Policy Letters

Policy Letters

  • Alcohol & Drugs Policy

    Purpose

    Being under the influence of alcohol or drugs can seriously impair an individual’s judgement and reactions leading to an increased risk of accidents and injuries occurring.

    The aim of this policy is to ensure the safety of all employees, workers, and visitors by having clear rules in place regarding use and possession of alcohol and drugs, and to support those who have reported a problem with alcohol or drug dependence.

    For the purpose of the policy, alcohol dependence is defined as:

    “The habitual drinking of intoxicating liquor by an employee, whereby the employee’s ability to perform his/her duties is impaired or his/her attendance at work is interfered with, or he/she endangers the safety of others”.

    Drug dependence is defined as:

    “The habitual taking of drugs by an employee other than drugs prescribed as medication, whereby the employee’s ability to perform his/her duties is impaired, or his/her attendance at work is interfered with, or he/she endangers the safety of others”.

    Principles

    • All employees and workers will be treated consistently and fairly in line with this

    • The rules on alcohol and drugs will be strictly

    • Those who admit to having a problem with alcohol or drugs shall be fully supported by their line

    • Employees with an illness related to alcohol or drugs are encouraged to disclose this at the earliest opportunity to ensure support and help with

    • All matters concerning alcohol and drugs shall be treated as

    • This policy is designed to comply with relevant legislation such as the Health and Safety at Work Act 1974 and the Misuse of Drugs Act 1971

    Scope

     The Company’s alcohol and drugs policy applies to all employees and contractors.

    • The rules laid out in this policy apply to all employees, workers and

    • Misconduct in relation to alcohol and drugs will be dealt with in relation to the disciplinary

    • Poor performance in relation to alcohol and drugs will be dealt with in line with the capability

    We offer a range of solutions designed to meet your needs—whether you're just getting started or scaling something bigger. Everything is tailored to help you move forward with clarity and confidence.

  • Anti Bribery Policy

    Introduction

    One of the Company’s core values is to uphold sound, responsible and fair business operations.  It is committed to promoting and maintaining the highest possible ethical standards in relation to all of its business activities.  The Company’s reputation for maintaining lawful business practices is of paramount importance to it and this policy is designed to preserve these values.  The Company therefore has a zero tolerance policy towards bribery and corruption and is committed to acting fairly and with integrity in all of its business dealings and relationships wherever it operates and implementing and enforcing effective systems to counter bribery.

    Purpose and scope

    This policy sets out the Company’s position on any form of bribery and corruption and provides guidelines aimed at:

    • Ensuring compliance with anti-bribery laws, rules and regulations, not just within the UK, but also in any other country within which the Company may carry out its business or in relation to which its business may be connected.

    • Enabling employees and persons associated with the Company to understand risks associated with unlawful conduct and to enable and encourage them to be vigilant and to effectively recognise, prevent, avoid and report any wrongdoing, whether by themselves or others.

    • Providing suitable and secure reporting and communication channels and ensuring that any information that is reported is properly and effectively dealt with.

    • Creating and maintaining a rigorous and effective framework for dealing with any suspected instances of bribery or other unethical conduct.

    This policy applies to all permanent and temporary employees of the Company (including any of its intermediaries, subsidiaries or associated companies).  It also applies to any individual or corporate entity associated with the Company or who performs functions in relation to, or for and on behalf of, the Company, including, but not limited to, directors, agency workers, casual workers, contractors, consultants, seconded staff, agents, suppliers and sponsors (“associated persons”).

    All employees and associated persons are expected to adhere to the principles set out in this policy.

    Legal obligations

    The key UK legislation on which this policy is based is the Bribery Act 2010 and it applies to the Company’s conduct both in the UK and abroad.

    A bribe is an inducement or reward offered, promised or provided in order to gain any commercial, contractual, regulatory or personal advantage.

    It is an offence in the UK to:

    • Offer, promise or give a financial or other advantage to another person (i.e. bribe a person) whether within the UK or abroad, with the intention of inducing or rewarding improper conduct.

    • Request, agree to receive or accept a financial or other advantage (i.e. receive a bribe) for or in relation to improper conduct.

    • Bribe a foreign public official.

    You can be held personally liable for any such offence.

    It is also an offence in the UK for an employee or an associated person to bribe another person in the course of doing business intending either to obtain or retain business, or to obtain or retain an advantage in the conduct of business, for the Company.  The Company can be liable for this offence where it has failed to prevent such bribery by associated persons.  As well as an unlimited fine, it could also suffer substantial reputational damage in connection with this offence.

    Policy

    All employees and associated persons are required to:

    • Comply with any anti-bribery and anti-corruption legislation that applies in any jurisdiction in any part of the world in which they might be expected to conduct business.

    • Act honestly, responsibly and with integrity.

    • Safeguard and uphold the Company’s core values by operating in an ethical, professional and lawful manner at all times.

    Bribery of any kind is strictly prohibited.  Under no circumstances should any provision be made, money set aside or accounts created for the purposes of facilitating the payment or receipt of a bribe.

    The Company recognises that industry practices may vary from country to country or from culture to culture.  What is considered unacceptable in one place may be normal or usual practice in another.  Nevertheless, a strict adherence to the guidelines set out in this policy is expected of all employees and associated persons at all times.

    If in doubt as to what might amount to bribery or other unethical conduct or might constitute a breach of this policy, you should refer the matter to your line manager or to (name), the Company’s Anti-Corruption Officer.

    For the Company’s rules and procedures in relation to the receipt of business gifts from third parties such as clients, customers, contractors and suppliers and corporate hospitality offered to or received from such third parties, please refer to the Company’s Receipt of Gifts Policy and Corporate Hospitality Policy.  These policies form part of the Company’s zero tolerance policy towards any form of bribery and should be read in conjunction with this policy.

    The giving of business gifts to clients, customers, contractors and suppliers is not prohibited provided the following requirements are met:

    • The gift is not made with the intention of influencing a third party to obtain or retain business or a business advantage, or to reward the provision or retention of business or a business advantage.

    • It complies with local laws.

