CME – Privacy Statement – GDPR
The CME Personnel Consultancy Ltd – Privacy Statement
As a Data Controller for client information
We are the CME Personnel Consultancy Ltd and we provide payroll services to all businesses.
We value your privacy and appreciate that you trust us to keep your data safe.
Information we collect is only that which is necessary to fulfil contracts with our clients or to assist potential clients with requests for quotes.
This information comprises of company name (where applicable), name of person (people) who are authorised to deal with us, address, telephone number(s) and email address(es).
We collect the information described above to allow us to fulfil contracts, invoice our clients, to provide related customer service and to maintain business and financial records as required by legislation.
Only employees of our company have access to client information which is held on computers with appropriate security settings and we do not disclose any such data to any third party without permission or legal requirement. All employees have undergone appropriate training in GDPR compliance.
We only keep information for as long as is necessary for the purpose for which it is supplied or because we are legally required to do so.
Clients have a right to :-
• Access their personal information
• Request a copy of the information held
As a Data Processor for the employees of clients
We receive information from our clients to allow us to fulfil our contractual obligations. This information includes :-
• Phone number
• Email address – if provided
• Date of Birth
• Date of Joining
• Marital status – if provided
• Next of kin – if provided
• Tax Code
• NI Number
• Pension status/details
• Pay rate
•Have errors corrected
• Have personal details deleted
• Lodge a complaint with Information Commissioner
•Pay in current tax year (plus previous 3 tax years)
•Tax deducted in current tax year (plus previous 3 tax years)
•National Insurance in current tax year (plus previous 3 tax years)
•Pension in current tax year (plus previous 3 tax years) – if appropriate
•Student loan deductions in current tax year (plus previous 3 tax years) – if appropriate.
However, there may be occasions when additional information is required to allow us to fulfil our contract with a client. Examples include statutory payments (SSP, SMP, SPP), court orders and requests for information from authorised state bodies.
All employees have received appropriate training concerning the requirements of GDPR and observe strict confidentiality in relation to data provided by clients. Passwords, antivirus software and fire walls are used on all devices used by the Consultancy for processing payrolls.
Physical files and paperwork are kept in self-contained office premises and are additionally locked in cabinets.
All data is only kept for as long as is required by legislation – three years plus current year for payroll records and six years for pension records. Destruction of paperwork is by secure shredding. On cessation of a client relationship, relevant paperwork may be transferred to the client.
No data is transferred outside the EEA.
Payroll is processed on cloud software run by ACCENTRA (PRIMO) and this system is fully GDPR compliant.
Information is shared with HMRC, various government agencies and pension providers, all of whom comply with the appropriate legislation.
No information will be supplied to third parties unless an employee has given their permission or we have a legal requirement to make the disclosure.
Clients have the right to request password protected reports.
All payslips sent electronically, on behalf of the employer, are password protected.
We comply with all data subject requests and any other obligations arising under GDPR
This Privacy Statement is effective from 25th May 2018 and we reserve the right to update or change it at any time.
Any questions about this statement should be directed to Caroline Elsey – email email@example.com
• • • • •