AMEC EUROPE LTD.
Secretary, Mr N. Imaghodo
Phone: 0044(0)560 305 4208
Registered in England/Wales No
VAT UK 222 7736 13
152 City Road
London EC1V 2NX
only after confirmation)
Registered Office UK
95 Wilton Road
(NO CORRESPONDENCE TO BE SENT TO THIS ADDRESS)
All the information contained in this publication has
been investigated carefully and are regularly updated.
The comments are results of our evaluation of the present
legal and tax situation. They do not replace the individually
tailored advices by a tax counsel or an attorney. We do
not take over any guarantee for the correctness, completeness
and up-to-dateness of this information. This applies also
to information on web pages outside of the AMEC Website,
with which the AMEC web pages are linked or will be linked
in the future. The contents of such linked sides are exclusively
the responsibility of their operators
Contents and structure of the AMEC EUROPE Website are
copyright protected. The duplication of information or
data, in particular the use of texts, part of texts or
pictorial material requires the previous agreement of
the AMEC EUROPE Ltd.
Data Protection Policy
Context and overview
Policy prepared by: Mr N. Imaghodo
• Approved by board /
management on: 25/05/2018
• Policy became operational
• Next review date: 25/09/2018
AMEC-EUROPE LTD. needs to
gather and use certain information about individuals.
These can include customers, suppliers, business contacts,
employees and other people the organisation has a
relationship with or may need to contact.
policy describes how this personal data must be collected,
handled and stored to meet the company’s data protection
standards — and to comply with the law.
this policy exists
This data protection policy
ensures AMEC-EUROPE LTD.:
• Complies with data
protection law and follow good practice
• Protects the
rights of staff, customers and partners
• Is open about
how it stores and processes individuals’ data
Protects itself from the risks of a data breach
Data protection law
Protection Act 1998 describes how organisations —
including AMEC-EUROPE LTD. - must collect, handle and
store personal information.
These rules apply
regardless of whether data is stored electronically, on
paper or on other materials.
To comply with the
law, personal information must be collected and used
fairly, stored safely and not disclosed unlawfully.
The Data Protection Act is underpinned by eight
important principles. These say that personal data must:
1. Be processed fairly and lawfully
2. Be obtained
only for specific, lawful purposes
3. Be adequate,
relevant and not excessive
4. Be accurate and kept up
5. Not be held for any longer than necessary
6. Processed in accordance with the rights of data
7. Be protected in appropriate ways
be transferred outside the European Economic Area (EEA),
unless that country or territory also ensures an adequate
level of protection.
People, risks and
This policy applies to:
• The head office of
• All branches of AMEC-EUROPE LTD.
• All staff and volunteers of AMEC-EUROPE LTD.
contractors, suppliers and other people working on behalf
of AMEC-EUROPE LTD.
It applies to all data that the
company holds relating to identifiable individuals, even
if that information technically falls outside of the Data
Protection Act 1998. This can include:
• Names of
• Postal addresses
• Email addresses
• Telephone numbers
• …plus any other information
relating to individuals.
This policy helps to protect AMEC-EUROPE
LTD. from some very real data security risks, including:
• Breaches of confidentiality. For
instance, information being given out inappropriately.
• Failing to offer choice. For instance,
all individuals should be free to choose how the company
uses data relating to them.
damage. For instance, the company could suffer if
hackers successfully gained access to sensitive data.
works for or with AMEC-EUROPE LTD. has some responsibility
for ensuring data is collected, stored and handled
Each team that handles personal data
must ensure that it is handled and processed in line with
this policy and data protection principles.
However, these people have key areas of responsibility:
• The board of directors is ultimately
responsible for ensuring that AMEC-EUROPE LTD. meets its
• The Secretary, Mr. N.
Imaghodo, is responsible for:
o Keeping the
board updated about data protection responsibilities,
risks and issues.
o Reviewing all data protection
procedures and related policies, in line with an agreed
o Arranging data protection training and
advice for the people covered by this policy.
Handling data protection questions from staff and anyone
else covered by this policy.
o Dealing with requests
from individuals to see the data AMEC-EUROPE LTD. holds
about them (also called ‘subject access requests’)
Checking and approving any contracts or agreements with
third parties that may handle the company’s sensitive
• The Secretray, Mr. N. Imaghodo,
is responsible for:
o Ensuring all systems, services
and equipment used for storing data meet acceptable
o Performing regular checks and
scans to ensure security hardware and software is
o Evaluating any third-party
services the company is considering using to store or
process data. For instance, cloud computing services.
The Secretary, Mr. N. Imaghodo, is
o Approving any data protection
statements attached to communications such as emails and
o Addressing any data protection queries from
journalists or media outlets like newspapers.
necessary, working with other staff to ensure marketing
initiatives abide by data protection principles.
General staff guidelines
• The only
people able to access data covered by this policy should
be those who need it for their work.