    • It is given in the Company’s name, not in the giver’s personal name.

    • It does not include cash or a cash equivalent (such as gift vouchers).

    • It is of an appropriate and reasonable type and value and given at an appropriate time.

    • It is given openly, not secretly.

    • It is approved in advance by a Director of the Company.

    Essentially, it is not acceptable to give, promise to give, or offer, a payment, gift or hospitality with the expectation or hope that a business advantage will be received, or to reward a business advantage already given, or to accept a payment, gift or hospitality from a third party that you know or suspect is offered or provided with the expectation that it will obtain a business advantage for them.

    For the avoidance of doubt, any payment or gift to a public official or other person to secure or accelerate the prompt or proper performance of a routine government procedure or process, otherwise known as a “facilitation payment”, is also strictly prohibited.  Facilitation payments are not commonly paid in the UK but they are common in some other jurisdictions.

    Responsibilities and reporting procedure

    It is the contractual duty and responsibility of all employees and associated persons to take whatever reasonable steps are necessary to ensure compliance with this policy and to prevent, detect and report any suspected bribery or corruption in accordance with the procedure set out in the Company’s Public Interest Disclosure Policy.  You must immediately disclose to the Company any knowledge or suspicion you may have that you, or any other employee or associated person, has plans to offer, promise or give a bribe or to request, agree to receive or accept a bribe in connection with the business of the Company.  For the avoidance of doubt, this includes reporting your own wrongdoing.

    The duty to prevent, detect and report any incident of bribery and any potential risks rests not only with the Directors of the Company but applies equally to all employees and associated persons.

    The Company encourages all employees and associated persons to be vigilant and to report any inappropriate or unlawful conduct, suspicions or concerns promptly and without undue delay so that investigation may proceed and any action can be taken expeditiously.  For example, if a client or potential client offers you something to gain a business advantage with the Company or indicates to you that a gift or payment is required to secure their business.

    In the event that you wish to report an instance or suspected instance of bribery, you should follow the steps set out in the Company’s Public Interest Disclosure Policy.  Confidentiality will be maintained during the investigation to the extent that this is practical and appropriate in the circumstances.  The Company is committed to taking appropriate action against bribery or other unethical conduct.  This could include either reporting the matter to an appropriate external government department, regulatory agency or the police and/or taking internal disciplinary action against relevant employees and/or terminating contracts with associated persons.

    The Company will support anyone who raises genuine concerns in good faith under this policy, even if they turn out to be mistaken.  It is also committed to ensuring nobody suffers any detrimental treatment as a result of refusing to take part in bribery or corruption, or because of reporting in good faith their suspicion that an actual or potential bribery or corruption offence has taken place or may take place in the future.

    All employees and associated persons must ensure that any contract or agreement entered into by them for or on behalf of the Company contains an appropriate clause aimed at ensuring that any third party to the contract is aware of and agrees to adhere to the contents of this policy and further, that the contract expressly sets out the consequences of non-compliance including, where appropriate, clear provision for terminating the contract in the event of non-compliance or the commission of any relevant bribery offence.

    Record-keeping

    All accounts, receipts, invoices and other documents and records relating to dealings with third parties must be prepared and maintained with strict accuracy and completeness.  No accounts must be kept “off the record” to facilitate or conceal improper payments.

    Sanctions for breach

    Breach of any of the provisions of this policy will constitute a disciplinary offence and will be dealt with in accordance with the Company’s disciplinary procedure.  Depending on the gravity of the offence, it may be treated as gross misconduct and could render the employee liable to summary dismissal.

    As far as associated persons are concerned, breach of this policy could lead to the suspension or termination of any relevant contract, sub-contract or other agreement with the associated person.

    Monitoring compliance

    The Company’s Anti-Corruption Officer has lead responsibility for ensuring compliance with this policy and will review its contents on a regular basis.  They will be responsible for monitoring its effectiveness and will provide regular reports in this regard to the Directors of the Company who have overall responsibility for ensuring this policy complies with the Company’s legal and ethical obligations.

    Training

    The Company will provide training to all employees to help them understand their duties and responsibilities under this policy.

    The Company’s zero tolerance approach to bribery will also be communicated to all business partners at the outset of the business relationship with them and as appropriate thereafter.

    Examples of potential risks

     The following is a non-exhaustive list of possible issues which may raise bribery concerns and which you should report in accordance with the reporting procedure set out above:

    • A third party insists on receiving a commission or fee before committing to signing a contract with the Company, or carrying out a government function or process for the Company.

    • A third party requests payment in cash, or refuses to sign a formal commission or fee agreement, or to provide an invoice or receipt for a payment made.

    • A third party requests an unexpected additional commission or fee to facilitate a service.

    • A third party demands lavish, extraordinary or excessive gifts or hospitality before commencing or continuing contractual negotiations or provision of services.

    • You are offered an unusually lavish, extraordinary or excessive gift or hospitality by a third party.

    • You receive an invoice from a third party that appears to be non-standard or extraordinary.

    • The Company is invoiced for a commission or fee payment that appears large given the service stated to have been provided.

  • Cookie Policy

    Information about our use of cookies

    Our site uses cookies to distinguish you from other users of our Web site. This helps us to provide you with a good experience when you browse our site and also allows us to improve our site.

    Due to recent changes in law, all sites which operate across certain parts of the European Union are required to obtain consent using or storing cookies (or similar technologies) on your computers or mobile device. This cookie policy provides you with clear and comprehensive information about the cookies we use and the purposes for using those cookies. To review the privacy policies that apply to users of activ8.biz, please read our GDPR Policy.

    What is a cookie?

    A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies as soon as you visit our site.

    Key concepts

    • First and third-party cookies: whether a cookie is ‘first’ or ‘third’ party refers to the domain placing the cookie. First-party cookies are those set by a website that is being visited by the user at the time (e.g. cookies placed by activ8.biz).

    • Third-party cookies: are cookies that are set by a domain other than that of the site being visited by the user. If a user visits a website and another entity sets a cookie through that site this would be a third-party cookie.

    • Persistent cookies: these cookies remain on a user’s device for the period of time specified in the cookie. They are activated each time that the user visits the website that created that particular cookie.

