None

Circle Offices, Serviced offices, Liverpool Street Station, London, Victoria Avenue

Phone: 0203 206 1100

info@circleoffices.co.uk

Privacy



We process personal data in compliance with the Data Protection Act 1998 and we ensure that our staff are aware of their obligations when processing personal data on behalf of CIRCLE OFFICES LTD.

Purpose

The objective of this policy is to ensure that:

  • Personal Data is Processed by CIRCLE OFFICES LTD in compliance with the requirements of the Data Protection Act 1998 and other relevant information governance legislation and
  • CIRCLE OFFICES LTD Personnel are aware of their obligations when Processing Personal Data on behalf of CIRCLE OFFICES LTD.

Definitions

1. Data Controller: the organisation (alone, jointly or in common with other organisations) which determines the manner and purposes for which Personal Data is to be processed.

2. Data Processor: processes data on behalf of the Data Controller (other than an employee).

3. Data Protection Act (DPA): the Data Protection Act 1998, together with all secondary legislation made under it. The DPA governs the way in which Data Controllers such as CIRCLE OFFICES LTD can process an individual's Personal Data. It also gives individuals certain rights regarding the information that is held about them and obliges CIRCLE OFFICES LTD to respond to any requests from an individual to access their own Personal Data.

4. Data Protection Principles: a set of statutory requirements, which all Data Controllers are obliged to adhere to. The Principles balance the legitimate need for organisations such as CIRCLE OFFICES LTD to process Personal Data against the need to protect the privacy rights of the Data Subject.

5. Data Subject: an individual who is the subject of Personal Data.

6. Human Rights Act (HRA): the Human Rights Act 1998.

7. Information Commissioner: the regulator appointed by the Crown to promote public access to official information and protect personal information. Compliance with the DPA is enforced by the Information Commissioner.

8. Information Governance: a business unit within General Counsel.

9. Information Management (IM): a business unit within Finance.

10. Information Owners: senior managers, who are responsible for the acquisition, creation, maintenance and disposal of CIRCLE OFFICES LTD 's information and Information Systems within their assigned area of control.

11. Internal Audit: a business unit within General Counsel.

12. Personal Data: information which relates to a living individual who can be directly identified from either the information itself, or by combining the information with other data available to CIRCLE OFFICES LTD. Personal Data includes expressions of opinion and indications of intention, as well as factual information.

13. Privacy Risk: that part of CIRCLE OFFICES LTD 's overall risk portfolio which relates to the, integrity, availability and confidentiality of Personal Data within CIRCLE OFFICES LTD.

14. Processing/Processed: includes collecting, recording, storing, retrieving, transmitting, amending or altering, disclosing, deleting, archiving and destroying Personal Data.

15. Subject Access Request: a request from an individual, under section seven of the DPA, for access to their Personal Data.

16. CIRCLE OFFICES LTD: the statutory corporation and its operating subsidiaries.

17. CIRCLE OFFICES LTD Personnel: includes all CIRCLE OFFICES LTD employees as well as all temporary staff, contractors, consultants and any third parties with whom special arrangements (such as Data Processor, confidentiality or non-disclosure agreements) have been made.

Organisational scope

This policy applies to all CIRCLE OFFICES LTD Personnel and to all Personal Data Processed by CIRCLE OFFICES LTD at any time, by any means and in any format.

Policy statement

1. CIRCLE OFFICES LTD will comply with the DPA and adhere to the eight Data Protection Principles, as described in the Annex to this policy.

2. A number of criminal offences are defined in the DPA:

  • Knowingly or recklessly obtaining or disclosing Personal Data without the consent of the Data Controller.
  • Procuring the disclosure to another person of Personal Data without the consent of the Data Controller.
  • Repeatedly and negligently allowing Personal Data to be disclosed.
  • Intentionally or recklessly failing to comply with the Data Protection Principles and
  • Altering, defacing, destroying or concealing data in order to prevent disclosure. The discovery or suspicion that one of these offences may have been committed must be reported to the Privacy and Data Protection Team within Information Governance, so that they can determine whether or not the matter should be referred to the police and/or the Information Commissioner.

3. CIRCLE OFFICES LTD will comply with the statutory requirement to maintain an accurate entry on the Information Commissioner's public register of Data Controllers which describes the purposes for which Personal Data is processed.

