Wellwise Group takes information security very seriously to ensure privacy of the data we hold. We have put in place appropriate technical and organisational measures to ensure that our contractor’s personal details (and other data we hold) are held securely and that personal details are used in accordance with the General Data Protection Regulation (GDPR). Wellwise Group Client’s and third party companies sharing personal data with us solely for business purposes are expected to act similarly. Under no circumstances should personal data be shared or divulged to other parties without the express approval of Wellwise Group. Any misuse of our confidential data will be reported to the Information Commissioners Office (ICO) accordingly.
The Wellwise Group fully supports the eight legal requirements on the General Data Protection Regulation (GDPR) and ensures our internal quality systems comply with the requirements:
Personal data shall be processed fairly and lawfully and in a transparent manner.
Personal data shall be obtained for specific, explicit and legitimate purposes, and shall not be further processed in any manner incompatible with that purpose.
Personal data shall be adequate, relevant and limited to what is necessary to the purpose for which they are processed.
Personal data shall be accurate and, where necessary, kept up to date.
Personal data processed for any purpose shall not be kept for longer than is necessary and each employee or contractor will have the right to ask for their data to be deleted from our records if they wish to stop working for us.
This policy is applicable to all Wellwise Group Employees, temporary employees, Contractors, Clients and third party agents.
Information we may collect from you
We will collect and store Contractor information provided to us when undergoing our registration process:
Personal Details (ie name and title; gender, date of birth)
Contact Details (ie email address, mailing address and telephone numbers)
Biographical Data from Job Applications and CV’s (ie employment history, training certification, medical certification, and any other information you provide)
Client related data (ie timesheets and appraisal information)
Bank Account and transaction Details for payment purposes only
Technical Data (ie IP address, log in data)
Profile Data (ie username and password and feedback and survey responses)
Image Data via CCTV (only if you attend our premises)
We do not knowingly collect “special category” personal data such as your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation, and genetic data and/or biometric data. We also do not collect information about criminal convictions or offences.
How do we use your personal data?
Personal Data will be processed fairly and lawfully, and will be obtained and processed solely for the administrative purposes and contractual necessity of the Company. Every effort will be made to keep personal data accurate and up to date and it is your responsibility to ensure that you inform us of any change of address, next of kin or any changes such as bank account in order that your personnel file and pay details may be kept up to date.
To enable us to carry out our services
To identify you
To respond to your enquiries
To allow you to register with our company and collect your certification
To carry out billing and payments and administration activities
To evaluate your Curriculum Vitae and take any next steps to evaluate your suitability for roles where you have asked to be considered for future opportunities
Personal data will not be kept longer than is necessary, although legal retention of data will need to be adhered to. If at any point during your association with the Company, we need to ask your Doctor/Consultant for a medical report, we will obtain your consent under the Access to Medical Reports Act. Third Party access to information concerning you, in relation to your work, will only be provided if you have provided written authorisation.
Wellwise Group has conducted a Risk Assessment to demonstrate we are complying with the General Data Protection Regulations (GDPR). This means we have properly considered the lawful basis upon which we collect personal data.
Right of Access to Personnel Files
Contractors and Employees have a right to access their personnel file upon reasonable notice to the Company.
Contractors are encouraged to access their Contractor Personnel Information Record (via our website www.wellwisegroup.com using their unique log in details) to ensure that the information contained within it is accurate. Please notify us immediately if the information in your personnel information record is not accurate.
You also have the right to withdraw your consent for us to use your personal data if you no longer wish to be contacted. Should this be the case you can contact Wellwise Group by email at any time to begin this process. We will delete your data within 30 days of written request.
Contractor Competency Scheme
To administer the Wellwise Group Competency Scheme (WWG Well Services Award), we will need to pass some of your personal details to the Scottish Qualifications Authority (SQA) to register you for the qualification, such as, name; address; Date of Birth; and Scottish Candidate Number (if applicable). Personal Data collected in this respect will be adequate, relevant and limited only to that which is necessary for the Company’s Competency Scheme administration. The SQA’s Privacy Statement can be viewed at https://www.sqa.org.uk/sqa/45397.html.
Wellwise Group Website
Wellwise Group display Contractor career and safety certification details on our website for registered clients to view. This information is often useful to clients making personnel choices and is password protected against unauthorised access. Contractors should ensure they keep their training and medical records, etc., as up to date as possible as it can directly impact on personnel selections made by clients.
We may use your IP address to assist us in administering our website. Your IP address is not linked to any data that could be used to identify you personally.
Linking to other Websites
Our website may contain links to other sites or resources that are provided solely for your convenience. Wellwise Group is not responsible for the availability of external sites or resources linked to our website, and does not endorse and is not responsible or liable for any content, advertising, products or other materials on or available from such sites or resources. Transactions that occur between you and any third party are strictly between you and the third party and are not the responsibility of Wellwise Group. None of the personal information described above is passed to any of these sites.
How do we keep your personal data secure?
Wellwise Group has security measures in place designed to prevent data loss, to preserve data integrity, and to regulate access to the data. Only authorized Wellwise Group employees and third parties processing data on our behalf have access to your personal data.
The security measure we have in place include:
Regular reviews of information collection, storage and processing practices to protect against unauthorized access
Use of secure technologies (e.g. SSL Certificates and encryption of remote access data)
Password protection to our website private area (you are responsible for keeping this password confidential and we ask you not to share your password with anyone).
Regular backup to encrypted secure storage
All Company Mobile telephones have fingerprint access technology
All Data Breaches will be investigated and an incident report recorded (RIR). Relevant Data Breaches will be reported to the ICO (Information Commissioners Office) the UK Regulator for information rights. Measures will be put in place to correct the root cause of the breach.
In conjunction with this policy Contractors will be asked to sign and return our F209 Signature Form to confirm that they have read and understood this policy.
Should you require any further information regarding this policy please contact our QHSE department (email@example.com).
Dated: 20th May, 2018