logo

Disclaimer

The information contained in this website is for general information purposes only. The information is provided by Yoke Consultancy Limited and while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.

In no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this website.

Through this website you are able to link to other websites which are not under the control of Yoke Consultancy Limited. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.

Every effort is made to keep the website up and running smoothly. However, Yoke Consultancy Limited takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.

 

 

 

Data Protection Policy

Introduction

This policy is very much a statement of principle which explains why and how data protection is vitally important to Yoke consultancy. 

This policy achieves two aims.  First it sets out our commitment to the new standards for protecting personal data set by Regulation (EU) 2016/679 (otherwise known as the General Data Protection Regulation (GDPR)).  Second, it shows how we implement that commitment in everything we do at Yoke from the collection, use, and processing of personal data through to its hosting, cloud-storage, and end-uses.

Core Terms Used in this Policy 

Data is information which is stored electronically, on a computer, in certain paper-based filing systems or any recorded information. 

Data subjects for the purpose of this policy include all living individuals about whom we hold personal data. All data subjects have legal rights in relation to their personal data. 

Personal data means data relating to a living individual who can be identified from that data (or from that data and other information in our possession).  Personal data can be factual (such as a name, address or date of birth) or it can be an opinion (such as a performance appraisal in a HR context). 

Data controllers are the people who or organisations which determine the purposes for which, and the manner in which, any personal data is processed. They have a responsibility to establish practices and policies in line with the law.  Yoke is the data controller of all personal data it holds as an employer of people and a company with legal obligations with respect to filings and company law.  It is very important to note that Yoke ceases to be data controller in the context of the use made by others of Yoke’s services, including the receipt, review and use of certain personal data sets (for example in an Employee Assistance Programme) provided by client clients to Yoke.  

Data users include employees whose work involves using the limited personal data that Yoke holds.  Data users have a duty to protect the information they handle by following our company’s data protection and security policies at all times. 

Data processors include any person who processes personal data on behalf of a data controller.  Yoke functions as data processor when servicing an engagement for a corporate client with respect to tailoring our wellbeing and performance services for that client. Data processors can also include contractors/suppliers which handle personal data (such as outsourced payroll service providers) on Yoke’s behalf. 

Processing is any operative activity that involves use of data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring personal data to third parties.

Our 12 Data Commitments:

Yoke is committed to:

  1. ensuring that we comply with the very latest data protection principles, as initially set out in the Data Protection Act 1998 and subsequently developed in the GDPR (and any successor legislation after the UK withdraws from the European Union);
  2. processing data-sets lawfully, fairly and in a transparent manner.  Transparency for Yoke means clearly documenting our privacy statement, our cookie policy, this data protection policy, and being live to information security and reporting obligations in the event of a suspected data breach.  In this way we are upfront with stakeholders, clients, their end-users, our strategic partners, and regulatory authorities including the Information Commissioner;
  3. living the new GDPR principle of accountability.  In other words we are a corporately responsible company, acutely aware that we are in the business of information and compliance.  Accordingly, our own internal standards regarding the control, processing and use of data have to meet and exceed these expected standards;
  4. acting with a clear and valid purpose when using personal data.  We therefore handle personal data in order to meet our operational needs, to fulfil contractual agreements, to respond to system-critical issues and to adhere to a variety of legal obligations;
  5. delivering data optimisation (and data-minimisation where possible) in our work. We are an efficient, agile and lean business, so we seek to minimise data duplication and endeavour to remove obsolete data from our systems;
  6. establishing and honouring appropriate retention periods for holding on to personal data. Part of this necessarily means honouring individuals’ right to be forgotten where appropriate to do so;
  7. ensuring that our end-product is delivered accurately and without fuss whenever a data subject exercises his or her statutory right to call for and receive personal information held by Yoke about them;
  8. providing high quality security measures to protect personal data from unwanted exposure, hacking, manipulation or other form of unlawful activity, theft or abuse;
  9. ensuring that we provide a clear signal of leadership to our regulator, our clients and our peers by appointing our founder Rachel Arkle as Data Champion for the business.  
  10. embedding a culture of accountability and awareness which flows throughout the whole organisation rather than staying only with the most senior officers;
  11. ensuring that all staff are made aware of good practice and are trained in evolving data protection standards with the help of key strategic partners and external legal experts in the fields of corporate governance, information law, and compliance;
  12. ensuring that everyone at Yoke feels encouraged to raise concerns about data protection vulnerabilities – this will prompt internal dialogue about our standards so that we remain on top of our brief and aware of data protection issues going forward.

Updates to this policy

The world of risk management, information law, and corporate compliance is rapidly changing.  We are pleased to be a business which is cognisant of those changes, and which sees the commercial value and the ethical value in being vigilant where data protection is concerned.  Data protection is vitally important to us and to our clients. We therefore will periodically update this policy to reflect changes in the world around us.

For more information on the data collected or further detail on the items below, please get in touch via info@yokeconsultancy.com