Policies

i-Systems have in a place a process that assists in defining all the necessary policies required to successfully guide us as a business to achieve the desired outcomes whilst additionally ensuring that we fully comply with Legislation and our agreed aims.

The objective of I-Systems Ltd is to deliver a best in class customer experience and value to our customers by providing highly motivated and innovative workforce, market leading materials and hardware whilst maintaining a cost efficient structure.

To support the achievement of this objective the company will maintain an effective and efficient Quality Management System based upon the requirements of ISO 9001:2015.

In particular, we will:

  • Carefully select and work closely with suppliers to ensure a seamless high quality service to our customers.
  • All permanent and subcontract employees are selected carefully to ensure the best possible skills are available to deliver our services.
  • As a company we are flexible in our processes and procedures to meet client demands.
  • Promote and encourage a safe working environment for all our staff, contractors, suppliers, customers and general public.
  • Monitor and measure the effectiveness of our business processes and objectives through our Management Reviews and Internal Audit Processes
  • Monitor customer satisfaction by attending client meetings and set objectives for continuous improvement and pro-actively seek feedback from our customers on how well our services meet their requirements.
  • Analyse the causes of any complaint or problem and take appropriate action to prevent recurrence
  • Select and work closely with suppliers who enable us to create and deliver a reliable performance at a competitive rate.
  • Recruit employees who are customer, health and safety focused and support them with appropriate training and systems (equipment) to ensure their competence always meets I-Systems Ltd requirements.
  • Provide a work environment that promotes the wellbeing of our employees and to encourage positive teamwork.
  • Encourage all employees to identify problems and make suggestions to improve all aspects of our products/services and business processes.
  • Ensure that all employees are aware of our Quality Policy and are committed to the effective implementation of our Quality Management System.
  • Ensure that the company complies with all necessary regulatory and legal requirements.

The continual improvement and analysis of our Quality Management System is fundamental to the success of our business and is supported by all employees as an integral part of their daily work.

Signed on behalf of Simon Waughman, Group Managing Director

Sign

Print:  Simon Waughman

Position:   Group Managing Director

Date:  22nd February 2023

At I Systems Limited we recognise our duties under current Health and Safety legislation and we will endeavour to meet the requirements of this legislation and maintain a safe and healthy working environment.  Our Managers and Supervisors are informed of their responsibilities to ensure they take all reasonable precautions, to ensure the safety, health and welfare of those that are likely to be affected by the operation of our business.

I Systems Limited recognise its duty to make regular assessment of the hazards and risks created in the course of the business.

We are committed to:

  • Complying with all relevant legal, customer and other third party requirements;
  • Preventing injury or ill health to anyone who may be affected by its work activities;
  • Continually improving its risk management and occupational health & safety performance;

We also recognise our duty, so far as reasonably practicable:

  • To provide adequate control of the health and safety risks so identified;
  • To consult with our employees on matters affecting their health and safety;
  • To provide and maintain safe plant and equipment;
  • To ensure the safe handling and use of substances;
  • To provide information, instruction, training and supervision where necessary for our workforce, taking into account of any, who do not have English as their first language;
  • To ensure that all workers are competent to do their work and to give them appropriate training;
  • To actively manage and supervise health and safety at work;
  • To have access to competent advice;
  • To provide the resource required to make this policy and our Health and Safety arrangements effective.

We also recognise:

  • Our duty to co-operate and work with other employers when we work at premises or sites under their control to ensure the continued health and safety of all those at work; and
  • Our duty to co-operate and work with other employers and their workers, when their workers come onto our premises or sites to do work for us, to ensure the health and safety of everyone at work.

To help achieve our objectives and ensure our employees recognise their duties under health and safety legislation whilst at work, we will also inform them of their duty to take reasonable care for themselves and for others who might be affected by their activities.  We achieve this by explaining their duty and setting out our company health and safety rules in the I Systems Limited’s Employee Safety Handbook which is made available to every worker employed by us.

In support of this policy a responsibility chart and more detailed arrangements have been prepared.

 

Signature:

Date: 9th November 2021

Name: Simon Waughman

Position:  Director

5.1.a Statement of General Policy and Arrangements

Simon Waughman – Group Managing Director

has overall and final responsibility for health and safety

Rob Adams – Group Safety Manager

has day-to-day responsibility for ensuring this policy is put into practice 

Responsibility of: Name/Title

Action/Arrangements (What are you going to do?)

