PDPA 2010
The Personal Data Protection Act 2010 (hereinafter referred to as the “PDPA”). Notice Pursuant to PDPA 2010.



This notice is issued pursuant to the Personal Data Protection Act 2010 (“the Act”) which became enforceable on 15 February 2014.  For the purpose of this notice, COMPUGATES shall mean Compugates Holdings Berhad and its subsidiaries companies and shall include such other subsidiaries, associate companies and/or related companies as may be incorporated from time to time.

1. Source and Description of Personal Data
1.1 You may have supplied and may continue to supply COMPUGATES with your personal data in connection with credit application, promotional and/or marketing activities, or in the general course of conducting business with COMPUGATES. COMPUGATES may also verify or source personal data about you from third party sources such as credit reporting agencies, Companies Commission and Insolvency Department. COMPUGATES may also obtain personal data from third parties which COMPUGATES deals with or are connected with you (such as credit reference agencies or financial institutions) and from sources where you have given your consent for the disclosure of information relating to you and/or where otherwise lawfully permitted.
1.2 You may have made available your personal data to COMPUGATES in hard copies, attachments in emails or any other form of electronic communications.
1.3 Such personal data may include but is not limited to your name, address, identity card number, passport number thumbprints and contact details such as phone numbers, fax numbers, mobile phone numbers, email address and any other contact information which include photograph or video image of an individual as well as financial information. In addition, COMPUGATES may from time to time request for other personal information that may be relevant for COMPUGATES in the course of conducting business with you or your organization.
2. The Notice and Choice [Purpose(s)]
2.1 The purposes for which your personal data may be used and/or processed by COMPUGATES shall include but not limited to:
a. identity verification;
b. verify details of resellers/dealers
c. to maintain and update customer database record;
d. process credit application or assess and/or verify credit worthiness;
e. process request for products and services of COMPUGATES;
f. process credit risk management and creditability worthiness checks of customer;
g. verify the collection outstanding payment from customers;
h. facilitate and engage in business and/or commercial transactions;
i. conduct promotional and/or marketing activities;
j. provide you with information and updates including promotional and/or marketing materials in relation to products and services offered by COMPUGATES and/or business partners of COMPUGATES;
k. communicate to you including responding to enquiries and resolving issues or complaints;
l. monitor and improve the performance of products and services provided by COMPUGATES;
m. for any general conduct of business activities between COMPUGATES and you or your organisation;
n. comply with legal and regulatory requirement and provide assistance to law enforcement agencies, if required;
o. administer and/or manage products and services which COMPUGATES has provided including enforcing the rights and obligations of COMPUGATES and/or obtaining legal advice;
p. maintain records required for security, claims or other legal purposes;
q. for such other purposes as permitted by applicable law and/or with your consent; and/or
r. for all other purposes in relation or incidental to the above.
3. Provision of Information
3.1 You have the right in deciding the information you wish to provide. However, it is obligatory to provide certain personal data and if you choose not to provide the same, COMPUGATES may not be able to offer products and services to you or your organisation, process credit application, assess credit worthiness, offer credit terms, provide you or your organisation with promotional and/or marketing offers for your benefit, and/or conduct business with you or your organisation.
4. Disclosure of Your Information
4.1 Whilst COMPUGATES does not disclose your information to any third parties unless such disclosure is within the ambit of permitted disclosures under the prevailing laws/guidelines and/or you have consented to such disclosures, COMPUGATES may disclose your information to the following parties:
a. companies within COMPUGATES;
b. third party service providers;
c. agents or contractors appointed by COMPUGATES to act on behalf of COMPUGATES;
d. third parties that assist or collaborate with COMPUGATES on promotional and/or marketing activities;
e. parties that act as COMPUGATES payment channels including but not limited to financial institutions for purposes of maintaining financial records, assessing or verifying credit and facilitating payments to COMPUGATES;
f. regulatory, government bodies, other authorities or persons, if required to do so under any law or in relation to any order or judgment of a court;
g. debt collection agencies and other parties that assist with debt recovery functions; and/or
h. professional advisers and consultants including but not limited to lawyers, accountant, auditors and insurers on a need to know basis for the purposes of providing their services and/or advices to COMPUGATES.
i. Credit Reporting Agencies Act 2010 (“CRA”) on credit information (as defined in the Act) relating to your company from and/or to RAM Credit Information Sdn Bhd or any source deemed appropriate to verify credit history as you and/or RAM Credit Information Sdn Bhd or any source deemed appropriate may deemed fit under any applicable law, regulation, guidelines, regulatory requirement or directive in relation to your company’s credit application or transaction with you for the following purposes (but not limited to) opening of account, credit evaluation, credit/account review, credit/account monitoring, debt recovery purposes, scoring solutions, legal documentation and/or action consented to a contract or facility granted.  Such consent shall remain applicable as long as our company is maintaining an account/loan/credit/any transaction with you.
  Your personal data may also be stored in the ERP and email systems of COMPUGATES where the relevant staff of COMPUGATES may have access for the purposes set out above.
5. Security of Personal Data
  Once collected, your personal data is stored by the Company on computer systems and storage media to which access is controlled or restricted.  The Company has security measures in place to protect the loss, misuse and alteration of information under its control.  Although the Company takes reasonable technological precautions, no data transmission over the Internet can be guaranteed to be completely secure, and the Company cannot warrant that your information will be completely secure. Any transmission of your personal data on or through the use of its Internet site, http://www.jos.com, is at your own risk.
6. Retention of Personal Data
  In accordance with the Company’s internal retention policy, your personal data will only be retained for as long as is reasonably necessary to fulfill the original or directly related purpose for which it was collected (unless such personal data must be retained to satisfy any applicable statutory or contractual obligations).