    • Session cookies: these cookies allow website operators to link the actions of a user during a browser session. A browser session starts when a user opens the browser window and finishes when they close the browser window. Session cookies are created temporarily. Once you close the browser, all session cookies are deleted.

    How to delete and block our cookies

    You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies as soon as you visit our site.

    Can I withdraw my consent?

    If you wish to withdraw your consent at any time, you will need to delete your cookies using your internet browser settings.

    For further information about deleting or blocking cookies, please visit: http://www.aboutcookies.org/Default.aspx?page=2.

    How to turn cookies off

    Internet browsers allow you to change your cookie settings. These settings are usually found in the ‘options’ or ‘preferences’ menu of your internet browser. In order to understand these settings, the following links may be helpful. Otherwise you should use the ‘Help’ option in your internet browser for more details.

    Cookie settings in Internet Explorer

    Cookie settings in Firefox

    Cookie settings in Chrome

    Cookie settings in Safari

    What cookies do we use and why?

    To find out about specific cookies we use on this site, please see below for details.

    The cookies used on our site are categorised as follows:

    • Strictly necessary

    • Performance

    Strictly necessary

    ‘Strictly necessary’ cookies let you move around the site and use essential features like accessing your profile and posting feedback. Without these cookies, these services cannot be provided. Please note that these cookies do not gather any information about you that could be used for marketing or remembering where you’ve been on the internet.

    We use these strictly necessary cookies to:

    • identify you as being logged in to our site; and

    • enable you to submit information via online forms such as registration and feedback forms.

    Accepting these cookies is a condition of using the site, so if you prevent these cookies we can’t guarantee your use of our site or how the security on our site will perform during your visit.

    Performance

    ‘Performance’ cookies collect information about how you use our site e.g. which pages you visit, and if you experience any errors. These cookies do not collect any information that could identify you and is only used to help us improve how our site works, understand what interests our users and measure how effective our content is.

    We use Web Analytics performance cookies to provide anonymous statistics on how our site is used.

    Some of our performance cookies are managed for us by third parties. However, we don’t allow the third party to use the cookies for any purpose other than those listed above.

    By using our site, you accept the use of ‘Performance’ cookies. Accepting these cookies is a condition of using the site, so if you prevent them we cannot guarantee how our site will perform for you.

    More information about cookies

    What specific cookies do we use on https://activ8.biz?

    Third party cookies

    Google Analytics sets the following cookies as described in the table below. A default configuration and use of Google Analytics sets only the first 4 cookies in the table.

    NameDescriptionExpiration__utmaThis cookie is typically written to the browser upon the first visit to your site from that web browser. If the cookie has been deleted by the browser operator, and the browser subsequently visits your site, a new __utma cookie is written with a different unique ID. This cookie is used to determine unique visitors to your site and it is updated with each page view. Additionally, this cookie is provided with a unique ID that Google Analytics uses to ensure both the validity and accessibility of the cookie as an extra security measure.2 years from set/update.__utmbThis cookie is used to establish and continue a user session with your site. When a user views a page on your site, the Google Analytics code attempts to update this cookie. If it does not find the cookie, a new one is written and a new session is established. Each time a user visits a different page on your site, this cookie is updated to expire in 30 minutes, thus continuing a single session for as long as user activity continues within 30-minute intervals. This cookie expires when a user pauses on a page on your site for longer than 30 minutes. You can modify the default length of a user session with the _setSessionCookieTimeout() method.30 minutes from set/update.__utmcThis cookie is no longer used by the ga.js tracking code to determine session status.

    Historically, this cookie operated in conjunction with the __utmb cookie to determine whether or not to establish a new session for the user. For backwards compatibility purposes with sites still using the urchin.js tracking code, this cookie will continue to be written and will expire when the user exits the browser. However, if you are debugging your site tracking and you use the ga.js tracking code, you should not interpret the existence of this cookie in relation to a new or expired session.

    Not set.__utmzThis cookie stores the type of referral used by the visitor to reach your site, whether via a direct method, a referring link, a website search, or a campaign such as an ad or an email link. It is used to calculate search engine traffic, ad campaigns and page navigation within your own site. The cookie is updated with each page view to your site.6 months from set/update.__utmvThis cookie is not normally present in a default configuration of the tracking code. The __utmv cookie passes the information provided via the _setVar()method, which you use to create a custom user segment. This string is then passed to the Analytics servers in the GIF request URL via the utmccparameter. This cookie is only written if you have added the _setVar()method for the tracking code on your website page.2 years from set/update.__utmxThis cookie is used by Website Optimizer and only set when the Website Optimizer tracking code is installed and correctly configured for your pages. When the optimizer script executes, this cookie stores the variation this visitor is assigned to for each experiment, so the visitor has a consistent experience on your site.  See the Website Optimizer Help Center for more information.2 years from set/update.guest_idThis cookie is used by Twitter and serves as your unique identification number associated with Twitter.2 years from set/update.

    For more information on Google Analytics see:
    https://developers.google.com/analytics/devguides/collection/gajs/cookie-usage.

  • Corporate Social Responsibility

    A) DEFINITION

    Corporate Social Responsibility (CSR) is a concept whereby an organisation recognises that its business operations and processes may have an impact on social, economic and environmental issues outside of the workplace. It also represents a commitment to ensuring and maintaining socially responsible behaviour in an organisation.

    B) OBJECTIVE

    We seek to sustain a business that is successful and respected in its ethical standing by our stakeholders. These include customers, clients, investors, regulators, suppliers and the community. We embrace the role our business plays on a day to day basis in contributing to a better society.

    C) POLICY

    We are aware that the running of our business will, in many ways, affect our place of work, the community and the wider environment in which we operate. We believe that the way we run our business can and should make a positive difference in these areas and we aim to ensure that continued efforts are made to achieve that.