Rob Adams – Group Safety Manager

Relevant risk assessments completed and actions arising out of those assessments implemented. (Risk assessments reviewed when working habits or conditions change).

Rob Adams – Group Safety Manager

Staff and subcontractors given necessary health and safety induction and provided with appropriate training (including working at height, asbestos awareness and electrical safety) and personal protective equipment. 

We will ensure that suitable arrangements are in place to cover employees engaged in work remote from the main company site.

Rob Adams – Group Safety Manager

Staff routinely consulted on health and safety matters as they arise but also formally consulted at regular health and safety performance review meetings or sooner if required.

Rob Adams – Group Safety Manager

Faye Teague – Office Manager

Escape routes well signed and kept clear at all times. Evacuation plans are tested from time to time and updated as necessary.

 

Simon Waughman – Managing Director

Matt Haire – Electrical Director

Rob Adams – Group Safety Manager

Tom Stone – Director

Faye Teague – Office Manager

Ria Gardiner – First Aid Officer

Gary Cusdin – Logistics Manager/First Aid Officer

Toilets, washing facilities and drinking water provided.       

System in place for routine inspections and testing of equipment and machinery and for ensuring that action is promptly taken to address any defects.  

Suitably trained personnel to be competent in the delivery of first aid within the work place.

Signature:

Date:

09/11/2021

 

Health and safety law poster is displayed at (location)

H&S Notice Board, Kitchen, Unit C5

First-aid box is located:

Kitchen, Unit C5

Accident book is located:

1st Floor Admin Office cabinet 

  

Accidents and ill health at work reported under RIDDOR (Reporting of Injuries, Diseases and Dangerous Occurrences Regulations) http://www.hse.gov.uk/riddor

I-Systems considers environmental management to be of prime importance and is fully committed to fulfilling all environmental responsibilities as well as continuous improvement of environmental performance. As such I-Systems will work with clients, contractors, suppliers and the workforce towards achieving this goal.  

The objective of this policy is to attain and maintain high standards of environmental performance throughout I-Systems.  

All persons conducting activities under the name of I-Systems will adhere to this Environmental Policy.

It is the Policy of the Company to:  

• Understand and comply with all legal requirements, codes of practice and regulations;  

• Organise operations in order to minimise pollution and disturbance to neighbours and the general public;  

• Provide assistance, training and information that may be necessary to personnel at all levels;  

• Use materials and resources with regard to long-term sustainability;  

• Employ a consistent framework for the management of environmental issues across all its operations;  

• Audit environmental performance.  

The successful management of environmental issues will be achieved by:  

• Identification and management of environmental risks and aspects;  

• Prevention of pollution;  

• Minimisation of waste;  

• Provision of prompt response to incidents and emergencies;  

• Promotion of environmental issues and good practice; and  

• Reviewing and reporting on the content and implementation of this policy.

Signed by:

Date: 16th February 2022

Simon Waughman

Director – iSystems Limited

 

 

  1. AIM

We are aware of the obligations placed on us by the General Data Protection Regulation (GDPR) in relation to processing data lawfully and to ensure it is kept securely. 

One such obligation is to report a breach of personal data in certain circumstances and this policy sets out our position on reporting data breaches.

  1. PERSONAL DATA BREACH

A personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or processed. 

The following are examples of data breaches:

  1. access by an unauthorised third party;
  2. deliberate or accidental action (or inaction) by a data controller or data processor; 
  3. sending personal data to an incorrect recipient;
  4. computing devices containing personal data being lost or stolen;
  5. alteration of personal data without permission;
  6. loss of availability of personal data.
  1. BREACH DETECTION MEASURES

We have implemented the following measures to assist us in detecting a personal data breach:

  • Deslock has been added to all PC’s and Laptops
  • Firewalls and virus scanners are in place and monitored through our IT support company.
  • Trackers allocated to mobile phones for remote wiping.
  1. INVESTIGATION INTO SUSPECTED BREACH

In the event that we become aware of a breach, or a potential breach, an investigation will be carried out. This investigation will be carried out by Faye Teague, Office Manager who will make a decision over whether the breach is required to be notified to the Information Commissioner. A decision will also be made over whether the breach is such that the individual(s) must also be notified.

  1. WHEN A BREACH WILL BE NOTIFIED TO THE INFORMATION COMMISSIONER

In accordance with the GDPR, we will undertake to notify the Information Commissioner of a breach which is likely to pose a risk to people’s rights and freedoms.  A risk to people’s freedoms can include physical, material or non-material damage such as discrimination, identity theft or fraud, financial loss and damage to reputation. 