7. Data Integrity and Access of Personal Data
7.1 You are responsible for ensuring that the personal data you provide us is accurate, complete and not misleading and that such personal data is kept up to date.
7.2 You may contact COMPUGATES in writing to:
a. request for access to your personal data that COMPUGATES retain about you;
b. request for your personal data retained by COMPUGATES to be corrected/updated;
c. withdraw your consent to the processing/use of your personal data by COMPUGATES.
7.3 In accordance with the PDPA, COMPUGATES has the right to charge a fee for the processing of any data access request.
7.4 If you wish to limit COMPUGATES’ right to process your personal data or do not wish to be contacted by COMPUGATES for promotional and/or marketing offers, please contact COMPUGATES at the contact details set out below.
7.5 Should you have any inquiries or complaints in respect of your personal data, you may contact the following:
  PDPA Administration
No 3, Jalan PJU 1/41, Dataran Prima, 47301 Petaling Jaya
Tel: +(60)3–7880 8133    Fax:+(60)3-7880 6133
Email: pdpaadmin@compugates.com
8. Reserve Right
  COMPUGATES reserves the right to amend this Notice at any time and will place notice of such amendments on COMPUGATES’ website www.compugates.com.my or through any other mode which COMPUGATES deems suitable.
8.1 If you are a firm, partnership, joint venture, unincorporated body, corporation or other body corporate, the giving of this Notice addressed to such firm, partnership, joint venture, unincorporated body, corporation or other body corporate shall be deemed as notice given to all your partners, directors, office-bearers, shareholders and/or employees, as the case may be, whose data are collected and/or processed by COMPUGATES for the purposes as stated in paragraph 2.1 above. In this regard, you warrant that you have obtained the consent of all such individuals to the provision of their personal data to COMPUGATES for the purposes set out in paragraph 2.1 above and for disclosure to such parties as set out in paragraph 4.1 above and you undertake to extend a copy of this Notice to all such individuals, which expression shall include all such existing and new partners, directors, office-bearers, shareholders and/or employees, as the case may be, from time to time.
8.2 This Notice shall also apply to the usage, processing and disclosure of the personal data of any other individual who is not a customer of COMPUGATES but whose personal data is required to be collected by COMPUGATES for the purposes or incidental to the provision of products and services by COMPUGATES to its customers, whether the customer concerned is another individual, company, business entity or organisation. In this regard, you confirm and warrant that you have obtained the consent of such individuals to the provision of such personal data to COMPUGATES for the purposes set out in paragraph 2.1above and for disclosure to such parties as stipulated in paragraph 4.1 above.
8.3 By providing your personal data to COMPUGATES, you are consenting to the statements and terms in this Notice and the collection, use, access, disclosure, storage and processing of personal data as described in this Notice.

