Our business Belmontstreet Management Consultancy requires a complete interaction with our stakeholders. We will gather data from some of these stakeholders including our customers (students), our employees, business ontacts and any other people with whom a relationship. We are committed to managing the way we collect, store and use data to ensure we respect the privacy and rights of the individuals to whom it relates, including:
◈ Complying with the Qatari Data Protection Law No. 13 of 2016 (the ‘Act’)
◈ Protecting the rights of staff, customers and other data subjects
◈ Storing and processing individuals’ data securely and in line with required legislation communication.
This policy and associated procedures will be communicated to staff through induction, staff training and refresher training sessions, and reinforced as through audit and compliance activity.
This policy will be made available to program participants and other individuals of whom we have information via our website additionally it will be also communicated through program inductions as well.
◈ Data Subject – an individual who is the subject of personal data.
◈ Data Controller – the person who determines the purposes for which and the manner in which any personal data are, or are to be, processed.
◈ Data Processor – in relation to personal data, means any person (other than an employee of the data controller) who processes the data on behalf of the data controller.
◈ Personal Data – data that relates to a living individual who can be identified from that data, or from that data and other information which is held sensitive.
- Personal data – personal data relating to racial or ethnic origin, political opinions; religious (or similar) beliefs, trade union membership; physical or mental health condition, sexual life, commission or alleged commission by them of any offence or any proceedings for any offence committed by them, the disposal of such roceedings or the sentence of any court in such proceedings.
◈ Sensitive Data – can also be any data that contains confidential information about the organisation, its products and services, its customers and suppliers.
Any personal data which Belmontstreet Management Consultancy collects, records or uses in any way whether it is held on paper, on computer or other media – will have appropriate safeguards in place to ensure that we comply with the Act.
Belmontstreet Management Consultancy fully endorses and adheres to the eight principles of the Act, which state that personal data:
◈ Shall be processed fairly and lawfully and, in particular, shall not be processed.
◈ Shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
◈ Shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
◈ Shall be accurate and, where necessary, kept up to date.
◈ Processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
◈ Shall be processed in accordance with the rights of data subjects under this Act.
◈ Shall be protected against unauthorised or unlawful processing, against accidental loss or destruction of, or damage to, personal data by appropriate technical and organisational measures.
◈ Shall not be transferred to a country or territory outside the Qatar unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Belmontstreet Management Consultancy recognises that there will be further strengthening of the Data Protection Act principles within the May 2018 enforcement of the General Data Protection Regulation. Belmontstreet Management Consultancy are committed to upholding data protection law and we employ, policies, procedures, training and systems as necessary for full compliance.
Information we hold Belmontstreet Management Consultancy keeps personal data to:
◈ Administer programmes to comply with our contractual requirements.
◈ To provide an effective service to customers by identifying their needs and managing their progress.
◈ Meet awarding body requirements in relation to achievement of qualifications by learners.
◈ To claim relevant funding for achievements with customers attending funded programmes.
◈ Manage the recruitment, employment and termination of employment of our staff.
The type of data may include (but is not limited to) personal demographic and contact information e.g. names, addresses, nationality, date of birth; references; health and disability information, educational attainment, financial information relating to employment or a service we are providing to customers,information about an individual’s performance, attendance records, disciplinary records.
All personal data will remain confidential. Only people specifically required and entitled to access this information to fulfil their job function may do so and are required to maintain its confidentiality at all times.
All other employees are prohibited from accessing, reading, copying or in any other way dealing with such information.
From time to time, we may need to disclose some information to relevant third parties. e.g. where requested by the data subject for the purpose of giving a reference or to help a customer into education or work.
Prior to disclosure – unless it is a legal obligation e.g. data required by HM Revenue & Customs, a contractual obligation placed upon us by a service commissioner that is covered by alternative legislation – data subjects will be fully informed of the personal data that is being disclosed, the reasons for the disclosure, and the way(s) in which it will be processed.