Notification to the Information Commissioner will be done without undue delay and at the latest within 72 hours of discovery. If we are unable to report in full within this timescale, we will make an initial report to the Information Commissioner, and then provide a full report in more than one instalment if so required. 

The following information will be provided when a breach is notified:

  1. a description of the nature of the personal data breach including, where possible:
    1. the categories and approximate number of individuals concerned; and
    2. the categories and approximate number of personal data records concerned
  1. the name and contact details of the Faye Teague 07875682306 – data protection officer where more information can be obtained;
  2. a description of the likely consequences of the personal data breach; and
  3. a description of the measures taken, or proposed to be taken, to deal with the personal data breach, including, where appropriate, the measures taken to mitigate any possible adverse effects.
  1. WHEN A BREACH WILL BE NOTIFIED TO THE INDIVIDUAL

In accordance with the GDPR, we will undertake to notify the individual whose data is the subject of a breach if there is a high risk to people’s rights and freedoms. A high risk may be, for example, where there is an immediate threat of identity theft, or if special categories of data are disclosed online.

This notification will be made without undue delay and may, dependent on the circumstances, be made before the supervisory authority is notified.

The following information will be provided when a breach is notified to the affected individuals:

  1. a description of the nature of the breach
  2. the name and contact details of the Faye Teague 07875682306 – data protection officer where more information can be obtained
  3. a description of the likely consequences of the personal data breach and
  4. a description of the measures taken, or proposed to be taken, to deal with the personal data breach, including, where appropriate, the measures taken to mitigate any possible adverse effects.
  1. RECORD OF BREACHES

The Company records all personal data breaches regardless of whether they are notifiable or not as part of its general accountability requirement under GDPR. It records the facts relating to the breach, its effects and the remedial action taken.

In accordance with the General Data Protection Regulation (GDPR), we have implemented this privacy notice to inform you, as prospective employees of our Company, of the types of data we process about you. We also include within this notice the reasons for processing your data, the lawful basis that permits us to process it, how long we keep your data for and your rights regarding your data.

  1. DATA PROTECTION PRINCIPLES

Under GDPR, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:

    1. processing is fair, lawful and transparent 
    2. data is collected for specific, explicit, and legitimate purposes
    3. data collected is adequate, relevant and limited to what is necessary for the purposes of processing
    4. data is kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay
    5. data is not kept for longer than is necessary for its given purpose
    6. data is processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures
    7. we comply with the relevant GDPR procedures for international transferring of personal data
  1. TYPES OF DATA HELD

We keep several categories of personal data on our prospective employees in order to carry out effective and efficient processes. We keep this data in recruitment files relating to each vacancy and we also hold the data within our computer systems, for example, recruitment logs.

Specifically, we hold the following types of data:

  1. personal details such as name, address, phone numbers;
  2. name and contact details of your next of kin;
  3. your photograph;
  4. your gender, marital status, information of any disability you have or other medical information;
  5. right to work documentation;
  6. information on your race and religion for equality monitoring purposes;
  7. information gathered via the recruitment process such as that entered into a CV or included in a CV cover letter;
  8. references from former employers;
  9. details on your education and employment history etc;
  10. driving licence;
  11. criminal convictions.
  1. COLLECTING YOUR DATA

You provide several pieces of data to us directly during the recruitment exercise.

In some cases, we will collect data about you from third parties, such as employment agencies, former employers when gathering references or credit reference agencies.

Should you be successful in your job application, we will gather further information from you, for example, your bank details and next of kin details, once your employment begins.

  1. LAWFUL BASIS FOR PROCESSING

The law on data protection allows us to process your data for certain reasons only. 

The information below categorises the types of data processing we undertake and the lawful basis we rely on.

Activity requiring your data

Lawful basis

Carrying out checks in relation to your right to work in the UK

Legal obligation

Making reasonable adjustments for disabled employees

Legal obligation

Making recruitment decisions in relation to both initial and subsequent employment e.g. promotion

Our legitimate interests

Making decisions about salary and other benefits

Our legitimate interests

Making decisions about contractual benefits to provide to you

Our legitimate interests

Assessing training needs

Our legitimate interests

Dealing with legal claims made against us

Our legitimate interests

Preventing fraud

Our legitimate interests
  1. SPECIAL CATEGORIES OF DATA

Special categories of data are data relating to your:

 

    1. health
    2. sex life
    3. sexual orientation
    4. race
    5. ethnic origin
    6. political opinion
    7. religion
    8. trade union membership 
    9. genetic and biometric data.