+ —————————————————————————————————————————— +

Dalam Bahasa Malaysia


Notis ini dikeluarkan selaras dengan keperluan-keperluan Akta Perlindungan Data Peribadi 2010 (“PDPA”). Untuk tujuan Notis ini, “COMPUGATES” bermaksud Compugates Holdings Berhad dan subsidiari- subsidiarinya, termasuk syarikat bersekutu dan/atau syarikat berkaitan sebagaimana yang diperbadankan dari semasa ke semasa.


1. Sumber dan Penerangan Data Peribadi
1.1 Anda mungkin telah membekalkan dan terus, dari semasa ke semasa, membekalkan COMPUGATES dengan data peribadi berkaitan dengan permohonan kredit, aktiviti-aktiviti promosi dan/atau pemasaran atau semasa menjalankan perniagaan dengan COMPUGATES.  COMPUGATES mungkin juga mengesahkan atau mendapat data peribadi mengenai anda daripada sumber pihak ketiga seperti agensi pelapor kredit, Suruhanjaya Syarikat dan Jabatan Insolvensi. COMPUGATES mungkin juga memperolehi data peribadi daripada pihak-pihak ketiga yang berurusan dengan COMPUGATES atau yang berkaitan dengan anda (agensi rujukan kredit atau institusi kewangan) dan daripada sumber-sumber lain di mana anda telah memberi kebenaran untuk mendedahkan maklumat berkaitan dengan anda, dan/atau di mana dibenarkan oleh undang-undang.
1.2 Anda mungkin telah memberi data peribadi kepada COMPUGATES dalam salinan cetak,lampiran dalam e-mel atau mana-mana komunikasi elektronik yang lain.
1.3 Data peribadi tersebut termasuk tetapi tidak terhad kepada nama, alamat, nombor kad pengenalan, nombor pasport dan butir-butir hubungan seperti nombor telefon, nombor faks, nombor telefon bimbit, alamat e-mel dan sebarang maklumat hubungan dan juga maklumat kewangan anda. Sebagai tambahan, COMPUGATES mungkin dari semasa ke semasa meminta maklumat peribadi lain yang berkenaan untuk COMPUGATES semasa menjalankan perniagaan dengan anda atau organisasi anda.
2. Kegunaan-kegunaan
2.1 Tujuan-tujuan di mana data peribadi anda digunakan dan/atau diproses oleh COMPUGATES adalah seperti berikut:
a. pengesahan identiti;
b. mengesahkan butir-butiran semua pelanggan;
c. untuk mengekalkan dan mengemaskini rekod pelanggan kami;
d. memproses permohonan kredit atau menilai dan/atau mengesah kepercayaan kredit;
e. memproses permintaan untuk produk dan perkhidmatan COMPUGATES;
f. memproses pengurusan risiko kredit dan penilaian kredibiliti pelanggan
g. mengesahkan kutipan bayaran tertunggak daripada pelanggan
h. memudahkan dan memasuki transaksi perniagaan dan perdagangan;
i. menjalankan aktiviti-aktiviti promosi dan/atau pemasaran;
j. membekalkan anda dengan maklumat dan kemaskini termasuk bahan-bahan promosi dan/atau pemasaran  berkaitan dengan produk dan perkhidmatan yang ditawarkan oleh COMPUGATES dan/atau rakan-rakan perniaagaan COMPUGATES;
k. berkomunikasi dengan anda termasuk membalas pertanyaan dan menyelesaikan isu atau aduan;
l. mengawasi dan meningkatkan prestasi produk dan perkhidmatan yang disediakan oleh COMPUGATES;
m. untuk aktiviti perniaagaan antara COMPUGATES dengan anda atau organisasi anda;