    Our corporate social responsibilities are identifiable in the following areas:

    Environment

    With regard to the business’ impact upon the environment, we are committed, amongst other initiatives, to:

    1. efficient printing;

    2. reducing the amount of waste produced by the business;

    3. ensuring that water/electricity is used responsibly by our staff;

    4. recycling materials as extensively as possible;

    5. using technology to lessen the need for travel;

    6. using public transport wherever possible when travelling is unavoidable.

    Charitable/community work

    Our organisation is keen to support and become involved in community initiatives and charitable work. We do this in the form of sponsorship, donations to national and local charities which may be suggested by our staff, and the funding of community projects.  Every suggestion is given due consideration.

    Education

    We recognise the importance of education in our community, and supporting individuals during this process is key to advancement. We actively encourage our employees to take up training courses, often funded by ourselves, and we offer a number of work experience placements in partnership with local schools.

    Our employees

    Involvement: We keep our staff fully informed of our policies and procedures and we encourage them to share their ideas with us on the both internal processes affecting them, and the way our service is provided to customers/clients. We maintain an open and honest approach to all of our communications.

    Equal Opportunities:

    We are committed to providing an environment of equal opportunities for all members of our workforce. No account of any of the protected characteristics set out in the Equality Act 2010 shall be taken to a detrimental effect in any decision involving recruitment, promotion, provision of facilities etc. See our Equal Opportunities policy for more detail in this regard.

    Business partnerships

    We will strive to engage with local suppliers and businesses where possible to meet the business’ operational needs, in order to support businesses within our area and decrease our carbon footprint.

    In respect of our entire CSR initiative, we expect no lesser standards from our suppliers and business partners.

    D) ONGOING COMMITMENT

    We are fully committed to the principle of CSR and aim to ensure that no relevant policy decisions are made within the business, without first evaluating the potential CSR impact.

  • GDPR & Privacy Policy

    Introduction
    This Policy sets out the obligations of Activ8 Computer Solutions Ltd (“the Company”) regarding data protection and the rights of Employees, Customers, Suppliers, Agents, Contractors and Business contacts (“data subjects”) in respect of their personal data under the General Data Protection Regulation (“the Regulation”).
    The Regulation defines “personal data” as any information relating to an identified or identifiable natural person (a data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
    This Policy sets out the procedures that are to be followed when dealing with personal data. The procedures and principles set out herein must be followed at all times by the Company, its employees, agents, contractors, or other parties working on behalf of the Company.
    The Company is committed not only to the letter of the law, but also to the spirit of the law and places high importance on the correct, lawful, and fair handling of all personal data, respecting the legal rights, privacy, and trust of all individuals with whom it deals.

    The Data Protection Principles
    This Policy aims to ensure compliance with the Regulation. The Regulation sets out the following principles with which any party handling personal data must comply. All personal data must be:
    a) processed lawfully, fairly, and in a transparent manner in relation to the data subject;
    b) collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
    c) adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
    d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which they are processed, is erased or rectified without delay;
    e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the Regulation in order to safeguard the rights and freedoms of the data subject;
    f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

    Lawful, Fair, and Transparent Data Processing
    The Regulation seeks to ensure that personal data is processed lawfully, fairly, and transparently, without adversely affecting the rights of the data subject. The Regulation states that processing of personal data shall be lawful if at least one of the following applies:
    a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
    b) processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;
    c) processing is necessary for compliance with a legal obligation to which the controller is subject;
    d) processing is necessary to protect the vital interests of the data subject or of another natural person;
    e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
    f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

    Processed for Specified, Explicit and Legitimate Purposes
    4.1 The Company collects and processes the personal data set out in Part 21 of this Policy. This may include personal data received directly from data subjects (for example, contact details used when a data subject communicates with us) and data received from third parties (for example, Marketing Lists).
    4.2 The Company only processes personal data for the specific purposes set out in Part 21 of this Policy (or for other purposes expressly permitted by the Regulation). The purposes for which we process personal data will be informed to data subjects at the time that their personal data is collected, where it is collected directly from them, or as soon as possible (not more than one calendar month) after collection where it is obtained from a third party.

    Adequate, Relevant and Limited Data Processing
    The Company will only collect and process personal data for and to the extent necessary for the specific purpose(s) informed to data subjects as under Part 4, above.

    Accuracy of Data and Keeping Data Up To Date
    The Company shall ensure that all personal data collected and processed is kept accurate and up-to-date. The accuracy of data shall be checked when it is collected and at regular intervals thereafter. Where any inaccurate or out-of-date data is found, all reasonable steps will be taken without delay to amend or erase that data, as appropriate.

    Timely Processing
    The Company shall not keep personal data for any longer than is necessary in light of the purposes for which that data was originally collected and processed. When the data is no longer required, all reasonable steps will be taken to erase it without delay.

    Secure Processing
    The Company shall ensure that all personal data collected and processed is kept secure and protected against unauthorised or unlawful processing and against accidental loss, destruction or damage. Further details of the data protection and organisational measures which shall be taken are provided in Parts 22 and 23 of this Policy.

    Accountability
    9.1 The Company’s data protection officer is Rob Lynes, hello@activ8.biz.
    9.2 The Company shall keep written internal records of all personal data collection, holding, and processing, which shall incorporate the following information:
    a) The name and details of the Company, its data protection officer, and any applicable third party data controllers;
    b) The purposes for which the Company processes personal data;
    c) Details of the categories of personal data collected, held, and processed by the Company; and the categories of data subject to which that personal data relates;
    d) Details (and categories) of any third parties that will receive personal data from the Company;
    e) Details of any transfers of personal data to non-EEA countries including all mechanisms and security safeguards;
    f) Details of how long personal data will be retained by the Company; and
    g) Detailed descriptions of all technical and organisational measures taken by the Company to ensure the security of personal data.

    Privacy Impact Assessments
    The Company shall carry out Privacy Impact Assessments when and as required under the Regulation. Privacy Impact Assessments shall be overseen by the Company’s data protection officer and shall address the following areas of importance:
    10.1 The purpose(s) for which personal data is being processed and the processing operations to be carried out on that data;
    10.2 Details of the legitimate interests being pursued by the Company;
    10.3 An assessment of the necessity and proportionality of the data processing with respect to the purpose(s) for which it is being processed;
    10.4 An assessment of the risks posed to individual data subjects; and
    10.5 Details of the measures in place to minimise and handle risks including safeguards, data security, and other measures and mechanisms to ensure the protection of personal data, sufficient to demonstrate compliance with the Regulation.