We carry out processing activities using special category data:

  1. for the purposes of equal opportunities monitoring
  2. to determine reasonable adjustments

Most commonly, we will process special categories of data when the following applies:

  1. you have given explicit consent to the processing 
  2. we must process the data in order to carry out our legal obligations 
  3. we must process data for reasons of substantial public interest
  4. you have already made the data public. 
  1. FAILURE TO PROVIDE DATA

Your failure to provide us with data may mean that we are unable to fulfil our requirements for entering into a contract of employment with you. This could include being unable to offer you employment, or administer contractual benefits.

  1. CRIMINAL CONVICTION DATA

We will only collect criminal conviction data where it is appropriate given the nature of your role and where the law permits us. This data will usually be collected at the recruitment stage, however, may also be collected during your employment. We use criminal conviction data to determine your suitability, or your continued suitability for the role. We rely on the lawful basis of our legitimate interests to process this data.

  1. WHO WE SHARE YOUR DATA WITH

Employees within our company who have responsibility for recruitment will have access to your data which is relevant to their function. All employees with such responsibility have been trained in ensuring data is processing in line with GDPR.  

Data is shared with third parties for the following reasons: our legitimate interests

We may also share your data with third parties as part of a Company sale or restructure, or for other reasons to comply with a legal obligation upon us. We have a data processing agreement in place with such third parties to ensure data is not compromised. Third parties must implement appropriate technical and organisational measures to ensure the security of your data.

We do not share your data with bodies outside of the European Economic Area.

  1. PROTECTING YOUR DATA

We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse. We have implemented processes to guard against such. 

  1. RETENTION PERIODS

We only keep your data for as long as we need it for, which, in relation to unsuccessful candidates, is six months to a year. 

If your application is not successful and we have not sought consent or you have not provided consent upon our request to keep your data for the purpose of future suitable job vacancies, we will keep your data for six months once the recruitment exercise ends.

If we have sought your consent to keep your data on file for future job vacancies, and you have provided consent, we will keep your data for nine months once the recruitment exercise ends. At the end of this period, we will delete or destroy your data, unless you have already withdrawn your consent to our processing of your data in which case it will be deleted or destroyed upon your withdrawal of consent.

Where you have provided consent to our use of your data, you also have the right to withdraw that consent at any time. This means that we will stop processing your data and there will be no consequences of withdrawing consent.

If your application is successful, your data will be kept and transferred to the systems we administer for employees. We have a separate privacy notice for employees, which will be provided to you.

  1. AUTOMATED DECISION MAKING

Automated decision making means making decision about you using no human involvement e.g. using computerised filtering equipment. No decision will be made about you solely on the basis of automated decision making (where a decision is taken about you using an electronic system without human involvement) which has a significant impact on you.

  1. YOUR RIGHTS 

You have the following rights in relation to the personal data we hold on you:

    1. the right to be informed about the data we hold on you and what we do with it;
    2. the right of access to the data we hold on you. We operate a separate Subject Access Request policy and all such requests will be dealt with accordingly;
    3. the right for any inaccuracies in the data we hold on you, however they come to light, to be corrected. This is also known as ‘rectification’;
    4. the right to have data deleted in certain circumstances. This is also known as ‘erasure’;
    5. the right to restrict the processing of the data; 
    6. the right to transfer the data we hold on you to another party. This is also known as ‘portability’;
    7. the right to object to the inclusion of any information;
    8. the right to regulate any automated decision-making and profiling of personal data.

In addition to the above rights, you also have the unrestricted right to withdraw consent, that you have previously provided, to our processing of your data at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason for doing so.

If you wish to exercise any of the rights explained above, please contact admin@i-systemsltd.co.uk. 

  1. MAKING A COMPLAINT

If you think your data rights have been breached, you are able to raise a complaint with the Information Commissioner (ICO). You can contact the ICO at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF or by telephone on 0303 123 1113 (local rate) or 01625 545 745.

  1. DATA PROTECTION COMPLIANCE

Our appointed compliance officer in respect of our data protection activities is: Faye Teague and can be contacted by one of the methods below:

Email: admin@i-systemsltd.co.uk

Phone: 0845 625 0214