n. mematuhi keperluan undang-undang dan pengawalseliaan dan memberi bantuan kepada agensi penguatkuasaan undang-undang, sekiranya diperlukan;
o. mengendali dan mengurus produk dan perkhidmatan yang disediakan oleh COMPUGATES termasuk menguatkuasa hak-hak perundangan dan/atau mendapatkan nasihat undang-undang;
p. menyenggara rekod-rekod yang diperlukan untuk tujuan keselamatan, tuntutan atau tujuan undang-undang yang lain;
q. untuk tujuan-tujuan lain yang dibenarkan di bawah undang-undang yang berkenaan dan/atau dengan persetujuan anda; dan/atau
r. untuk segala tujuan-tujuan lain yang berhubungan atau bersampingan dengan di atas.
3. Pemberian Maklumat
3.1 Anda mempunyai hak dalam menentukan maklumat yang anda ingin beri. Walau bagaimanapun, anda diwajibkan memberi data peribadi tertentu dan sekiranya anda memilih untuk tidak memberi data peribadi tertentu, COMPUGATES mungkin tidak dapat menawarkan produk dan perkhidmatan kepada anda atau organisasi anda,memproses permohonan kredit, menilai kepercayaan kredit, menawarkan syarat kredit, membekalkan anda atau organisasi anda dengan tawaran promosi dan/atau permasaran untuk faedah anda, dan/atau menjalankan perniagaan dengan anda atau organisasi anda.
4. Pendedahan Maklumat Anda
4.1 Walaupun COMPUGATES tidak mendedahkan maklumat anda kepada mana-mana pihak ketiga melainkan jika pendedahan tersebut adalah di bawah bidang kuasa pendedahan yang dibenarkan di bawah undang-undang/ garis panduan dan/atau anda telah bersetuju dengan pendedahan tersebut, COMPUGATES mungkin mendedahkan maklumat anda kepada pihak-pihak berikut:
a. syarikat-syarikat dalam COMPUGATES;
b. pembekal perkhidmatan pihak ketiga;
c. ejen atau kontraktor yang dilantik oleh COMPUGATES untuk bertindak bagi pihak COMPUGATES;
d. pihak ketiga yang membantu atau bekerjasama dengan COMPUGATES untuk aktiviti promosi dan/atau pemasaran;
e. pihak yang bertindak sebagai saluran pembayaran COMPUGATES termasuk tetapi tidak terhad kepada institusi kewangan untuk mengekalkan rekod kewangan, menilai atau mengesahkan kredit dan memudahkan pembayaran kepada COMPUGATES;
f. pihak berkuasa kawal selia, badan kerajaan, pihak berkuasa atau orang lain, jika perlu berbuat demikian di bawah mana-mana undang-undang atau berhubungan dengan apa-apa perintah atau penghakiman mahkamah;
g. agensi kutipan hutang dan pihak lain yang membantu dengan fungsi kutipan hutang; dan/atau
h. penasihat profesional dan konsultan termasuk tetapi tidak terhad kepada peguam, akauntan, juruaudit dan penanggung insurans atas dasar perlu tahu sahaja untuk menyediakan perkhidmatan dan/atau nasihat mereka kepada COMPUGATES.