There may be occasions when data subjects are required to sign a Confidentiality and/or Data Sharing Agreement giving consent to the sharing of some information with other parties.
Data subjects can withdraw their consent to share information at any time. We may occasionally contact individuals by email, mail or telephone with details of our products and services.
◈ Recipients wishing to opt out of receiving this information should write to the Centre Manager at Belmontstreet Management Consultancy.
Belmontstreet Management Consultancy will ensure that all staff comply with the following when processing and/or transmitting personal data:
◈ When we collect any personal data, we will inform individuals why we are collecting it and what we intend to use it for.
◈ Personal data must be transmitted over secure networks only – transmission over unsecured networks is not permitted in any circumstances.
◈ Documents containing personal data must be password protected.
◈ Personal data contained in the body of an email, whether sent or received, must only be emailed via secure systems with appropriate encryption and security.
◈ Personal data in the body of an email should be copied from the body of that email and stored securely. The email itself should be deleted. All temporary files associated with the email should also be deleted.
◈ Where personal data is to be sent by fax the recipient should be informed in advance of the transmission and should be waiting by the fax machine to receive the data.
◈ Where personal data is transferred in hardcopy it should be passed directly to the recipient or posted using a recognised secure postal carrier. Using an intermediary is not permitted.
◈ All hard copies of personal data must be stored securely in a locked box, drawer, cabinet or similar.
◈ All electronic copies of personal data should be stored securely using passwords and suitable data encryption, where possible on a drive or server which cannot be accessed via the internet.
All passwords used to protect personal data should be changed regularly and should not use words or phrases which can be easily guessed or otherwise compromised.
Rights of Data Subjects Data subjects have the right to:
◈ Access to a copy of the information comprised in their personal data within 40 days of making a request.
◈ Object to processing that is likely to cause or is causing damage or distress;
◈ Prevent processing for direct marketing.
◈ Object to decisions being taken by automated means.
◈ In certain circumstances to have inaccurate personal data rectified, blocked, erased or destroys and claim compensation for damages caused by a breach of the Act.
Individuals who want to see a copy of the information an organisation holds about them must write to the Centre Manager requesting this information, including sufficient detail to enable their identity to be confirmed and the data to be identified.
A fee of QAR 100 must be submitted with the request.
In response to a compliant request, the following information will be provided:
◈ Whether any personal data is held.
◈ A description of any data held.
◈ The reason it is being processed.
◈ Details of any third-party organisations that the data has been passed to.
◈ Details of the source of the data where available.
◈ A copy of information comprising the data including details of any technical terminology or codes.
Rights of Data Subjects Data subjects have the right to:
This may include information relating to crime prevention and detection, negotiations with the subject, confidential references supplied by Belmontstreet Management Consultancy.
In accordance with the Information Commissioner's guidelines, Belmontstreet Management Consultancy will maintain a Subject Access Log of all subject access requests. Further we will respond to all subject access requests as soon as possible, and in any case within 40 calendar days of receiving them.
◈ All staff and partners working on behalf of Belmontstreet Management Street responsible for ensuring data is collected, stored and handled appropriately in line with this policy.
◈ Board Members – responsible for ensuring the Data Protection Policy is appropriate, reflects legislative requirements and good governance practices and that Belmontstreet Management Street meets its legal obligations.
◈ Data Controller – responsible for ensuring all staff are appropriately trained, advising individuals about implementation of the policy, dealing with Subject Access Requests, and ensuring Belmontstreet Management Consultancy registration with the Information Commissioner’s Office is updated in line with our legal obligations.
The effectiveness of this policy will be monitored by the Finance Manager & Board through the audit and compliance function of Belmontstreet Management Street to ensure compliance with data handling and security.
The Data Controller will review this policy annually, or more frequently if legislation and/or best practise change, to ensure that it continues to meet current legislative requirements, adopts emerging best practice, and remains effective and relevant to the larger business.
The Data Controller will report back to the Board on the policy's performance, including recommendations for improvement if necessary. Any new regulations will be communicated to all employees and stakeholders via email.