4. CIRCLE OFFICES LTD will comply with other relevant legal requirements where they apply to its processing of Personal Data, including:

  • The HRA and the requirement to act in a way which is compatible with the right to respect for private and family life in the European Convention of Human Rights and Fundamental Freedoms
  • The Privacy and Electronic Communications (EC Directive) Regulations 2003
  • The common law duty of confidence

5. CIRCLE OFFICES LTD will adhere to the requirements set out in the following standards, policies and guidance in order to support its compliance with the DPA:

  • The Information Commissioner's suite of guidance documents and Codes of Practice
  • The Payment Card Industry Data Security Standard (PCI DSS)
  • CIRCLE OFFICES LTD's Policy on the Disclosure of Personal Data to the Police and other Statutory Law Enforcement Agencies
  • CIRCLE OFFICES LTD's Information and Records Management Policy
  • CIRCLE OFFICES LTD's Information Security Policy

Policy content

1. CIRCLE OFFICES LTD's policy is to ensure that: 

  • It has in place structures, systems and processes to manage all Personal Data fairly and lawfully and in a way that ensures its integrity, accuracy, relevance and security
  • In response to a valid Subject Access Request, CIRCLE OFFICES LTD will tell a Data Subject whether it, or someone else on its behalf, is processing that individual's Personal Data, and if so, provide a description of: the Personal Data; the purposes for which they are being processed; and those to whom they have been, or may be, disclosed. CIRCLE OFFICES LTD will also communicate in an intelligible form, the information which forms any such Personal Data
  • CIRCLE OFFICES LTD will respond to all Subject Access Requests within 40 calendar days of receipt of a valid request
  • In response to a Subject Access Request, CIRCLE OFFICES LTD will only refuse to provide a copy of the Personal Data which it is Processing (and any associated information concerning its processing) if a statutory exemption applies. Any such refusal must be approved by Information Governance;
  • Personal Data used for communicating with CIRCLE OFFICES LTD's customers will be treated in accordance with the preferences they have expressed
  • Customers must be given an opportunity to opt in or out of receiving future marketing messages at the point at which their Personal Data is first collected
  • Requests from customers to change the use of their data for marketing purposes will be acted on promptly
  • Any activity intended to monitor an employee's activities in the workplace which may involve the disclosure of Personal Data or interference with the right to a private life, must be carried out in accordance with the DPA, the HRA, other relevant legislation and any duty of confidence which is owed
  • Personal Data will not be disclosed to third parties except where disclosures are permitted by, or required by, law
  • Personal Data will be labelled in accordance with CIRCLE OFFICES LTD's Information Security Classification Standard for protectively marking Information
  • Procurement processes and contractual arrangements with external service providers must include adequate measures to ensure compliance with the Data Protection Principles and associated requirements outlined in this policy
  • Privacy Risk will be considered and afforded a priority in decisions within CIRCLE OFFICES LTD in the same way as financial and operational risk. This will be reflected in corporate and local risk registers. Privacy Risk will be managed by a process of identifying, controlling, minimising and/or eliminating risks that may affect CIRCLE OFFICES LTD's Processing of Personal Data
  • Any complaint about CIRCLE OFFICES LTD's non-compliance with the standards set out in this Privacy and Data Protection Policy must be promptly directed to the Privacy and Data Protection Team within Information Governance. The complaint will be dealt with in accordance with CIRCLE OFFICES LTD's Privacy and Data Protection Complaints Handling Procedure, however CIRCLE OFFICES LTD recognises that individuals will also have the right to take their complaint directly to the Information Commissioner or, in certain circumstances (as defined in the DPA), the courts

Responsibility for compliance

1. All CIRCLE OFFICES LTD Personnel are responsible for actively supporting compliance with this policy.

2. CIRCLE OFFICES LTD employees involved in the Processing of Personal Data must familiarise themselves with the supporting guidance on Data Protection file located within the team office and on a shared drive

3. Information Owners are responsible for:

  • Ensuring that CIRCLE OFFICES LTD Personnel within their area of control are aware of this policy and are adequately trained in the handling of Personal Data
  • The assessment and reporting of Privacy Risk linked to the Processing of Personal Data within their area of control
  • Implementing appropriate procedures to ensure compliance with restrictions on the Processing of Personal Data within their area of control

4. Information Governance is responsible for:

  • Providing advice and guidance on the implementation and interpretation of this policy
  • Promoting and enforcing compliance with this policy
  • Investigating and resolving complaints about CIRCLE OFFICES LTD's non-compliance with the DPA and/or this Policy
  • Liaising with the Information Commissioner's Office on any matter relating to CIRCLE OFFICES LTD's compliance with the DPA and/or this policy
  • Maintaining CIRCLE OFFICES LTD's entries on the Information Commissioner's public register of Data Controllers

5. Information Governance and Internal Audit are responsible for managing and investigating any actual or suspected unauthorised disclosures of Personal Data and recommending measures to prevent the reoccurrence of such incidents and breaches;

6. Our IT Department is responsible for advising the business on the technical measures and controls required to protect the security of Personal Data Processed by CIRCLE OFFICES LTD using electronic information and communications systems;

7. Internal Audit is responsible for auditing the business processes, operating procedures and working practices of CIRCLE OFFICES LTD and its service providers which affect the Processing of Personal Data, to monitor compliance with this policy.