i. Maklumat Kredit atas Akta Agensi Pelaporan Kredit 2010 (“CRA”) (seperti yang ditakrifkan dalam Akta) yang berkaitan dengan syarikat anda dari / atau ke RAM Credit Information Sdn Bhd atau sebarang sumber yang dianggapkan sesuai untuk mengesahkan sejarah kredit anda dan / atau RAM Kredit Information Sdn Bhd atau mana-mana sumber yang dianggapkan atau difikirkan sesuai di bawah undang-undang, peraturan, garis panduan, keperluan peraturan atau arahan berhubung dengan permohonan kredit syarikat atau transaksi dengan anda untuk tujuan berikut (tetapi tidak terhad kepada) pembukaan akaun, kredit penilaian, kajian semula kredit / akaun, pemantauan kredit / akaun, tujuan pemulihan hutang, penyelesaian penilaian, dokumentasi dan / atau tindakan bersetuju dengan kontrak atau kemudahan yang diberi. Persetujuan ini berkuatkuasa selama perusahaan kami / mengekalkan akuan / pinjaman / kredit / atau sebarang transaksi dengan anda.
  Data peribadi anda juga mungkin disimpan dalam ERP dan sistem e-mel COMPUGATES di mana kakitangan COMPUGATES yang berkenaan boleh mempunyai akses bagi tujuan-tujuan yang dinyatakan di atas.
5. Keselamatan Data Peribadi
  Setelah dikumpulkan, data peribadi anda disimpan oleh COMPUGATES dalam sistem komputer dan media penyimpanan yang aksesnya dikawal atau disekat. COMPUGATES mempunyai langkah-langkah keselamatan untuk melindungi kehilangan, penyalahgunaan dan pengubahan maklumat di bawah kawalannya. Walaupun COMPUGATES mengambil langkah teknologi sekuriti yang munasabah, tetapi tiada penghantaran data melalui Internet yang boleh dijamin selamat sepenuhnya.  Oleh itu COMPUGATES tidak boleh menjaminkan bahawa maklumat anda akan selamat sepenuhnya. Sebarang penghantaran data peribadi anda melalui penggunaan laman web Internet, http://www.compugates.com / http://mycompugates.com / www.treesure.net, adalah atas risiko anda sendiri.
6. Penyimpanan Data Peribadi
  Selaras dengan dasar penyimpanan COMPUGATES, data peribadi anda hanya akan disimpan pada jangka masa yang semunasabahnya perlu untuk memenuhi tujuan asal atau secara langsung berkaitan dengan mana ia dikumpulkan (kecuali data peribadi tersebut mesti disimpan untuk memenuhi apa-apa berkanun undang atau obligasi kontrak).
7. Data Intergriti dan Akses Data Peribadi
7.1 Anda bertanggungjawab untuk memastikan bahawa data peribadi yang anda berikan kepada kami adalah tepat, lengkap dan tidak mengelirukan.  Anda harus juga memastikan bahawa data peribadi yang disimpan oleh COMPUGATES adalah data yang terkini.
7.2 Anda boleh menghubungi COMPUGATES secara bertulis untuk:
a. meminta akses kepada data peribadi mengenai anda yang dipegang oleh COMPUGATES;
b. meminta supaya data peribadi anda yang dipegang oleh COMPUGATES diperbetulkan/dikemaskini;
c. menarik balik persetujuan anda untuk pemprosesan/penggunaan data peribadi oleh COMPUGATES.
7.3 Menurut PDPA, COMPUGATES berhak mengenakan bayaran untuk memproses permintaan akses data peribadi.
7.4 Jika anda ingin menghadkan hak COMPUGATES untuk memproses data peribadi anda atau tidak ingin dihubungi oleh COMPUGATES untuk tawaran promosi dan/atau pemasaran, sila hubungi COMPUGATES seperti yang tertera di bawah.
7.5 Sekiranya anda mempunyai sebarang pertanyaan atau aduan berkenaan dengan data peribadi anda, anda boleh hubungi:
  Pentadbiran Data Peribadi

