Contact Us

Data Protection Policy

Definitions

Bluezone
Bluezone Technologies Ltd

Data Protection Act 1998
Data protection legislation in force in the Northern Ireland

Data Protection Officer
The person responsible for ensuring that Bluezone follows its Data Protection Policy and complies with data protection legislation and best practices.

‘Explicit Consent’is a freely given, specific and informed agreement by a Data Subject to the processing of personal information’ about him / her.  Explicit consent is required for processing ‘sensitive’ data.

Manager
Innovative Application MANAGER

Personal Information
Information about living individuals that enables them to be identified – e.g. name and address.  It does not apply to information about companies and agencies.  In this case, it applies to employees, customers, suppliers and any other persons availing of use of Bluezone’s Databases.

Processing
means collecting, amending, handling, storing and disclosing personal information

Sensitive Data
means data about:

  • Racial or ethnic origin
  • Political opinions
  • Religious or similar beliefs
  • Trade union memberships
  • Physical or mental health
  • Sexual life
  • Criminal record
  • Criminal proceedings relating to a Data Subject’s offenses

**Bluezone’s Databases do not collect any sensitive data**

DECLARATION OF COMMITMENT

The Data Protection Act 1998 applies to the processing of personal data. Bluezone is committed to complying with its legal obligations in regard to securing personal data held by it.

Bluezone is an on-line Compliance Management database – a multi-platform application that controls, manages, reports, integrates and manages all aspects of your built environment that relates to health, safety and quality.  Every company is provided with a Profile Page with contact details.  Customers connect to their Suppliers in order to share information.

The Bluezone database manages the compliance of contractors, project management, etc. on Customer Sites and stores personal data required in order to fulfil this purpose.  This Data Protection Policy covers any personal data stored in the Bluezone databases.

 

Bluezone shall ensure:

  • A Data Protection Officer with specific responsibility for ensuring compliance with data protection legislation is assigned
  • All employees processing personal information understand that they are contractually responsible for following good data protection practice
  • All employees processing personal information are appropriately trained to do so
  • All employees processing personal information are appropriately supervised
  • All employees abide The “Eight Rules” of data protection.

 

All data collected, retained and used for our purposes will be in accordance with the Eight Rules of Data Protection.  These are:

  1. Information will be obtained and processed fairly.
  2. Information will be kept only for one or more specified, explicit and lawful purposes.
  3. Use and disclosure of data will be consistent and compatible with the above-mentioned lawful purposes.
  4. Data will be kept safe and secure.
  5. We shall do our best to endeavour that data is accurate, complete and up-to-date.
  6. We shall ensure the data collected is adequate, relevant and not excessive.
  7. We shall retain data for no longer than is necessary for our business purposes.
  8. We shall give a copy of his/her personal data to an individual upon request.

 

Data Protection Officer

Bluezone’s Data Protection Officer is [                        ].  The Data Protection Officer bears overall responsibility for ensuring compliance with data protection legislation.  The Data Protection Officer is also available to answer queries or deal with any concerns about data protection.  You can contact the Data Protection Office by e-mail at [info@Bluezonetechnologies.com] and by telephone at 028 3083 9033.

 

 

RULE 1 – OBTAIN AND PROCESS INFORMATION FAIRLY

Bluezone will ensure that personal data will be processed fairly and in accordance with the principles of data protection, as described in the Data Protection Act 1998.  Bluezone collect personal data only for the purposes of compliance management.

The personal data shown in TABLE 1 (below) is collected for the purposes of compliance management.

 

TABLE 1

Companies Mandatory Employees Mandatory   √ Users Mandatory  √
Company Name Company Name * First Name
Description Title Surname
Sector First Name Role
Service Category Surname Company  
Service Website Employee Number   E-mail
Address Job Title **√ Job Title  
Country Status Department  
Website Employment Start Date   Username  
Status DOB   Phone
Contact Name Qualification **√ Fax  
Registration Number Mobile   E-mail Alert  
Logo Address Line 1   Country  
Phone Address Line 2    
Fax E-mail  
E-mail Photo  
 

 

* Employees can only be uploaded to a Company already existing on Manager.  Therefore, the Company Name is already known.