    The Rights of Data Subjects
    The Regulation sets out the following rights applicable to data subjects:
    a) The right to be informed;
    b) The right of access;
    c) The right to rectification;
    d) The right to erasure (also known as the ‘right to be forgotten’);
    e) The right to restrict processing;
    f) The right to data portability;
    g) The right to object;
    h) Rights with respect to automated decision-making and profiling.

    Keeping Data Subjects Informed
    12.1 The Company shall ensure that the following information is provided to every data subject when personal data is collected:
    a) Details of the Company including, but not limited to, the identity of Rob Lynes, its Data Protection Officer;
    b) The purpose(s) for which the personal data is being collected and will be processed (as detailed in Part 21 of this Policy) and the legal basis justifying that collection and processing;
    c) Where applicable, the legitimate interests upon which the Company is justifying its collection and processing of the personal data;
    d) Where the personal data is not obtained directly from the data subject, the categories of personal data collected and processed;
    e) Where the personal data is to be transferred to one or more third parties, details of those parties;
    f) Where the personal data is to be transferred to a third party that is located outside of the European Economic Area (the “EEA”), details of that transfer, including but not limited to the safeguards in place (see Part 24 of this Policy for further details concerning such third country data transfers);
    g) Details of the length of time the personal data will be held by the Company (or, where there is no predetermined period, details of how that length of time will be determined);
    h) Details of the data subject’s rights under the Regulation;
    i) Details of the data subject’s right to withdraw their consent to the Company’s processing of their personal data at any time;
    j) Details of the data subject’s right to complain to the Information Commissioner’s Office (the ‘supervisory authority’ under the Regulation);
    k) Where applicable, details of any legal or contractual requirement or obligation necessitating the collection and processing of the personal data and details of any consequences of failing to provide it;
    l) Details of any automated decision-making that will take place using the personal data (including but not limited to profiling), including information on how decisions will be made, the significance of those decisions and any consequences.
    12.2 The information set out above in Part 12.1 shall be provided to the data subject at the following applicable time:
    12.2.1 Where the personal data is obtained from the data subject directly, at the time of collection;
    12.2.2 Where the personal data is not obtained from the data subject directly (i.e. from another party):
    a) If the personal data is used to communicate with the data subject, at the time of the first communication; or
    b) If the personal data is to be disclosed to another party, before the personal data is disclosed; or
    c) In any event, not more than one month after the time at which the Company obtains the personal data.

    Data Subject Access
    13.1 A data subject may make a subject access request (“SAR”) at any time to find out more about the personal data which the Company holds about them. The Company is normally required to respond to SARs within one month of receipt (this can be extended by up to two months in the case of complex and/or numerous requests, and in such cases the data subject shall be informed of the need for the extension).
    13.2 All subject access requests received must be forwarded to Rob Lynes, the Company’s data protection officer. jason@criticalpowersupplies.co.uk
    13.3 The Company does not charge a fee for the handling of normal SARs. The Company reserves the right to charge reasonable fees for additional copies of information that has already been supplied to a data subject, and for requests that are manifestly unfounded or excessive, particularly where such requests are repetitive.

    Rectification of Personal Data
    14.1 If a data subject informs the Company that personal data held by the Company is inaccurate or incomplete, requesting that it be rectified, the personal data in question shall be rectified, and the data subject informed of that rectification, within one month of receipt the data subject’s notice (this can be extended by up to two months in the case of complex requests, and in such cases the data subject shall be informed of the need for the extension).
    14.2 In the event that any affected personal data has been disclosed to third parties, those parties shall be informed of any rectification of that personal data.

    Erasure of Personal Data
    15.1 Data subjects may request that the Company erases the personal data it holds about them in the following circumstances:
    a) It is no longer necessary for the Company to hold that personal data with respect to the purpose for which it was originally collected or processed;
    b) The data subject wishes to withdraw their consent to the Company holding and processing their personal data;
    c) The data subject objects to the Company holding and processing their personal data (and there is no overriding legitimate interest to allow the Company to continue doing so) (see Part 18 of this Policy for further details concerning data subjects’ rights to object);
    d) The personal data has been processed unlawfully;
    e) The personal data needs to be erased in order for the Company to comply with a particular legal obligation
    f) The personal data is being held and processed for the purpose of providing information society services to a child.
    15.2 Unless the Company has reasonable grounds to refuse to erase personal data, all requests for erasure shall be complied with, and the data subject informed of the erasure, within one month of receipt of the data subject’s request (this can be extended by up to two months in the case of complex requests, and in such cases the data subject shall be informed of the need for the extension).
    15.3 In the event that any personal data that is to be erased in response to a data subject request has been disclosed to third parties, those parties shall be informed of the erasure (unless it is impossible or would require disproportionate effort to do so).

    Restriction of Personal Data Processing
    16.1 Data subjects may request that the Company ceases processing the personal data it holds about them. If a data subject makes such a request, the Company shall retain only the amount of personal data pertaining to that data subject that is necessary to ensure that no further processing of their personal data takes place.
    16.2 In the event that any affected personal data has been disclosed to third parties, those parties shall be informed of the applicable restrictions on processing it (unless it is impossible or would require disproportionate effort to do so).

    Data Portability
    17.1 The Company processes personal data using automated means. Website and Constant Contact applications.
    17.2 Where data subjects have given their consent to the Company to process their personal data in such a manner or the processing is otherwise required for the performance of a contract between the Company and the data subject, data subjects have the legal right under the Regulation to receive a copy of their personal data and to use it for other purposes (namely transmitting it to other data controllers, e.g. other organisations).
    17.3 To facilitate the right of data portability, the Company shall make available all applicable personal data to data subjects in the following formats:
    a) Printed format;
    b) Electronic Formatt (csv).
    17.4 Where technically feasible, if requested by a data subject, personal data shall be sent directly to another data controller.
    17.5 All requests for copies of personal data shall be complied with within one month of the data subject’s request (this can be extended by up to two months in the case of complex requests in the case of complex or numerous requests, and in such cases the data subject shall be informed of the need for the extension).