COMPUGATES Holdings Berhad

No 3, Jalan PJU 1/41, Dataran Prima, 47301 Petaling Jaya

Tel: +(60)3–7880 8133    Fax:+(60)3-7880 6133

Email: pdpaadmin@compugates.com

8. Hak Rizab
  COMPUGATES berhak untuk meminda Notis ini pada bila-bila masa dan akan meletakkan notis pindaan tersebut dalam laman web COMPUGATES www.compugates.com.my / http://mycompugates.my / www.treesure.net atau melalui saluran lain yang dianggap sesuai untuk COMPUGATES.
8.1 Jika anda adalah suatu firma, perkongsian, usaha sama, pertubuhan yang tidak diperbadankan, perbadanan atau badan korporat yang lain, pemberian Notis ini yang dialamatkan kepada firma, perkongsian, usaha sama, pertubuhan yang tidak diperbadankan, perbadanan atau badan korporat lain tersebut adalah dianggap sebagai notis yang diberikan kepada semua rakan kongsi, pengarah, pemegang jawatan, pemegang saham dan/atau pekerja, mengikut mana yang berkenaan, yang mana data dikumpul dan/atau diproses oleh COMPUGATES bagi tujuan-tujuan yang dinyatakan di perenggan 2.1 di atas. Dalam hal ini, anda menjamin bahawa anda telah mendapatkan persetujuan semua individu tersebut untuk memberi data peribadi mereka kepada COMPUGATES untuk tujuan-tujuan yang dinyatakan dalam perenggan 2.1 di atas dan untuk pendedahan kepada pihak-pihak yang dinyatakan dalam perenggan 4.1 di atas dan anda mengakujanji untuk memberikan sesalinan Notis ini kepada semua individu tersebut, di mana ungkapan tersebut hendaklah termasuk semua rakan kongsi, pengarah, pemegang jawatan, pemegang saham dan/atau pekerja anda, mengikut mana yang berkenaan, yang sedia ada dan baru, dari semasa ke semasa.
8.2 Notis ini hendaklah juga terpakai berkenaan dengan penggunaan, pemprosesan dan pendedahan data peribadi mana-mana individu lain yang bukan pelanggan COMPUGATES tetapi yang mana data peribadi perlu dikumpulkan oleh COMPUGATES untuk tujuan atau sampingan kepada penyediaan produk dan perkhidmatan oleh COMPUGATES kepada pelanggannya, sama ada pelanggan tersebut adalah individu, syarikat, entity perniagaan atau organisasi. Dalam hal ini, anda mengesahkan dan menjamin bahawa anda telah mendapatkan persetujuan semua individu tersebut untuk memberi data peribadi tersebut kepada COMPUGATES bagi tujuan-tujuan yang dinyatakan dalam perenggan 2.1 di atas dan untuk pendedahan kepada pihak-pihak yang dinyatakan di perenggan 4.1 di atas.
8.3 Dengan memberi data peribadi anda kepada COMPUGATES, anda bersetuju dengan kenyataan-kenyataan dan syarat-syarat dalam Notis ini dan pengumpulan, penggunaan, akses, pendedahan, penyimpanan dan pemprosesan data peribadi seperti yang dinyatakan dalam Notis ini.


+ —————————————————————————————————————————— +



Introduction – The Policy

This document, (“Compugates”) shall mean Compugates Holdings Berhad and its subsidiaries companies and shall include such other subsidiaries, associate companies and/or related companies as may be incorporated from time to time.

Human Resources Data Protection Procedure (the “Procedure”) sets out Compugates rules and guidelines relating to holding, processing and dealing with information, materials and data about living individuals by Compugates and its employees and is designed to bring together the rights and obligations as set out in the Data Protection Act 2010 (the “Act”) and current “best practice” based on the guidance and other publications of the Information Commissioner.

Compugates recognises the importance of respecting the personal privacy of all employees and also the need to build in appropriate safeguards during the collection, storage, processing and utilisation of personnel data.


The Data Protection Act 2010

The Data Protection Act 2010 (the “2010 Act”) replaces the Data Protection Act 1984 and regulates when and how an individual’s ‘personal data’ may be obtained, held, used, disclosed and generally processed.  It applies to computerise processing of personal data, and also certain paper based data files and records.

Under the Act, living individuals who are the subject of personal data have certain rights in relation to their data, which will govern what Compugates is allowed to do with their personal data.

1.       Personal data relating to Compugates Personnel

1.1     Compugates holds information in its personnel files relating to past, present and potential future employees. Compugates collects and maintains such data in order to meet its legitimate interests as an employer, to comply with statutory requirements and fulfil individual employment contract with its employees.

1.2     A personnel record is any printed or handwritten document, microfiche digitised image, sound recording or computer file which:
(a)     Refers by name – or any other means of identification – to a current, potential or past
employee, and
(b)     Represents any information about any matter relating to an employee (whether past, present or future) of a potentially private of sensitive nature.