**While the Job Title and Qualification of an Employee is an obligatory field, it can be set at ‘Other’ if required.

All fields not marked by a Mandatory √ are optional.

Bluezone does not collect sensitive personal data as defined by The Data Protection Act 1998.  All data is explicitly collected, i.e. Bluezone does not collect cookies.

 

 

 

Data Access Control:

The Bluezone Access Control is determined by Table 2 below:

TABLE 2

Employee User Profile
Supplier V/A/E V V/A/E/*
Customer V/A/E V V/A/E**
Bluezone Data V/A/E V/A/E V/A/E

 

V = View          A – Add (Upload)        E = Edit (Modify)

* = Suppliers can view, edit and add (upload) employee details and profile data.  They may also view their Customers’ Profile.

** = Customers can view, edit, and add (upload) employee details and profile data.  They may also view the employee details and profile data of their Suppliers.

 

SUPPLIERS DATA ACCESS CONTROL:

Supplier Employees:

Suppliers control employees data uploaded on the Bluezone database, and may view, edit (modify), and add (upload) employees’ data.

Suppliers set up their employees on the Bluezone database by uploading employee data including names and contact.  TABLE 1 indicates mandatory data required.

Suppliers upload Induction and Training records for employees on Manager as required.  Employee data is visible to your Customers.  Employee status should be changed from PRESENT to PAST when an employee leaves the company.

Supplier Users:

Users are set up by Bluezone and given access to the database.  A User may request a screen shot of his/her data at any time.

The Bluezone database will automatically send out an e-mail to the User with their log-in details and password for access to the database.   A Supplier may have any number of Users.

Users may view their own company information on their Profile page as well as contact details of their Customers.  TABLE 2 defines Manager access for Suppliers.

Supplier’s Profile:

Suppliers may upload, view and edit their own profile data.

Suppliers may view their Customers’ profile and any other information provided by the Customer for their Suppliers, i.e.:  Site Information such as Permits, Specific Customer Requirements, etc.

Suppliers’ Responsibilities:

  • Inform your employees of any personal data that is being shared, the purpose for which it is shared, and provide access to such data at the employee’s request.
  • Ensure all data is kept up-to-date and accurate, and no more data than is necessary is uploaded to the database.
  • Ensure you assign a designated Contact Person on the profile page who will be available to receive e-mail alerts and keep your site up-to-date and accurate.
  • Ensure that when an employee leaves the Supplier’s employ, the Employee’s status is changed from ‘Present’ to ‘Past’.
  • Advise Bluezone if you no longer require access to the database in order to ensure that you are disabled and receive no further e-mails regarding the database.
  • Each Supplier is responsible for ensuring all personal data, log-in details and passwords provided by them are protected from unauthorised access at all times.

 

CUSTOMERS DATA ACCESS CONTROL:

Customers can view, edit (modify), and add (upload) their own data.

Customers may view their Suppliers’ data on the database, but cannot edit or modify any of their Supplier Data.

Customer’s Employees:

Customers control their employees’ data on the databases, and may view, edit (modify), and add (upload) their own employees’ data.

Customers may set up their Employees on the databases by uploading their employees’ personal data including their names and contact details.  Customers may upload induction and training records for each of their employees on the databases if they wish.

Customer’s Users:

Users are set up by Bluezone Administrators to provide access to the databases.  A User may request a screen shot of his/her data at any time.

The database will automatically send out an e-mail to the User with their log-in details and password in order to ensure the User may access the databases.   A Customer may have any number of Users for their site.

Customer’s Profile:

The Profile is the homepage of the Customer supplying the name and contact details of the Customer.

Customers may view, read, write and process their own profile data.

Customers may view their Suppliers’ profiles as well as their Supplier’s Prequalification and Compliance Documentation.