    Objections to Personal Data Processing
    18.1 Data subjects have the right to object to the Company processing their personal data based on legitimate interests (including profiling), direct marketing (including profiling), and processing for scientific and/or historical research and statistics purposes.
    18.2 Where a data subject objects to the Company processing their personal data based on its legitimate interests, the Company shall cease such processing forthwith, unless it can be demonstrated that the Company’s legitimate grounds for such processing override the data subject’s interests, rights and freedoms; or the processing is necessary for the conduct of legal claims.
    18.3 Where a data subject objects to the Company processing their personal data for direct marketing purposes, the Company shall cease such processing forthwith.
    18.4 Where a data subject objects to the Company processing their personal data for scientific and/or historical research and statistics purposes, the data subject must, under the Regulation, ‘demonstrate grounds relating to his or her particular situation’. The Company is not required to comply if the research is necessary for the performance of a task carried out for reasons of public interest.

    Automated Decision-Making
    19.1 In the event that the Company uses personal data for the purposes of automated decision-making and those decisions have a legal (or similarly significant effect) on data subjects, data subjects have the right to challenge to such decisions under the Regulation, requesting human intervention, expressing their own point of view, and obtaining an explanation of the decision from the Company.
    19.2 The right described in Part 19.1 does not apply in the following circumstances:
    a) The decision is necessary for the entry into, or performance of, a contract between the Company and the data subject;
    b) The decision is authorised by law; or
    c) The data subject has given their explicit consent.

    Profiling
    Where the Company uses personal data for profiling purposes, the following shall apply:
    a) Clear information explaining the profiling will be provided, including its significance and the likely consequences;
    b) Appropriate mathematical or statistical procedures will be used;
    c) Technical and organisational measures necessary to minimise the risk of errors and to enable such errors to be easily corrected shall be implemented; and
    d) All personal data processed for profiling purposes shall be secured in order to prevent discriminatory effects arising out of profiling (see Parts 22 and 23 of this Policy for more details on data security).

    Personal Data
    The following personal data may be collected, held, and processed by the Company:
    a) Name and Job Position and Company employed by, this is held for normal business contact, warranty and service reasons;
    b) Email address and business phone number, is held for normal business contact, warranty and service reasons;
    c) Personal Medical details, held for employees only as part of HR requirements;
    d) [Personal contact details and spouse/next of kin, held for employees only as part of HR requirements;

    Data Protection Measures
    The Company shall ensure that all its employees, agents, contractors, or other parties working on its behalf comply with the following when working with personal data:
    a) All emails containing personal data must be encrypted using Office 365 message encryption;
    b) Where any personal data is to be erased or otherwise disposed of for any reason (including where copies have been made and are no longer needed), it should be securely deleted and disposed of. Hardcopies should be shredded, and electronic copies should be deleted securely using CCleaner.
    c) Personal data may be transmitted over secure networks only; transmission over unsecured networks is not permitted in any circumstances;
    d) Personal data may not be transmitted over a wireless network if there is a wired alternative that is reasonably practicable;
    e) Personal data contained in the body of an email, whether sent or received, should be copied from the body of that email and stored securely. The email itself should be deleted. All temporary files associated therewith should also be deleted;
    f) Where Personal data is to be sent by facsimile transmission the recipient should be informed in advance of the transmission and should be waiting by the fax machine to receive the data;
    g) Where Personal data is to be transferred in hardcopy form it should be passed directly to the recipient or sent using DHL secure or similar secure service;
    h) No personal data may be shared informally and if an employee, agent, subcontractor, or other party working on behalf of the Company requires access to any personal data that they do not already have access to, such access should be formally requested from Leo Craig General Manager.
    i) All hardcopies of personal data, along with any electronic copies stored on physical, removable media should be stored securely in a locked box, drawer, cabinet or similar;
    j) No personal data may be transferred to any employees, agents, contractors, or other parties, whether such parties are working on behalf of the Company or not, without the authorisation of Leo Craig General Manager;
    k) Personal data must be handled with care at all times and should not be left unattended or on view to unauthorised employees, agents, sub-contractors or other parties at any time;
    l) If personal data is being viewed on a computer screen and the computer in question is to be left unattended for any period of time, the user must lock the computer and screen before leaving it;
    m) No personal data should be stored on any mobile device (including, but not limited to, laptops, tablets and smartphones), whether such device belongs to the Company or otherwise without the formal written approval of Rob Lynes, jason@criticalpowersupplies.co.uk and, in the event of such approval, strictly in accordance with all instructions and limitations described at the time the approval is given, and for no longer than is absolutely necessary.
    n) No personal data should be transferred to any device personally belonging to an employee and personal data may only be transferred to devices belonging to agents, contractors, or other parties working on behalf of the Company where the party in question has agreed to comply fully with the letter and spirit of this Policy and of the Regulation (which may include demonstrating to the Company that all suitable technical and organisational measures have been taken);
    o) All personal data stored electronically should be backed up daily with backups stored offsite. All backups should be encrypted using AES 256 bit;
    p) All electronic copies of personal data should be stored securely using passwords and AES 256 bit data encryption;
    q) All passwords used to protect personal data should be changed regularly and should not use words or phrases that can be easily guessed or otherwise compromised. All passwords must contain a combination of uppercase and lowercase letters, numbers, and symbols All software used by the Company is designed to require such passwords;
    r) Under no circumstances should any passwords be written down or shared between any employees, agents, contractors, or other parties working on behalf of the Company, irrespective of seniority or department. If a password is forgotten, it must be reset using the applicable method. IT staff do not have access to passwords;
    s) Where personal data held by the Company is used for marketing purposes, it shall be the responsibility of Leo Craig General Manager to ensure that no data subjects have added their details to any marketing preference databases including, but not limited to, the Telephone Preference Service, the Mail Preference Service, the Email Preference Service, and the Fax Preference Service. Such details should be checked at least annually.

