JIG is an organisation that handles large amounts of sensitive data provided by its members, customers and external stakeholders. The data is necessary to meet the aim of improving the safety and quality of its members’ operations. The safe and appropriate handling of the same potentially sensitive and confidential data is a key factor in JIG’s responsibilities towards the entities it works with. Data protection is consequently taken very seriously, so it is important that the organisation and its members, customers and external stakeholders are familiar with the policy and that JIG observes the requirements. Data protection is a responsibility shared by all employees and contractors within or connected to the JIG organisation.
JIG’s commitment to the privacy of your data
Protecting the security and privacy of your personal information is important to JIG and to the way we conduct our business in compliance with laws on privacy, data protection and data security. This policy sets out what information JIG may collect, how JIG uses and safeguards that information and with whom we may share it. For the purposes of this policy, “we”, “our” and “us” refers to Joint Inspection Group Ltd. References to “you” or “your” means you as an associate and/or member of JIG, a customer or user of the website.
We may revise this policy from time to time, in which case we will ask you to accept the terms of the policy again.
Terms & Principles
In this policy the term “data” is used to mean information about companies and individuals held by JIG and from which they can be identified.
The Data Protection Act 1998 (the “Act”) and the General Data Protection Regulations (GDPR) 2018, [collectively called “Acts”] govern the way that JIG collects, stores, uses and disposes of personal and company data. The principles detailed below summarise the necessary steps taken by JIG to ensure that data held and processed is stored fairly and lawfully in accordance with the Acts. We aim to comply with the data protection principles contained in the Acts and promote good practice in relation to processing personal and company data.
Principles & Processing of Data
The data protection principles are:
- Data shall be processed fairly and lawfully.
- Data shall be obtained only for specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes. In particular, data will not be sold or passed on to third parties.
- Data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which it is offered or requested. Data shall be kept accurate and up-to-date.
- Individuals and companies may request to review their data at any time, and JIG undertakes to provide all data held in its systems to a person or company requesting it within a reasonable period of time. If you wish to be informed of the data held on you, or you no longer wish JIG to hold your data, please contact firstname.lastname@example.org.
- Data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
- Data shall be processed in accordance with the rights of the data subject under the Acts. Confidential data will be kept so, and while data may be aggregated for public use, individual company data will always be kept confidential, and JIG will ensure that its systems can guarantee that no user (employee, member or external party) can have unauthorised access to any data.
- Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal and sensitive data and against accidental loss, destruction or damage to such data.
- Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal and sensitive personal data.
- To support our relationship with you JIG may store and process personal information on our IT systems. Your data may be analysed and shared in aggregated and anonymous format with the JIG Member Companies – list available here www.jigonline.com/membership (currently being updated) - to better understand your business needs and how we can improve our products and services.
- JIG may need to process your data for legal, administrative and JIG management purposes relating to its business. Data provided by you is used to provide you with information associated with your queries and services. We will not collect any personal data that is not required for these queries or services.
- Through the website, JIG will not collect any personally identifiable information about you (e.g., your name, address, telephone number or e-mail address, unless you voluntarily choose to provide it to JIG (including without limitation by registration, email enquiry and survey). If you do not want your personal information to be collected, please do not submit your data or personal information to JIG.
We may store, process and otherwise use your personal data as follows:
JIG may need to process personal data for legal, administrative and JIG management purposes related to its business, and in particular for the purposes of managing fees, events and training, the website and the JITS/IJS compliance programme.
a) to respond to your enquiries or provide you with access to specific information;
b) to operate and administer the website, including registering users;
c) Upon registering as a user of the website, you agree to receive newsflashes, bulletins and other notifications relating to JIG’s activities and the JIG Standards. Data will be processed by JIG Admin and all such notifications will be sent by JIG Admin only, in order to provide you with relevant content, communications and notifications.
d) to compile training records, to notify you of JIG events and training, to inform you of JIG activities, to carry out sanctions checks, as well as the purpose or purposes for which the original data is intended to be processed.
e) JIG will not hold any records of data used for purchasing Goods and Services that are submitted during the payment process for JIG Standards, using the JIG website. All payments are directed to the WorldPay platform and are not visible by JIG at any time.
f) JIG will from time to time take website usage information to assist in the ongoing development of the website. This will not include information that can be used to identify any individual.