Customers Responsibilities:

  • Ensure you choose a designated Contact Person on the Profile Page who will be available to receive e-mail alerts, and keep the profile page up-to-date and accurate
  • Inform their employees of any personal data that is being shared, the purpose for which it is shared, and provide access to such data at the employee’s request.
  • Ensure all data is kept up-to-date and accurate, and no more data than is necessary is uploaded to Manager.
  • Inform their employees what personal data is being shared (see TABLE 1), the purpose for which it is shared, and provide access to such data at the employee’s request.
  • Ensure that when an employee leaves the Customer’s employ, the Employee’s status is changed from ‘Present’ to ‘Past’.
  • Each Customer is responsible for ensuring all personal data, log-in details and passwords provided by them are protected from unauthorised access at all times.

 

ACCESS CONTROL:

Bluezone are the system administrators.  Bluezone can view, edit (modify), add (upload) and delete any data on Manager.

All Bluezone staff are trained and competent in the legal requirements of the Data Protection Act 1998.

Bluezone will not share data with other organisations outside Manager, but in circumstances where this is required by law, the Data Subject will be made aware how and with whom their information will be shared.

There are circumstances where the law requires Bluezone to disclose data without the Data Subject’s consent, these are:

  • Carrying out a legal duty as authorised by an appropriate legal officer
  • The Data Subject has already made the information public
  • Conducting any legal proceedings, obtaining legal advice or defending any legal rights.

Bluezone places great importance on the professional, confidential treatment of personal information as a key element in the success of our working relationships, and in maintaining the confidence of those with whom we deal.  Bluezone intends to ensure that the minimum information required to achieve our purposes be collected and retained, and that personal information is always treated lawfully and correctly.

Bluezone Responsibilities:

  • Management and Employees are trained and competent to carry out their work in accordance with Data Protection Legislation and Bluezone policies and procedures.
  • Management and staff will ensure that any personal data on the Manager, which falls under the Data Protection Act 1998, will be protected and treated as confidential.
  • Management and staff will not use any personal data for any purposes other than outlined in Section 3 (purpose), and will not disclose to others for any other purposes than those outlined in Section 5.
  • Bluezone shall ensure that personal data is obtained and processed fairly, and only in ways compatible with the purposes of compliance in relation to Health and Safety Legislation and Customer Contractual Obligation.
  • Management and staff shall ensure they upload no more data than is necessary for the purposes outlined in Section 3.
  • Bluezone will ensure that support is available to all Users during business hours and provide a contact for emergencies.
  • Bluezone will ensure all e-mail and phone queries will be answered promptly and comprehensively.
  • Any breach of the data protection principles is a serious matter and may lead to disciplinary action up to and including dismissal.  If Data Subjects are in any doubt regarding their obligations, they should contact Bluezone’s Data Protection Officer.

 

 

RULE 2 – KEPT FOR ONE OR MORE SPECIFIED, EXPLICIT AND LAWFUL PURPOSE

Personal data collected by Bluezone is used for compliance in relation to health and safety legislation and contractual reasons.

 

RULE 3 – DISCLOSED ONLY IN WAYS COMPATIBLE WITH THESE PURPOSES

Bluezone will ensure that personal data will be only be disclosed in ways compatible with the purposes of the website and in accordance with the principles of data protection, as described in the Data Protection Act 1998.

Bluezone will not share data with third parties unless legally obliged to do so. In circumstances where this is required by law, the Data Subject will be made aware how and with whom their information will be shared.

There are circumstances where the law requires Bluezone to disclose data without the Data Subject’s consent, these are:

  • Carrying out a legal duty as authorised by an appropriate legal officer
  • The Data Subject has already made the information public
  • Conducting any legal proceedings, obtaining legal advice or defending any legal rights.

Bluezone places great importance on the professional, confidential treatment of personal information as a key element in the success of our working relationships, and in maintaining the confidence of those with whom we deal.  Bluezone intends to ensure that the minimum information required to achieve our purposes be collected and retained, and that personal information is always treated lawfully and correctly.