Procedures, guidelines & processes

This policy will be supported by instructions and guidance via the CIRCLE OFFICES LTD guidance manual located within the Data Protection File within the team office and on the shared drive

Policy owner

CIRCLE OFFICES LTD’s Director is the designated owner of this policy.

Annex

The Data Protection Principles (Data Protection Act 1998, Schedule 1)

1. Personal data should be processed fairly and lawfully; CIRCLE OFFICES LTD will use Personal Data both fairly and lawfully. In any circumstance in which individuals provide CIRCLE OFFICES LTD with their Personal Data for the first time, or for a new purpose, they will be informed of the identity of the Data Controller, the use to which their data will be put and whether any disclosure may be made to third parties. This is known as a Privacy Notice and any such wording must be approved by the Privacy and Data Protection Team within Information Governance.

2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes; CIRCLE OFFICES LTD will only process Personal Data for the purpose(s) which the Data Subject was previously informed of and it will not be used for any other purpose that is incompatible with the original purpose(s).

3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed; CIRCLE OFFICES LTD will ensure that only the minimum Personal Data necessary for the purpose is processed and will not collect or hold data on the basis that it might be useful in the future without having a legitimate business reason for how it will be used in the present.

4. Personal data shall be accurate and, where necessary, kept up to date; This Principle covers the integrity of Personal Data. Data will be inaccurate where it is incorrect or misleading as to any matters of fact. There must be processes in place to maintain the quality of data entry at the point data is first collected by CIRCLE OFFICES LTD, and to accurately amend, update or correct Personal Data.

5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes; Business areas must ensure that Personal Data is securely destroyed once the purpose(s) for processing the Personal Data has come to an end; and there is no legal requirement or valid business/operational reason for its continued retention.

6. Personal data shall be processed in accordance with the rights of data subjects under the DPA. These rights are to:

  • Gain access to their data
  • Seek compensation for substantial damage or distress caused by their data not being processed in accordance with the Act • Prevent their data being processed in certain circumstances
  • 'Opt out' of having their data used for direct marketing at any time
  • Have automated decisions reconsidered. Requests from Data Subjects to access Personal Data will be managed in accordance with CIRCLE OFFICES LTD's Privacy and Data Protection Policy.

7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. CIRCLE OFFICES LTD’s standard contractual clauses on data protection must be used in any circumstances where Processing of Personal Data on behalf of CIRCLE OFFICES LTD is carried out by a service provider or other third party. The Privacy and Data Protection Team within Information Governance must be consulted in the early stages of any project or proposed change to a business process that has implications for the Processing of Personal Data. Personal Data will be managed in accordance with CIRCLE OFFICES LTD's Information Security Policy. All staff must report any incident, or potential incident, likely to result in unauthorised disclosure, damage, destruction or loss of Personal Data directly to the Privacy and Data Protection Team within Information Governance.

8. Personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. CIRCLE OFFICES LTD will comply with the restrictions in the DPA on the transfer of Personal Data outside the European Economic Area. The Privacy and Data Protection Team within Information Governance must be consulted in advance of any such transfers being undertaken or agreed.

Facilities

  • Fully refurbished and remodelled to the highest standard
  • Excellent location at a competitive price
  • 5 star customer service
  • 1Gbps leased line with onsite IT support
  • Separate 1Gbps leased line with onsite IT support
  • Wi-Fi Connection
  • Administrative/secretarial support
  • Discount on stationery orders
  • 24 hour access
  • Secure swipe card operating system
  • Electric security gate and bollard
  • Air Conditioning
  • Power Showers
  • Disabled access, platform lift, shower and wash room
  • High Speed elevator
  • Soundproof double glazed windows
  • Boardrooms, break out/ lounge areas
  • Full AV, videoconferencing facilities and interactive whiteboard
  • Bicycle racks in our private courtyard
  • Kitchens equipped with Zip Tap heaters and chillers
  • Mail distributing, holding or forwarding services

Copyright © 2013-2016 - Circle Offices Limited ®, All rights reserved, Environmental Policy, Privacy Policy, Webdesign: www.brgr.org