Data Audit Chart

1.Employees

 

 

Personal Data Held How it was Obtained Who has Access How is it stored Why is it required? How Long Is It Held? Lawful Basis Data Sharing

 

Name & Address

DOB / Tel nos / Email address

Direct from employee C David/ K Kendrick / B Paling Paper copy at Connaught Close / Electronic in QBO Comply with HMRC requirements Indefinitely Legal Obligation HMRC HMRC
Personal Bank Details Direct from employee C David Electronic within our bank acct / Paper copy in employee file at Connaught Close To pay salary Only whilst employment is current Contract Company Bank
Next of Kin Direct from employee C David Paper copy at Connaught Close Emergency use only Only whilst employment is current Consent optional letter sent May 19th 2018 None
Tax Information eg tax code / NI no. Direct from employee / HMRC C David / B Paling Electronic in payroll software (QBO) Comply with HMRC req. Indefinitely Legal Obligation HMRC HMRC
Pension / Auto Enrolment Contributions Calculated by payroll software (QBO) C David / B Paling Electronic within QBO and Nest website Comply with Auto Enrollment Indefinitely Legal Obligation – Auto-enrollment NEST
Sickness Direct from employee C David Paper Copy at Connaught Close / Previous on salon software at The Lounge Comply with HMRC sick pay regs Two years after employment ends Contract None
Holiday data Direct from employee All Within spreadsheet on The Lounge PC Comply with holiday policy Two years after employment ends Contract None

 

 

 

 2.Customers 

 

Personal Data Held How it was Obtained Who has Access How is it stored Why is it required? How Long Is It Held? Lawful Basis

 

Data Sharing

 

Name From customer making booking

 

All staff

 

Salon software at The Lounge. To facilitate bookings Indefinite Contract Gcast – mass mailing system but not shared.
Address From customer making booking (optional)

 

All staff Salon software at The Lounge. (optional) Indefinite Contract None
Tel nos From customer making booking

 

 

All staff Salon software at The Lounge. To facilitate bookings

 

Indefinite Contract – to call clients if required to amend appt. None.
Email address From customer

wanting to receive emails

All staff Salon software at The Lounge. For discount email and makerting new products. Indefinite Consent – opt in for Birthday Discount email. Gcast – mass mailing system but not shared.
Date of Birth From customer wanting to receive Birthday Email All staff Salon software at The Lounge. To receive birthday email at correct time of year. Indefinite Consent -Positive opt in from customer None.
Patch Test Record Employee checking box when complete All staff Salon software at The Lounge. To carry out the treatment and for insurance purposes. Indefinite Contract – Required before complete certain treatments. Our insurers in event of a claim
Notes / Record From employee making notes on client card. Allergies. Hair colour etc. All staff Salon software at The Lounge. To keep a history of the clients requirements and address issues. Indefinite Legal Obligation None.

 3.Job Applicants

 

  1. This data use is considered ‘occasional’ and therefore is not included within this audit.