+44 (0) 1249 691 174

GDPR Statement

Sapphire Foods / Mobius Logistics collects the following personal data

  • Driver names in Mobius ‘Board’
  • Driver locations via GPS on board trucks in Mobius ‘Board’
  • Driver names and signatures in the Drivers Codes of Conduct files, saved in cloud-based storage

The GDPR applies to ‘controllers’ and ‘processors’. A controller determines the purposes and means of processing personal data. A processor is responsible for processing personal data on behalf of a controller. The GDPR applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.

The GDPR does not apply to certain activities including processing covered by the Law Enforcement Directive, processing for national security purposes and processing carried out by individuals purely for personal/household activities.

Sapphire / Mobius considers itself to be a ‘Controller’

The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.

This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people.

The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria. This could include chronologically ordered sets of manual records containing personal data.

Under the GDPR, the data protection principles set out the main responsibilities for organisations.

Article 5 of the GDPR requires that personal data shall be:

a) processed lawfully, fairly and in a transparent manner in relation to individuals;

b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;

c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;

e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and

f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”

Article 5(2) requires that:

“the controller shall be responsible for, and be able to demonstrate, compliance with the principles.”

There must be a valid lawful basis for the holding and processing of data, and Sapphire / Mobius considers its legal basis to be that of ‘Legitimate Interests’, but also argues that it does not process personal data, the data is a by-product of its legitimate business processes.

  • Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

We will

  • include
    • information about our lawful basis in our privacy notice. Under the transparency provisions of the GDPR, the information we need to give people includes:
      • the intended purposes for processing the personal data
      • the lawful basis for the processing
  • inform
    • drivers that their names and locations will be recorded under the lawful basis of ‘Legitimate Interests’ to track the consignments of meat they transport.
  • drivers that their names and signatures will be saved on the documents they sign to comply with our Code of Conduct and Site Rules in our cloud-based storage.
  • monitor
    • personal data on the Mobius ‘board’
  • remove
    • personal data on any system for which we have no lawful basis
    • delivery names and addresses after three years of inactivity

 

 

Gavin Johnson

Operations Director

Sapphire Foods Ltd

18/05/18