PATAM LEGAL AND GDPR POLICY
The General Data Protection Regulation (GDPR) started to apply on the 25th May 2018 throughout the EU. This means that organisations carrying out activities that are covered by GDPR are obliged to protect your data.
At PATAM Group Limited (PGL), we are committed to protecting and respecting your privacy. This policy explains when and why we collect personal information, how we use it, the conditions under which we may disclose it to others and how we keep it secure.
When we collect your personal data we request certain information, such as your identity and how we intend to use this information. This is done through this privacy notice and additional links.
The ICO provides guidance on privacy notices – https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-be-informed )
This includes useful information on where and at what point you should deliver the relevant information.
What information do we request from you?
On applying for a PATAM card (virtual and physical card information is listed below in Annex A) through Vircarda or our weblink we will request the following information:
*Date of Birth
Drivers Licence number
Company Serial Number
Relevant qualification certificates and awards
As a competency and data capture matrix we are required to store the information on the Gencarda database, however, you can at any point request that this information is deleted, or your card suspended.
Registering for a PATAM Card
On registering for a PATAM card you will have to agree that you have read this GDPR policy and you are aware of your rights. Failure to agree will result in no card being issued.
The kind of information we hold about you on the physical card
The physical smartcard we issue you with will have some or all of the following information printed on the exterior:
Company serial number
Who has access to your information?
Your information will be shared with Gencarda (Reference Point Ltd) in order to produce your virtual and physical card. Reference Point and their partners are fully GDPR compliant and will only use your information to produce your requested card(s).
How we keep your data secure
On initial application for a PATAM card all of your information will be handled by a PGL company employee. All staff are aware of their responsibilities with regard to the storage of information and the correct policies and procedures will be adhered to as laid down by company protocol.
In the unlikely event of any breaches of data it will be reported immediately to the ICO.
How you can access and update your information?
The accuracy of your information is important to us. If you would like to access to the data, we hold on you please contact: firstname.lastname@example.org. Alternatively, you can telephone 01245 942350.
You have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information (commonly known as “the right to be forgotten”). This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing.
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
How do I complain to the regulator?
If you would like to complain about the way, we handle data please visit: https://ico.org.uk/concerns/
Storage of information, certification and accreditations
PATAM has been designed as a complete digital identity and competency matrix. The information recorded on the card is down to the owner or company. PGL do not recommend if you are uploading CV’s into one of the sections etc that you have any confidential or restricted information listed.
Checking the card on an iPhone
When your PATAM QR Code has been scanned on an iPhone it will automatically save a picture of the front and back of your card into the phones pictures. You have the right to request that this information is deleted. This picture will only contain the following information:
PATAM serial number
A virtual smartcard is a smartcard that is stored in an electronic wallet on your smartphone or tablet instead of being issued as a physical card. The electronic wallet our cards are designed to work with is called Vircarda. In order to download your virtual card, you will first need to install Vircarda on your device.
The Vircarda app can be downloaded free of charge from the following app stores:
- Google Play, the Windows Store, The App Store.
- To issue your card, we will send you two codes by email and/or text. When you enter these codes into Vircarda, your card will automatically be downloaded. The email/text we send you will give you instructions for downloading Vircarda if you haven’t already done so.
Your card can be checked using software called Checarda. Checarda is available for the following platforms:
- PCs and laptops running Windows – the PC/laptop needs to have a camera or QR reader connected to it.
- Android devices. This is available as a free app from Google Play.
- Windows smartphones. This is available as a free app in the Windows store.
- iPhone from iPhone 5 onwards. This is available as a free app from the App Store.
To enable someone to check your card using Checarda, all you will need to do is touch the Read Card option in Vircarda. This will generate a secure QR code that can be read only by Checarda.
Checarda can check cards both offline and online.
When your card is checked online, Checarda will connect to our database and download your card data, before displaying your details on screen. When your card is checked offline, Checarda will confirm that your card is genuine and the person checking your card will then carry out a visual check of the card on your device. When online connectivity becomes available later on, Checarda will connect to our database and download your card data.
Provided you have not switched off notifications on your smartphone or tablet, you will receive a notification confirming your card has been read. From time to time you may receive other notifications from us as well – to warn you that your card is about to expire for example.
We keep a log of all online card checks and any changes made to your card. This log is used for support and security purposes, for helping us understand how cards are being used and for producing statistics about card use. The log file is maintained by Reference Point Ltd, the provider of our smartcard ecosystem, acting as a data processor on our behalf.
When your card is read electronically, a copy of your card is recorded by Checarda along with the time and location, where available. This provides a log of the cards that have been checked for the person checking your card. Checarda enables the person who has checked your card to forward a copy of your data to someone else – someone at head-office for example. Before doing this, the card checker must inform you who the data will be sent to and what it will be used for.
Your card can also be checked electronically by some other software systems. Data protection laws require that, before reading your card, the users of these systems must tell you if they are going to keep a copy of your data and what it will be used for.
Your card can be checked electronically using software called Checarda. Checarda is available for the following platforms:
- PCs and laptops running Windows – the PC/laptop needs to have a smartcard reader connected to it.
- Android devices that have NFC (Near Field Communications) capability. This is available as a free app from Google Play.
- Windows smartphones. This is available as a free app in the Windows store. Only some models of Windows smartphones with NFC are capable of reading our smartcards.
Checarda can read cards both offline and online.
When your card is read offline, Checarda simply reads the data stored in the card chip and presents it on screen. When your card is read online, Checarda connects to our database to see if the card has been cancelled or updated. Checarda then updates the data in the card chip accordingly, before displaying your details on screen. We may also implement functionality to enable your card to be checked online by typing your name and number into Checarda – for example if you do not have your card with you or your card is broken, or you want someone at a different location to check your card. Your card details will be downloaded as if your card had been read electronically. The card checker will need to know your name and number to do this.
When your card is read by Checarda, at our discretion we may surface other information about you that we deem relevant even if it is not stored on your card.
We keep a log of all online card transactions including any changes made to the data on your card. This log is used for support purposes, for helping us understand how cards are being used and for producing statistics about card use. The log file is maintained by Reference Point Ltd, the technology provider for our smartcard ecosystem, who act as a data processor for your data on our behalf.
When your card is read electronically, a copy of your card is recorded by Checarda along with the time and location, where available. This provides a log of the cards that have been read for the person reading your card. Checarda enables the person who has checked your card to forward a copy of your data to someone else – someone at head-office for example. Before doing this, the card checker should inform you who the data will be sent to and what it will be used for.
Your card can also be checked electronically by some other software systems. Users of these systems are required to comply with applicable data protection rules when processing your data.