up to date so that they reflect current processing activities.

P. DATA PROTECTION COMPLIANCE

Our Data Protection Officer is:

Damian Jones
dpo@bcegi.co.uk
+44 (0) 7506 703 828

Cookies Policy

About this cookie policy

This Cookie Policy explains what cookies are and how we use them. Please make sure you read this policy so you can understand what types of cookies we use, how we collect and use information from and about you.

What are cookies?

Cookies are small text files that are sent to your PC, mobile phone or tablet when you visit a website. They stay on your device and are sent back to the website they came from when you visit it again.

Cookies are used by BCEGI website to make your experience more efficient by:

  • Recognising when you log in and any preferred settings.
  • Giving you a browsing experience that is unique to you which we believe improves your site experience.
  • Analysing how you use our website and our services, so we can improve them.

How do we use cookies?

We and third parties may use cookies and tracking technologies to collect information from websites, Applications, and other online services for a variety of reasons, such as to enable us to improve your experience of the services, to understand how users interact with our online services and advertisements, and to deliver advertising. For example, we use these technologies to allow us to know when and for how long you use our services, and to remember your preferences and settings and other functionality you have requested. We and third parties may use the technologies to link your activities across the devices you may use. This helps us learn about how you use the services and enables us to provide you with a seamless experience across your devices. We may also use cookies and tracking technologies to deliver advertising and marketing messages that we think may be relevant to you based on your online activities over time, across the various devices you may use, and across third-party services– a common practice across the internet and known as interest-based advertising or behavioral advertising.

More information about analytics and advertising cookies is detailed below.

  1. Strictly Necessary Cookies

These cookies enable services you have specifically asked for. For those types of cookies that are strictly necessary, no consent is required. These cookies are essential in order to enable you to move around the Website and use it features, such as accessing secure areas of the Website. Without these cookies services you have asked for, like shopping baskets or e-billing, cannot be provided.

  1. Performance Cookies

These cookies collect information about how you use our websites — for instance, which pages you go to most. This data may be used to help optimize our websites and make them easier for you to navigate. These cookies are also used to let affiliates know if you came to one of our websites from an affiliate and if your visit resulted in the use or purchase of a product or service from us, including details of the product or service purchased. These cookies don’t collect information that identifies you. All information these cookies collect is aggregated and therefore anonymous.

  1. Functionality Cookies

These cookies allow our websites to remember choices you make while browsing. For instance, we may store your geographic location in a cookie to ensure that we show you our website localized for your area. We may also remember preferences such as text size, fonts, and other customizable site elements. They may also be used to keep track of what featured products or videos have been viewed to avoid repetition. The information these cookies collect will not personally identify you, and they cannot track your browsing activity on non-BCEGI websites.

  1. Third Party Cookies

This website uses a number of supplies who also set cookies on our website on our behalf in order to deliver the services that they are providing. A list of all third party cookies that are used on this Website and what each is used for are YouTube and Fusion Theme.

We use the following cookies on our site:

Type Cookie Name Description
Google Analytics Cookies 1P_JAR These cookies are used to collect information about how visitors use our website. We use the information to compile reports and to help us improve the website. The cookies collect anonymous information, such as the number of visitors to the web, where visitors have come to the website from and pages visited.
_gat_gtag_
_ga
_gid
Google Maps Cookies APISID These cookies are used by Google to store user preferences and information of Google maps
SAPISID
SSID
YouTube Cookies PREF We embed videos from YouTube on our website. These cookies do not identify you personally unless you are logged into Google, in which case it is linked to your Google account. They are used to measure your bandwidth when you watch a video in order to adjust video settings accordingly, or to track and gather information about when you watch YouTube videos on different websites.
SID
VISITOR_INFO1_LIVE
YSC
LOGIN_INFO
enabledapps.uploader
CONSENT

How do you change cookie preferences or block cookies?

We provide multiple choices in respect of the information we process about you. You can choose to opt-out, object to, or restrict our use of your personal information, delete, change or correct your personal information or access your personal information.

You can also change or withdraw your consent from the browsers. For further information to manage cookies on popular browsers please refer to: https://www.aboutcookies.org/how-to-delete-cookies/

If you block cookies on our website, you may be unable to access certain areas of our website and certain functions and pages will not work in the usual way.

Learn more about who we are, how you can contact us and how we process personal data in our Privacy Policy.

Changes to this Cookie Policy

We may update this Policy from time to time. Please regularly check this Policy to ensure you are aware of the most updated version.

This Cookie Policy was last updated on 30 July 2018.