1.3     The term “Personnel” when used in this Procedure shall include any person or individual who is, has been, who has agreed to be an employee Compugates and/or who will be (during the next three months) placed onto Compugates’s payroll and shall also include contract workers employed at Compugates’s premises, or working directly on Compugates’s behalf, and agency staff, and all such Personnel shall be covered by this Procedure.

1.4     Compugates is the registered Data Controller.  However, members of staff may also act as Data Controllers, either alone or jointly in common with other members of staff where personal data is to be used, and they are responsible for determining the purposes and the manner in which any personal data are to be processed.

2.       Procedure

All personal data relating to Compugates Personnel data shall be:
(a)     Obtained by lawful and fair means and where appropriate, with the knowledge or consent of the employee concerned;
(b)     Processed within the strict terms of the law, including but not limited to the Act, and any associated rules, regulations, statutory provisions, extensions or re-enactments thereof and where possible, in line with any current guidance and other publications of the Information Commissioner;
(c)     Relevant for the purposes for which it is to be used;
(d)     Accurate, complete and up to date;
(e)     Kept for no longer that is necessary for its declared purpose;
(f)      Held in the full knowledge of the individual employee (except in cases specifically excluded under the 2010 Act);
(g)     Protected by reasonable security safeguards against such risks as loss or unauthorised
(h)     Access, destruction, use, modification or disclosure of data;

3.       Principal Purposes of Holding Data on Personnel Files

3.1     The principal purposes for holding data relating to Personnel on personnel files held by the Data Controller include but are not limited to:
(a)     Recruitment, promotion, training, redeployment and/or career development;
(b)     The calculation of payroll data and the transfer of such data for use by Finance staff and independent auditors (including but not limited to details of bank/building society wage transfers and the payment of authorised expenses);
(c)     The determination and calculation of certain benefits, including superannuation;
(d)     For contacting next of kin and arranging medical attention in connection with death, illness or injury of an employee whilst at work;
(e)     Compliance with statutory requests from the Inland Revenue, the Department of Social Security, the Benefits Agency and other relevant public authorities/ agencies;
(f)      Disciplinary purposes arising from an employee’s conduct or capability to perform their job requirements;
(g)     For occupational health and sickness monitoring purposes;
(h)     The provision of references/reports to financial institutions, qualified legal representatives, appropriate bodies in connection with the holding of public office, facilitate entry onto educational courses, permit participation on reserve military/civil protection services, assist qualified medical practitioners and potential future employers.

3.2 In all those cases cited in 3.1(h) above, the relevant information will only be disclosed following a written request from the employee/former employee concerned instructing the Data Controller, and giving consent to the Data Controller to make such disclosure.

4.       Sensitive Information

4.1 The following categories of information are subject to statutory restriction and will only be held on file for specific, legitimate purposes.
(a)     Political Opinions – This will not be recorded on any personnel file.
(b)     Religious or philosophical beliefs – This will not be recorded on any personnel file.
(c)     The processing of data concerning
Only data relating to:
(i) Occupational health;
(ii) Sickness absence records;
(iii) The chronic illness of a specific employee in circumstances which may affect their
ability to perform all aspects of the normal work; and
(iv) Data to comply with the Disability Discrimination Act (1995) will he held on file.

Data relating to iii) and iv) above will be collected and retained only with the express permission of the individual employees concerned. All Human Resources Staff who have access to health records shall be instructed that such information must be treated as confidential.

 Restriction of Access to Personnel Data

4.2     Compugates may place all or part of its files onto a secure computer network and with restricted access to personnel data.  When implemented access to individual employee data will only be granted to the following data users within Compugates for specific and legitimate purposes:
(a)     Staff employed in the Human Resources Department;
(b)     Staff in the Management Category;
(c)     Any specified and contracted computer bureau (acting under the direction of the Data Controller, or his/her representative) used to process internal corporate data   providing secure processing facilities and data access in line with statutory provisions and the requirements of Compugates.

5.       Evaluation based on Automated Processing of Data

No data shall be held on Compugates personnel files which is based solely on automated processing of data intended to evaluate certain personal aspects relating to an individual employee, such as his performance at work, creditworthiness, reliability or conduct.

