General Data Protection Regulation Policy
What is its purpose?
Its purpose is to provide a set of standardised data protection laws across all the EU member countries.
How does it affect me as a Customer of Help My CV Melanie?
The aim of the GDPR regulation is to make it easier for EU citizens to understand clearly how and why their data is being used and also how to raise any complaints should a data breach occur.
Personal Information we collect
To fulfil your order, you must provide us with certain information such as your Full Name, Email Address, Telephone Number and Payment information and the details of the service you are purchasing. You may also choose to provide us with additional personal information, if you contact us directly.
Why do we need your information and how do we use it
We rely on a number of legal bases to collect, use and share your information, including;
- As needed to provide our services, such as when we use your information to fulfil your order, to settle disputes, or to provide customer support
- When you have provided your affirmative consent, which you may revoke at any time such as by signing up to a mailing list
- If necessary to comply with a legal obligation or court order or in connection with a legal claim, such as retaining information about your purchases if required by Tax law
- As necessary for the purpose of our legitimate interests, if those legitimate interests are not overridden by your rights or interests such as; providing and improving our services, we use your information to provide the services you requested and in our legitimate interest to improve our services
Information Sharing and Disclosure
Information about our customers is important to our business. We share your personal information for very limited reasons and in limited circumstances and they are as follows;
Compliance with laws, we may collect, use retain and share your information if we have in good faith belief that it is reasonably necessary to;
- respond to legal process or government requests
- enforce our agreements, terms and policies
- prevent, investigate and address fraud and other illegal activity, security or technical issues
- protect the rights, property and safety of our customers or others
Transfers of Personal Information Outside the EU
We may store and process your information through third party hosting services in the US and other jurisdictions. As a result, we may transfer your personal information to a jurisdiction with different data protection and government surveillance laws than your jurisdiction. If we are deemed to transfer information about you outside of the EU, we rely on Privacy Shield as the legal basis for the transfer, as Google Cloud is Privacy Shield certified.
If you reside in certain territories, including the EU, you have a number of rights in relation to your personal information. While some of these rights apply generally, certain rights apply only in certain limited cases.
- Access - You may have the right to access and receive a copy of the personal information we hold about you by contacting us using the contact information below
- Change, restrict or delete - You may also have the right to change, restrict our use of, or delete your personal information. Absent exceptional circumstances (like where we are required to store data for legal reasons) we will generally delete your personal information upon request.
- Object - You can object to our processing of some of your information based on our legitimate interests and receiving marketing messages from us after providing your express consent to receive them. In such cases, we will delete your personal information unless we have compelling and legitimate grounds to continue using that information or if it is needed for legal reasons
- Complain - If you reside in the EU and wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local data protection authority.
How do I contact Help My CV Melanie if I have further questions?
For purposes of EU data protection law, I, Melanie Rutherford, am the Data Controller of your personal information. If you have any questions, or concerns, you may contact me at firstname.lastname@example.org. To ensure your email is prioritised, please include in the subject heading GDPR.
What are Cookies?
Cookies are small pieces of text sent by your web browser by a website you visit. A Cookie file is stored in your web browser and allows the Service or a third-party to recognise you and make your next visit easier and the Service more useful to you. Cookies can be “persistent” or “session” cookies.
In addition to our own cookies, we may also use various third-party cookies to report usage statistics of the Service, deliver advertisements on and through the Service and so on.
What are your choices regarding cookies
Please note, if you delete cookies or refuse to accept them, you might not be able to use all of the features we offer, you may not be able to store your preferences, and some of our pages might not display properly.
Help My CV Melanie here in after referred to as ‘the Organisation” is committed to providing a confidential service to its users. No information given to the Organisation will be shared with any other Organisation or individual without the User’s expressed permission.
For the purpose of this policy, confidentiality relates to the transmission of personal, sensitive or identifiable information about individuals or organisations (confidential information), which becomes possession of the Organisation through its work.
The Organisation holds personal data about its staff, users, members etc which will only be used for the purposes for which it was gathered and will not be disclosed to anyone outside of the organisation without prior permission.
All personal data will be dealt with sensitively and in the strictest confidence internally and externally.
The purpose of the Confidentiality Policy is to ensure that all staff and users understand the Organisations requirements in relation to the disclosure of personal data and confidential information.
- All personal paper based and electronic data must be stored in accordance with the Data Protection Act 1998 and must be secured against unauthorised access, accidental disclosure, loss or destruction
- All personal paper based and electronic data must only be accessible to those individuals authorised to have access
The Organisation is committed to effective statistical recording of the use of its services in order to monitor usage and performance. All statistical records given to third parties, such as to support funding applications or monitoring reports for the local authority shall be produced in anonymous form, so individuals cannot be recognised.
All records are kept on secure, password protected internal databases. All information relating to service users will be left in locked drawers. This includes notebooks, copies of correspondence and any other sources of information.
Breaches of Confidentiality
The Organisation recognises that occasions may arise where individual workers feel they need to breach confidentiality. Confidential or sensitive information relating to an individual may be divulged where there is a risk of danger to the individual, employee or the public at large or where it is against the law to withhold it. In these circumstances, information may be divulged to external agencies e.g. the police on a need to know basis. Where a worker feels confidentiality should be breached the following steps will be taken;
- The worker should raise the matter immediately with their Line Manager
- The worker must discuss with the Line Manager the issues involved in the case and explain why they feel confidentiality should be breached and what would be achieved by breaching confidentiality. The Line Manager should take a written note of this discussion
- The Line Manager is responsible for discussing with the worker what options are available in each set of circumstances
- The Line Manager is responsible for making a decision on whether confidentiality should be breached. If the Line Manager decides that confidentiality is to be breached then they should take the following steps:
- The Line Manager should contact the Managing Director. The Manager should brief the Managing Director on the full facts of the case, ensuring they do not breach confidentiality in doing so. The Line Manager should seek authorisation to breach confidentiality from the Managing Director
- If he/she agrees to breach confidentiality, a full written report on the case should be made and any action agreed undertaken. The Line Manager is responsible for ensuring all activities are actioned
- If he/she does not agree to breach confidentiality then this is the final decision of Help My CV Melanie
The Organisation will monitor this policy to ensure it meets statutory and legal requirements.
Ensuring the Effectiveness of the Policy
Existing and new members of the team will be introduced to the confidentiality policy via induction and training. The policy will be reviewed annually and amendments will be actioned and communicated internally.
Non - adherence
Breaches of this policy will be dealt with under the Grievance and/or Disciplinary procedures as appropriate.