The following outlines the General Data Protection Regulation Policy for 24hr Solutions Ltd.
The overarching principle is that
· All data collected and/or stored by 24hr is done so for the sole purposes of 24hr business and an
individual’s relationship with 24hr. This will include, but is not limited to, account
communication, marketing, notification of publications, educational quality standards, quotations, CPD. Individual’s personal data will not be shared with a third party without
prior written consent.
· No member of staff will share any personal data with a third party without the prior
consent of the individual. This includes, but is not limited to Name, address, email address and
· All 24hr Staff will sign to consent form for their business email address, phone number and
associated business contact details to be circulated for the sole purposes of 24hr business.
· From January 2018 24hr will not retain any paper files of personal data, except for financial
· All computerized data will be stored securely on a business dropbox account with limited access/ security
Access levels which will be reviewed every quarter.
· Job data will be allocated through ‘Servicem8’ software and has access/security level setup. This will be
reviewed every quarter.
· 24hr will carry out a full IT security audit each quarter.
o Where financial transactional data is retained onsite it will be stored in a locked filing
cabinet inside a locked room where access is restricted.
The data is treated as confidential and is only shared with authorized personal.
o Financial transactional data from previous financial years will be held in a secure
area for 7 years within a secured locked room which only 24hr Director and Finance staff have
o After their expiry any paper records will be destroyed by a registered company
authorized to dispose of confidential waste at least once per quarter.
o Financial information for card and online payments are not held by 24hr and are all managed by
paypal. 24hr hold none of this payment information.
24hr Solutions Ltd | Faulkner House, Victoria Street, St Albans, Al1 3SE | Tel 0208 819 3117
o When processing financial information by telephone staff taking the call must not write
down or record any of the information given to them except in the designated boxes in
the Paypal payment terminal. They must not repeat back any card details and if they
require clarification they will ask the caller to repeat the details. The transaction should
not be processed on speaker phone.
o Members who elect to pay by Direct Debit have their bank account and sort code held
against their base record. This information should only be inputted by the Director
or financial administrator. This data should not be disclosed under any circumstances.
If and when the client cancels their direct debit the financial information will be removed.
· The 24hr electronic portal database, is hosted and maintained by Sure Productions Ltd.
o No PC or workstation shall be left unmanned without a suitable password protected
screen saver. All PCs and workstations should be closed and password protected
o All Staff should use only their own login to access PCs and membership databases and
not share their login details with others.
· In order to show compliance to the General Data Protection Regulations all staff will sign to agree
that they understand the implications.
(Signing log attached), they will also sign this policy to show they have read and understand
their responsibility to personal data.
· From January 2018 the Management team will meet quarterly to conduct a GDPR audit to
ensure full compliance, audit log attached.
· All staff have signed as part of their contract of employment a confidentiality clause.
· The data held by 24hr can only be as accurate as the information supplied. It is the
responsibility of the individual to ensure their data is accurate.
· Once an individual’s relationship with 24hr has become inactive their personal data will be
retained electronically for 3 years before deletion.
· An individual may at any time request the removal of their personal data by contacting
email contact details) will result in 24hr no longer being able to carry out the processing of the
· An individual may at any time raise a concern by contacting email@example.com. For further
details on your rights visit https://ico.org.uk/for-the-public/