    Organisational Measures
    The Company shall ensure that the following measures are taken with respect to the collection, holding, and processing of personal data:
    a) All employees, agents, contractors, or other parties working on behalf of the Company shall be made fully aware of both their individual responsibilities and the Company’s responsibilities under the Regulation and under this Policy, and shall be provided with a copy of this Policy;
    b) Only employees, agents, sub-contractors, or other parties working on behalf of the Company that need access to, and use of, personal data in order to carry out their assigned duties correctly shall have access to personal data held by the Company;
    c) All employees, agents, contractors, or other parties working on behalf of the Company handling personal data will be appropriately trained to do so;
    d) All employees, agents, contractors, or other parties working on behalf of the Company handling personal data will be appropriately supervised;
    e) Methods of collecting, holding and processing personal data shall be regularly evaluated and reviewed;
    f) The performance of those employees, agents, contractors, or other parties working on behalf of the Company handling personal data shall be regularly evaluated and reviewed;
    g) All employees, agents, contractors, or other parties working on behalf of the Company handling personal data will be bound to do so in accordance with the principles of the Regulation and this Policy by contract;
    h) All agents, contractors, or other parties working on behalf of the Company handling personal data must ensure that any and all of their employees who are involved in the processing of personal data are held to the same conditions as those relevant employees of the Company arising out of this Policy and the Regulation;
    i) Where any agent, contractor or other party working on behalf of the Company handling personal data fails in their obligations under this Policy that party shall indemnify and hold harmless the Company against any costs, liability, damages, loss, claims or proceedings which may arise out of that failure.

    Transferring Personal Data to a Country Outside the EEA
    24.1 The Company may from time to time transfer (‘transfer’ includes making available remotely) personal data to countries outside of the EEA.
    24.2 The transfer of personal data to a country outside of the EEA shall take place only if one or more of the following applies:
    a) The transfer is to a country, territory, or one or more specific sectors in that country (or an international organisation), that the European Commission has determined ensures an adequate level of protection for personal data;
    b) The transfer is to a country (or international organisation) which provides appropriate safeguards in the form of a legally binding agreement between public authorities or bodies; binding corporate rules; standard data protection clauses adopted by the European Commission; compliance with an approved code of conduct approved by a supervisory authority (e.g. the Information Commissioner’s Office); certification under an approved certification mechanism (as provided for in the Regulation); contractual clauses agreed and authorised by the competent supervisory authority; or provisions inserted into administrative arrangements between public authorities or bodies authorised by the competent supervisory authority;
    c) The transfer is made with the informed consent of the relevant data subject(s);
    d) The transfer is necessary for the performance of a contract between the data subject and the Company (or for pre-contractual steps taken at the request of the data subject);
    e) The transfer is necessary for important public interest reasons;
    f) The transfer is necessary for the conduct of legal claims;
    g) The transfer is necessary to protect the vital interests of the data subject or other individuals where the data subject is physically or legally unable to give their consent; or
    h) The transfer is made from a register that, under UK or EU law, is intended to provide information to the public and which is open for access by the public in general or otherwise to those who are able to show a legitimate interest in accessing the register.

    Data Breach Notification
    25.1 All personal data breaches must be reported immediately to the Company’s data protection officer.
    25.2 If a personal data breach occurs and that breach is likely to result in a risk to the rights and freedoms of data subjects (e.g. financial loss, breach of confidentiality, discrimination, reputational damage, or other significant social or economic damage), the data protection officer must ensure that the Information Commissioner’s Office is informed of the breach without delay, and in any event, within 72 hours after having become aware of it.
    25.3 In the event that a personal data breach is likely to result in a high risk (that is, a higher risk than that described under Part 25.2) to the rights and freedoms of data subjects, the data protection officer must ensure that all affected data subjects are informed of the breach directly and without undue delay.
    25.4 Data breach notifications shall include the following information:
    a) The categories and approximate number of data subjects concerned;
    b) The categories and approximate number of personal data records concerned;
    c) The name and contact details of the Company’s data protection officer (or other contact point where more information can be obtained);
    d) The likely consequences of the breach;
    e) Details of the measures taken, or proposed to be taken, by the Company to address the breach including, where appropriate, measures to mitigate its possible adverse effects.

    Implementation of Policy
    This Policy shall be deemed effective as of 2nd January 2018. No part of this Policy shall have retroactive effect and shall thus apply only to matters occurring on or after this date.

  • Activ8 Computer Solutions Ltd works with consultants and advisors in conjunction with Quality, Heath & Safety and Environmental matters, and reviews these policies annually.

    Critical Power Supplies recognises and accepts its responsibility to provide and maintain safe working conditions and a healthy environment for all persons who may be affected by the Company and its operations. Health, safety and the environment will be given the same importance when making management decisions as other business considerations. It is company policy, so far as is reasonably practicable, to:

    • Safeguard the health, safety & welfare of all employees, sub contractors and visitors whilst at work.

    • Ensure that persons who are not in our employment, but who may be affected by our work activities, both on site and off, are protected.

    • Provide safe plant and equipment and to ensure it is properly inspected and maintained.

    • Provide the necessary information, instruction, training and supervision for employees and others who may be affected by hazards associated with work activities.

    • Ensure that the work place, access to it and egress from it, is safe and without risk.

    • Ensure that any substances, chemicals, oils, greases, gases etc. which are used as part of the  process, are assessed for their possible effect on health and appropriate systems of work adopted for their safe transportation, storage, use and disposal and ensure that dusts, fumes, noise and other occupational hazards, are controlled within safe limits.

    • Ensure that no adverse environmental impact results from the work activities.

    • Ensure that provision is made for adequate welfare facilities for employees, sub contractors and visitors.

    • Communicate with the workforce in all aspects of health, safety & welfare and solicit their co-operation and assistance to create a safe working culture.

    • Identify hazards associated with work activities, assess the risks, define the systems of work required to eliminate or minimise the risk and to check on control measures and their enforcement.

    • Ensure that consideration is given to preventing injury and ill health and dealing with accidents, incidents and emergencies and that any contingency arrangements are communicated and documented.

