PRIVACY PROCEDURE (TIER 2)
1. Scope All processing of personal data by Axiom Building Services Limited is within the scope of this procedure.
2. Responsibilities
2.1 The GDPR Owner is responsible for ensuring that the privacy notice is correct and that mechanisms exist such as having the Privacy Notice on the Axiom Building Services Limited website to make all data subjects aware of the contents of this notice prior Axiom Building Services Limited commencing collection of their data.
2.2 All staff that need to collect personal data are required to follow this procedure.
3. Procedure (Article 12)
3.1 Axiom Building Services Limited identifies the legal basis for processing personal data before any processing operations take place by clearly establishing, defining and documenting:
3.1.1 the specific purpose of processing the personal data and the legal basis to process the data under:
3.1.1.1 consent obtained from the data subject;
3.1.1.2 performance of a contract where the data subject is a party;
3.1.1.3 legal obligation that Axiom Building Services Limited is required to meet;
3.1.1.4 protect the vital interests of the data subject, including the protection of rights and freedoms;
3.1.1.5 official authority of Axiom Building Services Limited or to carry out the processing that is in the public interest;
3.1.1.6 necessary for the legitimate interests of the data controller or third party, unless the processing is overridden by the vital interests, including rights and freedoms, and
3.1.1.7 legislation.
3.1.2 any special categories of personal data processed and the legal basis to process the data under:
3.1.2.1 explicit consent obtained from the data subject;
3.1.2.2 necessary for employment rights or obligations;
3.1.2.3 protect the vital interests of the data subject, including the protection of rights and freedoms;
3.1.2.4 necessary for the legitimate activities with appropriate safeguards;
3.1.2.5 personal data made public by the data subject;
3.1.2.6 legal claims;
3.1.2.7 substantial public interest;
3.1.2.8 preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, provision of health or social care treatment, or management of health and social care systems and services, under the basis that appropriate contracts with health professionals and safeguards are in place;
3.1.2.9 public health, ensuring appropriate safeguards are in place for the protection of rights and freedoms of the data subject, or professional secrecy, and
3.1.2.10 legislation in terms of processing genetic, biometric or health data
3.2 Axiom Building Services Limited records this information in line with its data protection impact assessment (where required) and data inventory (GDPR DOC 2.4 and GDPR REC 4.4).