The EU General Data Protection Regulation (GDPR)
The EU (GDPR) includes rules on giving privacy information to data subjects in Articles 12, 13 and 14. These are more detailed and specific than in the Data Protection Act and place an emphasis on making privacy notices more transparent, and accessible.
A privacy notice must be supplied to the individual at the time they provide you with their personal data. The GDPR says that the information you provide to people about how you process their personal data must be:
- concise, transparent, intelligible and easily accessible;
- written in clear and plain language, particularly if addressed to a child; and
- free of charge
About this document
This privacy notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
Any personal information which you volunteer will be treated with the highest standards of security and confidentiality, strictly in accordance with the Data Protection Acts 1988 and 2003 (as amended) and from 25th of May 2018, the General Data Protection Regulation (the GDPR) the Acts.
The Company is the data controller of your personal data and is subject to the Data Protection Act 1998 and 2003 (“DPA”) and from 25th of May 2018, the General Data Protection Regulation (the GDPR).
Who are we?
We provide security services to customers including the provision of Security Officers and Receptionists, Key Holding Services, Alarm attendance, CCTV monitoring and Mobile Patrol activities.
Our data protection contact for the Act is Mr Paul Purchase, who can be contacted via the Company Office Manager via email: firstname.lastname@example.org
How we collect your information?
We may collect your personal data in several ways, for example:
- Corresponding with us by phone, e-mail or otherwise. We ask you to disclose only as much information as is necessary to provide you with our services or to submit a question/suggestion/comment in relation to our site or our services.
- Filling in various forms such as the change of address form.
- Applying to work with us. From third parties, for example from your previous or current school, sixth form college, university, employment history or personnel references. The information you may provide in your CV, a cover letter, your name, address, e-mail address and phone number and so forth.
- Using our Services. Customers supply us with information which may include employee’s contact details; a contact name; email; business address; telephone number and billing payment details.
Why we collect this information?
We collect the information to provide you with our services, to market our services and to recruit staff.
We will use this information to:
- Set your Company up as a Client on our systems
- Liaise with you about the contract that we are undertaking with you
- Liaise with you regarding Security updates and Company News and Newsletters
- Commence your employment
- Communicate and interact with you during your employment
- Liaise with you regarding Security updates and Company News and Newsletters
Prospective clients, customers, suppliers, employees, service users
- Deliver information about our products and services, where you have subscribed to receive same
- Liaise with you regarding Security updates and Company News and Newsletters, where you have subscribed to receive same
The legal bases for the processing of your data are:
- In order to process necessary data for the performance of a contract which you have entered into with us or to take steps at your request prior to entering into a contract
- In order to process necessary data in compliance with legal obligations to which we are subject.
- In order to process necessary data for the purposes of the legitimate interests which we pursue in providing you with quotes and proposals about our services prior to contract where such interests are not overridden by your interests or fundamental rights or freedoms which require the protection of your information
Who might we share this information with?
We may share your information with our selected business associates, suppliers and contractors to provide you with our services. For example, where an assessment of your credit score is a condition of us entering into a contract with you or employing you, we will share information with our selected credit reference agencies.
In addition, we may disclose your personal information to third parties for the following reasons:
- In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets.
- If some or substantially all of our assets are acquired by a third party, in which case information held by us about our customers will be one of the transferred assets.
- If we need to comply with our contractual duties to you, for instance, we may need to pass on certain information to pension or health insurance schemes.
Sharing of Information?
For the purposes referred to in this privacy notice and relying on the bases for processing as set out above, we may share your personal data with certain third parties including: Business partners, suppliers, and sub-contractors for the performance of any contract we enter into with them or you.
Please see our sharing information policy for further details, which can be requested from our Data Protection Officer, who can be contacted via the Company Office Manager via email: email@example.com
How long will the information be held?
The time periods for which we retain your information depends on the type of information and the purposes for which we use it. We will keep your information for no longer than is required or permitted.
Please see our data retention policy for further details, which can be requested from our Data Protection Officer, who can be contacted via the Company Office Manager via email: firstname.lastname@example.org
International Data Transfers
No personal data we process about you will be transferred to and stored at, a destination outside the European Economic Area (“EEA”).
In these circumstances, your personal data will only be transferred on one of the following bases:
- where the transfer is subject to one or more of the “appropriate safeguards” for international transfers prescribed by applicable law (e.g. standard data protection clauses adopted by the European Commission);
- a European Commission decision provides that the country or territory to which the transfer is made ensures an adequate level of protection; or
- there exists another situation where the transfer is permitted under applicable law (e.g. where we have your explicit consent).
What are your rights with respect to your information?
Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA) you have several rights regarding your personal data, including:
- The right to access the information we hold about you.
- The right to require us to rectify any inaccurate information about you without undue delay.
- The right to have us erase any information we hold about you in circumstances such as where it is no longer necessary for us to hold the information for your use of our services or if you have withdrawn your consent to the processing.
- The right to object to us processing information about you such as processing for profiling or direct marketing.
- The right to ask us to provide your information to you in a portable format or, where technically feasible, for us to port that information to another provider provided it does not result in a disclosure of information relating to other people.
- The right to request a restriction of the processing of your information.
- You have the right to lodge a complaint to the Information Commissioners’ Office if you believe that we have not complied with the requirements of the GDPR or DPA 18 with regard to your personal data.
When you become our Customer/Client/Employee/Service User, Contractor/Sub Contractor the processing of your information, and/or that person who you nominate to liaise with us, will become a condition of the contract between us as we require certain information in order to be able to provide you with our services (e.g. contact information). In those circumstances, if you do not wish us to process your information we may be unable to provide our services to you.
Changes to your personal data?
Please tell us promptly about any changes to the information we hold about you.