Personal information charter
Gov Facility Services Limited has set out the following statement to demonstrate how we comply with General Data Protection Regulation (GDPR), the UK Data Protection Act 2018 and relevant Privacy considerations.
Definitions
In this document, - “we”, “our”,”us” and “GFSL” refer to Gov Facility Services Limited. - “you”, “your” and “their” refer to the subjects of data under consideration.
GFSL’s arrangements for data
Website
We operate a website under the umbrella of GOV.UK. Privacy aspects of that website are as per the Privacy Statement linked to at the bottom of that page, and GFSL does not have access to any data collected on our website or from cookies associated with that website; we do not collect or ask for any data-entry by you when you view our website.
Email, office and back-office IT systems
- Our corporate staff use Google-based email, in which incoming emails from third parties are stored permanently unless actively deleted. GFSL does not collect metadata or undertake analytics on the emails we receive. GFSL does not share any such analytic or metadata from our email system with any outside organisations.
- Our site-based staff use an email system controlled by Her Majesty’s Prison and Probation Service. GFSL does not access, collect metadata or undertake analytics on the emails received in that system, and GFSL does not share any such data with any outside organisations.
- GFSL uses an Oracle Cloud platform for Finance, Procurement and HR data. Personal data of employees is held securely within that system with appropriate controls on access and retention. Data on Suppliers and Sub-Contractors is held within that system, including, inter alia, company identification data, taxation data, financial and payment records. This information is used to identify, prequalify, onboard, procure from, manage and pay our supply chain. We do not share metatdata or analytics from this information with outside organisations.
Vetting and clearance processes
GFSL supports Vetting and Clearance processes in line with MOJ and HMPPS requirements. GFSL staff act to collect vetting data in order to initiate vetting processes, and/or act as Vetting Contact Points as part of the vetting processes.
Data collected from Suppliers and Sub-Contractors relating to the vetting of their staff will be held at the point of collection and retained in line with GFSL’s Record Retention Schedule.
GFSL only shares vetting or clearance data with those parties outside GFSL who need that data to process a vetting request or who have a “need-to-know” basis for disclosure of the vetting information (eg to confirm the vetting status of an individual seeking access to an Establishment).
Your rights as a data subject
You have the right at any time to request what data is held about you and the right to ask for this to be corrected if it is inaccurate. Please contact us with any such requests by email
Information security
We have in place reasonable technical and organisational measures to safeguard your data from loss, misuse, alteration or destruction.
Changes to our GDPR and privacy statement
We reserve the right to amend this Statement as we deem necessary from time to time or as may be required by law. Any changes will be immediately posted on our website.
Agreement to this statement
You are deemed to have accepted the terms of this GDPR and Privacy Statement, unless you contact gfsl_communications@govfsl.com to advise otherwise.