    • Ensure compliance with local and UK legislation applicable to our business.

    • Commit to continuous improvement in the performance of health, safety and the environment and including the setting and reviewing of objectives.

  • No Smoking Policy

    It is the Company’s policy that all of its workplaces are smoke-free and that all employees have a right to work in a smoke-free environment and not be exposed to second-hand smoke.  This is also a statutory requirement.  As such, the Company’s business premises are no smoking premises and smoking is prohibited in all areas of the workplace at all times with no exceptions.  This includes company vehicles.

    The Company’s policy on smoking applies not only to employees but also to visitors to the workplace, including clients, customers, contractors and suppliers.

    In addition, the Company wishes to portray a professional business image to its clients, customers and suppliers when they visit the Company’s business premises. Therefore, employees are not allowed to smoke immediately outside the entrance to or exit from the workplace.

    Appropriate ‘No Smoking’ signs are clearly displayed at the entrances to and within the workplace.

    Implementation

    (Name(s)) [is/are] responsible for the implementation of and compliance with this policy and a copy will be provided to all staff.  All employees are required to adhere to, and facilitate the implementation of, this policy.  Anyone who wishes to report an incident of smoking in the workplace should therefore speak to (name(s)).

    Non-compliance

    Employees who are found to be smoking in the workplace in contravention of this policy will be subject to disciplinary action in accordance with the Company’s disciplinary procedure.  A breach of this policy will be treated as a serious disciplinary offence.  Where the smoking constituted a health and safety hazard, then such behaviour will be treated as potential gross misconduct and could render the employee liable to summary dismissal.

    If a client, customer, contractor or supplier does not comply with this policy, they will be warned that they are committing an offence, requested to immediately refrain from smoking and, if they refuse, they will be asked to leave (or will be ejected from) the premises.

    Those who do not comply with the smoking ban are also liable to a fixed penalty fine and possible criminal prosecution and they expose the Company to similar action.

    Help to stop smoking –

    Support for smokers who want to stop smoking can be obtained from [the NHS Smoking Helpline on 0800 022 4332 (England)] [the NHS Smokeline on 0800 848484 (Scotland)] [Stop Smoking Wales on 0800 085 2219 (Wales)] [the Smoking Helpline on 0800 858585 (Northern Ireland)] or at http://smokefree.nhs.uk/ or from your local GP’s surgery.

  • Recruitment Policy

    This document sets out the Company policy and procedures to be followed where there is a need to recruit a new employee into the Company.  The information provided here serves as a guide only, and it is important that you keep the management of the Company up-to-date regarding your future recruitment intentions.  In all cases, the guidelines promulgated in the Equal Opportunities Policy are also to be followed.

    The following procedure is to be carried out on every occasion where there is a need to recruit a new employee to the Company:

    1. Complete a Recruitment Authorisation Form (copy attached), and ensure it is discussed with and signed off by a Director of the Company. This form requires a justification for the position as well as:

    • budgetary information/implications;

    • an up-to-date job description and person specification;

    • agreed advertisement wording and medium for publication; and

    • estimated cost of advertising the position.

    1. The form must be forwarded to (name), to arrive no later than Friday lunchtime for consideration the following week. Any forms which are not fully or correctly completed will be returned.

    2. Your request will be considered by the management of the Company. The outcome will be notified to you in writing.

    3. Should your request be turned down, you may find the reasons why by speaking to (name).

    4. If your request has been agreed to, the relevant member of management will make contact with you and discuss the best way to fill your vacancy.

    5. All arrangements for interviews, letters, etc will be the responsibility of (name), who will update you regularly on progress.


  • Sustainability Policy

    The Company is committed to promoting sustainability. We aim to follow and to promote good sustainability practice, to reduce the environmental impacts of all our activities and to help our clients and partners to do the same.

    A) PRINCIPLES

    Our Sustainability Policy is based upon the following principles:

    1. To comply with, and exceed where practicable, all applicable legislation, regulations and codes of practice.

    2. To integrate sustainability considerations into all our business decisions.

    3. To ensure that all staff are fully aware of our Sustainability Policy and are committed to implementing and improving it.

    4. To minimise the impact on the sustainability of all office and transportation activities.

    5. To make clients and suppliers aware of our Sustainability Policy, and encourage them to adopt sound sustainable management practices.

    6. We will continually strive to improve our sustainability performance.

    B) PRACTICAL STEPS

     In order to put these principles into practice we will:

    When travelling to meetings

    Walk, cycle and/or use public transport to attend meetings, site visits, apart from in exceptional circumstances where the alternatives are impractical and/or cost prohibitive.

    1. Include the full costs of more sustainable forms of transport in our financial proposals, rather than the least cost option which may involve travelling by car or air. Where the only practical alternative is to fly, we will include costs for full air fares rather than budget airlines in our financial proposals, and appropriate offsets.

    2. Avoid physically travelling to meetings where alternatives are available and practical, such as using teleconferencing, video conferencing or web cams, and efficient timing of meetings to avoid multiple trips. These options are also often more time efficient, while not sacrificing the benefits of regular contact with clients and partners.

    3. Reduce the need to travel to meetings and elsewhere, and facilitate regular client contact, we will provide a web cam to clients free of charge for the duration of a project where appropriate.

    4. Use an emissions recording scheme for business travel to monitor our impact.

    When purchasing equipment/consumption of resources

    Minimise our use of paper and other office consumables, for example by double-siding all paper used, and identifying opportunities to reduce waste.

    As far as possible arrange for the reuse or recycling of office waste, including paper, computer supplies and redundant equipment.

    Reduce the energy consumption of office equipment by purchasing energy efficient equipment and good housekeeping.

    Purchase electricity from a supplier committed to renewable energy.  Seek to maximise the proportion from renewable energy sources, whilst also supporting investment in new renewable energy schemes.

    C) WORKING PRACTICES AND ADVICE TO CLIENTS

    Ensure that any associates that we work with take account of sustainability issues in their advice to clients. Include a copy of our Sustainability Policy in all our proposals to clients.