Data will only be processed for job / project related purposes, and in general, will not be disclosed to third parties, except where required or authorised by law or with the agreement of the concerned Data Subject(s).

 

RULE 4 – KEEP DATA SAFE AND SECURE

Cloud Solution

The database is a web enabled database sitting on the Microsoft Azure Cloud Computing Platform. The URL is www.Bluezonetechnologies.com is the access portal for both customers and suppliers. The Bluezone application is compatible with most internet browsers – i.e. Firefox, Chrome, Safari, Android, etc.

Data Security on the Cloud

The database sits on the Microsoft Azure Cloud platform, which are housed in tier 4 data centres, managed and owned by Microsoft Corp.  Azure provides triple redundancy for solutions running under native Microsoft.NET technologies on Azure. With the triple degree of redundancy, availability of 99.999% is guaranteed during any 12 month cycle, in excess of standard hosting Service Level Agreements. Data is secured through standard protocols and architectures, including best practice at both the application and database layers. The Microsoft cloud also undergoes annual audits for PCI DSS, SOX and HIPAA compliance, as well as internal assessments throughout the year. The Microsoft cloud has obtained ISO/IEC 27001:2005 certification and SAS 70 Type 1 and II attestations.

Further details on Azure security are available on the website www.Bluezonetechnologies.com

Bluezone back’s up the database on a regular basis.

Password Control

Access to the database is password protected

Data Encryption

All Bluezone websites and databases are encrypted (SSL cert)

Cookies

Bluezone does not use cookies at all

 

RULE 5 – DATA KEPT ACCURATE, COMPLETE AND UP-TO-DATE

Bluezone will make every attempt to ensure it only collects data which is adequate, complete and up-to-date in relation to the purposes of Manager.  Suppliers and Customers are responsible to ensure they edit / modify their own data in order to ensure it is kept up-to-date.

Bluezone will endeavour to ensure personal data held by the organisation is up-to-date and accurate.  However, Suppliers and Customers control their data and have access to edit or delete personal information at any time.  It is incumbent on all companies to keep their personal data under their control, accurate, complete and up-to-date.

 

RULE 6 – DATA COLLECTED IS ADEQUATE, RELEVANT AND NOT EXCESSIVE

Bluezone will only collect relevant data, and the data collected will be adequate and not excessive for the purpose of compliance management.

RULE 7 – DATA IS RETAINED NO LONGER THAN NECESSARY

Bluezone is required to retain data for 7 years, after which data will be purged from the active database and archived.

 

RULE 8 – GIVE A COPY OF PERSONAL DATA TO AN INDIVIDUAL ON REQUEST

‘Data Subjects’ of the database are entitled to request data held about them on the database.  Bluezone will provide this data within 30 days.  There is no charge for requesting this data.

A Data Subject should make a request in writing to the Data Protection Officer, stating the exact data required.  Data Subjects are only entitled to access data about themselves and will not be provided with data relating to other Data Subjects or third parties.  It may be possible to redact data relating to a third party or conceal his / her identity.  If this is possible, Bluezone may do so.  Data that is classified as opinion is neither required, nor kept on the database.  Sensitive data as defined by the Data Protection Act 1998 is neither requested, nor required for use of the database.

An objection should be made in writing to the Data Protection Officer outlining the data in question and the harm being caused to the User.

 

TRANSMISSION OF DATA OUTSIDE OF THE STATE

Bluezone not currently operate outside the EEA and does not transfer personal data outside the EEA.

If Bluezone commences operations outside the EEA then it will take the necessary steps to ensure that data has the same level of protection as it does inside the EEA.  For more information, please contact the Data Protection Officer.

 

MONITORING AND REVIEW

This policy and all data protection activities within Bluezone shall be formally reviewed at regular intervals, and at least annually, to take account of changes in law, technology and the experience of the activities and policy in practice.