Ibec has undertook a full review of all internal security and privacy policies to ensure that all personal data within, or passing through the organisation, will be handled in accordance with GDPR regulations. Here, we outline how we handle personal information which you, as an Ibec member, may provide to us.
What personal data do you give us?
Ibec receives personal data from member organisations in the following ways;
- Member contact information needed by Ibec to service its members
- Employment personal data given by members accessing the Employer Relations service
- In addition, Ibec also collects personal data where providing training to members and when holding conferences, seminars and information events for members.
To date Ibec has:
- Reviewed and refreshed the Ibec membership application form
- Reviewed and made some amendments to the membership contract
- Revised our contact lists and have sought refreshed consents where appropriate
- Implemented a new data retention policy
- Provided a Data Addendum Agreement to those of our suppliers who deal with or may get access to personal data while doing work for Ibec
- Prepared a data access request protocol and a number of other internal guidance documents for staff a guidance is underway note for its trade associations on doing their own GDPR Code of Practice begun a new data compliance staff training programme.
Our promise to you now is that
- We only hold personal data for as long as is necessary to keep
- We have in place appropriate access controls and other security measures to ensure the confidentiality of your data
- We share your information with others only with your consent (unless otherwise legally obliged to)
- We will review the personal data that we hold each year and will encourage members to review and update the contact details they provide to Ibec
- We plan to provide members with the membership portal where they can do this directly in 2019
So how will Ibec handle the data you give us?
Each Ibec member company has a nominated point of contact within Ibec usually an Ibec executive in the Employer Relations division or an Ibec Executive servicing a trade association, or an Ibec policy executive. This is where much of the personal data provided by you will be handled by Ibec.
Ibec as data processor
Where you supply us personal details to service you (eg for employment advices and representation), then Ibec is a data processor and you, as the member, are the data controller. Ibec will respect and protect the confidentiality of that information. We will do that by the following;
- Limiting the sharing of the data to only those staff (and where necessary contractors) of Ibec who need access for the purpose of servicing you the member
- We will not use contractors to provide the Ibec service save as indicated to you e.g. training, speaking events, specialist services.
- Security conscious filing
- Regularly reviewing member contact details and deleting those contacts with whom we have had no contact with in the past two years (unless requested otherwise by the member)
- We will not transfer personal data outside of the EEA without your specific consent
- We may from time to time ask for your input into policy development. When you supply your confidential data for this purpose we will not disclose this to any other party - directly or indirectly
- Statistics collected it from you for trade association purposes will only be published in aggregated format and will not identify you or your particular information
Information held by the Employer Relations Division
In interacting with member employers, staff members of the Employer Relations Division will prepare and file documents for submission to third-party dispute resolution fora, including the WRC and the Labour Court. We only deal with copies of documentation and original member documentation remains the members responsibility. Ibec has reviewed its retention policy and will retain case files for no longer than 7 years post the completion of the case. Data which you supplied to Ibec may be deleted shortly after the case has been finalised. Ibec will not retain data on your behalf for any longer than is necessary and to deal with the matter in hand.
In the event that Ibec receives the data access request we will have to comply save where the matter is legally privileged or otherwise prepared for or in contemplation of legal proceedings. In the event that you cease to be a member of Ibec we will generally delete your contact details post termination and so may not be in a position to notify you of any data access request (although we will still try) or any query in relation to information which we may hold from you.
In keeping with the spirit of GDPR, Ibec’s data privacy programme will be an ongoing one.
As a membership organisation Ibec takes its duty of confidentiality to members very seriously. If you have any cause for concern in this regard please let us know either directly or via firstname.lastname@example.org.