6.       Further Information

All employees have the right to know whether or not any personal data relating to them is being processed and to receive information relating to the description of the data, the purposes for which their personal data is or is to be processed, from whom it is received, to whom it is disclosed. All employees have the right to receive a copy of such personal data and have the right to correct any errors which exist on record about them. When further data is requested from them, they may know if replies to the questions are obligatory or voluntary and the possible consequences of failure to reply.

7.       Access to Personnel Files by Employees

7.1     All employees shall have reasonable access to their own personnel files held by Compugates, under the terms of the Data Protection Act 2010. No charge shall be made to the employee for the provision of this information.  Employees who wish to gain access to these records should write to Human Resources requesting this.  Compugates reserves the right to withhold:
(a)     Information in the case of repeat requests from individual employees made unreasonably frequently;
(b)     Specific information if the Compugates cannot comply with an employee’s request without disclosing information relating to another individual who can be identified from that information (including its source). This will be waived where the Compugates is:

(i)      Satisfied that the other individual has consented to the disclosure of the information to the employee making the request, or
(ii)     It is reasonable in all the circumstances to comply without the consent of the other individual;

(c)     Any data which is excluded through legislation on the grounds of national security, breaches of ethics for regulated professions, or is relevant to any current investigation concerning any possible criminal/civil legal action. Personal data are also exempt if they consist of a reference given or to be given in confidence by the Data Controller for the purposes of:

(i)    The education, training or employment or prospective education, training or employment, of the data subject;
(ii)     The appointment, or prospective appointment, of the data subject to any office, or
(iii)    The provision, or prospective provision, by the data subject of any service.

It is important to note that these exemptions only apply to confidential references given to any third party.  A Data Subject has the right to request a copy of such a reference from the person to whom it was sent, however they do not have the right to ask the originator for a copy.

7.2     All manual files must be examined under supervision within the Human Resources Department and this will be arranged by the Head of Human Resources or a senior member of Human Resources staff.  Appropriate clarification/guidance concerning the computerised or manual files will be given, on request, by specialist personnel staff. No record may be altered or removed without the express permission of the Head of Human Resources, acting as the Data Controller’s representative.

7.3     The data supplied will, whenever practicable, relate to the date when the request was first received.

7.4     Employees have the right to make any reasonable request for the amendment of their own personnel records provided that:
(a)     They can readily demonstrate the existence of an identifiable error, necessary update, relevant omission, superfluous fact, or
(b)     It is unlawful to maintain such a record.

8.       Retention

8.1     Application forms, interview records and references for unsuccessful internal and external candidates should be kept for a period of twelve months following the interview.  Retention beyond this period would require demonstration of a clear business need by Compugates and consent obtained from the individual.  This applies to all manual files including any notes taken by anyone at interviews as well as computerised files.  Care should be taken by anyone at an interview panel as all their notes/scribbles become part of the file and must be produced within (30) thirty days of a written request being received by the Head of Human Resources.

8.2     All employee data other than the name, job title, department and period of employment at  Compugates should be deleted seven years after employment has ended and/or as per governance of Section 61, of the Employment Act 1955.

9.       The Right to Object

9.1     An employee is entitled at any time, by notice in writing, to require Compugates to cease within a reasonable time from processing any personal data because it is causing or likely to cause, substantial damage or distress to themselves or another individual. The reasons for this request must be clearly stated and specified at the time.  The Data Controller must respond within (30) thirty days stating whether it intends or has complied as the reasons why the notice is unjustified and the extent to which it intends to comply (if at all.)

9.2     Compugates reserves the right to collate, process and disseminate statistics based on an aggregation or data held on its personnel files, provided the data relating any individual employee may not be identified from the resulting analysis.

9.3     All employees have a general duty to respect the rights of Compugates to protect any information relating to its products, services, methods, organisation and/or plans. The right will extend to patents, patent applications, copyrighted material, registered designs and design applications, ‘insider’ financial details and all information of a commercially sensitive nature which is clearly understood by the employee to be confidential and where no authorised use has been granted.

9.4     In the case of a dispute concerning any specific application of this Procedure, the matter should be brought to the attention of the Data Protection Officer.