• Data should not
be shared informally. When access to confidential
information is required, employees can request it from
their line managers.
• AMEC-EUROPE LTD. will provide
training to all employees to help them understand their
responsibilities when handling data.
• Employees should
keep all data secure, by taking sensible precautions and
following the guidelines below.
• In particular, strong
passwords must be used and they should never be shared.
• Personal data should not be disclosed to unauthorised
people, either within the company or externally.
should be regularly reviewed and updated if it is found to
be out of date. If no longer required, it should be
deleted and disposed of.
• Employees should request
help from their line manager or the data protection
officer if they are unsure about any aspect of data
rules describe how and where data should be safely stored.
Questions about storing data safely can be directed to the
IT manager or data controller.
When data is stored
on paper, it should be kept in a secure place where
unauthorised people cannot see it.
also apply to data that is usually stored electronically
but has been printed out for some reason:
• When not
required, the paper or files should be kept in a locked
drawer or filing cabinet.
• Employees should make sure
paper and printouts are not left where unauthorised people
could see them, like on a printer.
• Data printouts
should be shredded and disposed of securely when no longer
When data is stored electronically, it
must be protected from unauthorised access, accidental
deletion and malicious hacking attempts: Data should be
protected by strong passwords that are changed regularly
and never shared between employees.
• If data is stored
on removable media (like a CD or DVD), these should be
kept locked away securely when not being used.
should only be stored on designated drives and servers,
and should only be uploaded to an approved cloud computing
• Servers containing personal data should be
sited in a secure location, away from general office
• Data should be backed up frequently. Those
backups should be tested regularly, in line with the
company’s standard backup procedures.
• Data should
never be saved directly to laptops or other mobile devices
like tablets or smart phones.
• All servers and
computers containing data should be protected by approved
security software and a firewall.
Personal data is of no value to AMEC-EUROPE LTD. unless
the business can make use of it. However, it is when
personal data is accessed and used that it can be at the
greatest risk of loss, corruption or theft:
working with personal data, employees should ensure the
screens of their computers are always locked when left
• Personal data should not be shared
informally. In particular, it should never be sent by
email, as this form of communication is not secure.
Data must be encrypted before being transferred
electronically. The IT manager can explain how to send
data to authorised external contacts.
• Personal data
should never be transferred outside of the European
• Employees should not save copies of
personal data to their own computers. Always access and
update the central copy of any data.
The law requires AMEC-EUROPE LTD. -
GDRP Compliant Data Protect Policy to take reasonable
steps to ensure data is kept accurate and up to date.
The more important it is that the personal data is
accurate, the greater the effort AMEC-EUROPE LTD. should
put into ensuring its accuracy.
It is the
responsibility of all employees who work with data to take
reasonable steps to ensure it is kept as accurate and up
to date as possible.
• Data will be held in as few
places as necessary. Staff should not create any
unnecessary additional data sets.
• Staff should take
every opportunity to ensure data is updated. For instance,
by confirming a customer’s details when they call.
AMEC-EUROPE LTD. will make it easy for data subjects to
update the information AMEC-EUROPE LTD. holds about them.
For instance, via the company website.
• Data should be
updated as inaccuracies are discovered. For instance, if a
customer can no longer be reached on their stored
telephone number, it should be removed from the database.
• It is the marketing manager’s responsibility to ensure
marketing databases are checked against industry
suppression files every six months.
All individuals who are the
subject of personal data held by AMEC-EUROPE LTD. are
• Ask what information the company holds
about them and why.
• Ask how to gain access to it.
• Be informed how to keep it up to date.
• Be informed
how the company is meeting its data protection
If an individual contacts the company
requesting this information, this is called a subject
Subject access requests from
individuals should be made by email, addressed to the
data_controller[at]amec-europe.com. The data controller
can supply a standard request form, although individuals
do not have to use this.
Individuals will be
charged £10 per subject access request. The data
controller will aim to provide the relevant data within 14
The data controller will always verify the
identity of anyone making a subject access request before
handing over any information.
data for other reasons
circumstances, the Data Protection Act allows personal
data to be disclosed to law enforcement agencies without
the consent of the data subject.
circumstances, AMEC-EUROPE LTD. will disclose requested
data. However, the data controller will ensure the request
is legitimate, seeking assistance from the board and from
the company’s legal advisers where necessary.
aims to ensure that individuals are aware that their data
is being processed, and that they understand:
• How the
data is being used
• How to exercise their rights
To these ends, the company has a privacy statement,
setting out how data relating to individuals is used by
the company. This is available on request.
Usage of Cookies
Cookies are small text files, which are used nowadays
by numerous Websites in order to identify regular visitors.
Although these programs cannot cause damages in the user
For questions, suggestions or comments about data security
we are at your disposal under the following E-Mail address
© 2018 AMEC EUROPE LTD.