We may store, process and otherwise use your company data as follows:
JIG may need to process company and membership data for legal, administrative and JIG management purposes related to its business, and in particular for the purposes of managing fees, events and the JITS/IJS compliance programme.
a) All companies will be informed when data they have submitted for a particular purpose will be processed for any additional purposes, except when such data is used anonymously (for example to aggregate data for the entire JIG activity for statistical analysis).
b) Company data available via secure internet access will be protected with individual user names and passwords. JIG has procedures in place to ensure that only persons authorised by each company may have access to the same company data.
c) All JIG systems and databases that allow secure user access are designed to ensure that each user may only access data which he or she is authorised to see and use. This Guarantee of Confidentiality is enforced in particular within the JIG Dashboard and JITS/IJS systems to ensure that only owners or co-owners of data belonging to operating entities using the system have access to their confidential data.
d) JIG employees who have access to data, as well as the service providers for JIG’s IT systems are bound by the same requirement for data confidentiality.
Security of Data
JIG will ensure that all its employees are aware of the basic principles as set out above. In particular, employees should observe the following rules:
- All data held by JIG must be treated as strictly confidential and not kept for longer than is necessary.
- The security of data is regularly reviewed, and appropriate systems, encryption and back-ups put in place to protect the integrity of data held on servers, websites, computers, mobile equipment and any other means used by JIG.
- Data shall not be disclosed to anyone outside JIG unless the organisation concerned has consented to such disclosure or the law requires this. If a request for data is received from outside the company it will not be released without the authorisation of the party concerned, and will not be released before additional validation and consent from the JIG General Manager is granted.
- Data must be kept secure at all times. It must not be left unattended unless it has been placed in a secure location. Relevant employees will be advised of the physical security of arrangements to be adopted appropriate to the level of confidentiality of the data concerned.
- Data must not be copied (whether on computer photocopies, computer print outs or otherwise) without authorisation from the JIG Technical Manager or General Manager, where applicable.
- It is the responsibility of all employees to report all security breaches, or suspected security breaches, relating to unauthorised access to, or disclosure of personal data, to the JIG General Manager without delay.
Third Party Users
We may link our website to third-party sites or offer third-party services via the website. Information collected by third-party operators is governed by their own policies. If you require a list of JIG’s third-party operators, please contact email@example.com.
You may also be able to use the website to send messages to other users and upload public content. Once you provide this information to others, they will be able to access and use it, and content you upload may be publicly accessible over the internet.
Non-Personal Information Collected Automatically
When you access our website, we may automatically (i.e. not by registration) collect information that is not personally identifiable (e.g. type of internet browser and computer operating system used; domain name of the website from which you came; number of visits; average time spent; pages viewed). We may use this information and share it with the JIG Member Companies to measure the use of our website and improve its content.
“Cookies” — Information Placed Automatically on Your Computer
Unfortunately, the transmission of information via the Internet is not completely secure. Although JIG will do its best to protect your personal data once it reaches us, we cannot guarantee the security of your data transmitted to this website; any transmission is at your own risk.
When you visit our website, we collect statistics concerning your visit, which are stored in a log file. Log files allow us to record visitors’ use of the site. We use Google Analytics to record visitors’ use of the site and we use this information to make changes to the layout of the website and to the information in it. Log files are not used to identify any individual patterns of use of the site.
If you have any questions about this policy or would like to report a concern, please contact:
The Data Protection Officer (DPO)
Joint Inspection Group Limited
9 Caxton House
By email: firstname.lastname@example.org
Last updated: 24th May 2018