GDPR - SDUK's Policy.

 

 

The EU General Data Protection Regulation (GDPR) includes rules on giving privacy information to data subjects in Articles 12, 13 and 14. These are more detailed and specific than in the Data Protection Act and place an emphasis on making privacy notices more transparent, and accessible.

 

A privacy notice must be supplied to the individual at the time they provide you with their personal data. The GDPR says that the information you provide to people about how you process their personal data must be:

  • Concise, transparent, intelligible and easily accessible.
  • Written in clear and plain language.
  • Free of charge.

Identity and contact details of the Data Controller

 

Secure Defence UK Ltd is the Data Controller and is committed to protecting the rights of individuals in line with the Data Protection Act 1998 (DPA) and the new General Data Protection Regulation (GDPR).

 

Contact details of the Data Protection Officer

 

Secure Defence has an appointed Data Protection Officer who can be contacted through support@securedefence.co.uk

 

What information do we collect about you?


Outline the types of personal data being processed. The GDPR defines personal data as the following:

 

‘Any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular         by reference to an identifier such as a name, an identification number, location data, an online identifier.

 

Personal data relating to customer/clients can include: name, job title, date of birth,

Personal and or business VAT/TAX data, home and or business address, home and or business telephone number, private and or business email address, emergency contact, staff number etc.

 

How will your information be used?

           

  • Administration of general invoicing and VAT reconciliations.
  • Providing remote CCTV/Alarm support services
  • Providing general customer support services
  • Provision of data to police agencies specific to monitoring ARC/RRVC services.
  • Provision of data to ARC/RRVC agencies for the purpose of monitoring private and commercial sites.
  • VAT & Tax data collection to be provided to HRMC as required by law in general customer payment transactions.
  • Carrying out research and statistical analysis
  • Providing operational information
  • Promoting our services
  • Ensuring customers safety and security
  • Preventing and detecting crime. Only if required by law enforcement agencies in the pursuit of crime prevention and detection and any pursuant legal actions.
  • Reissue lost certificates;
  • Comply with our statutory and regulatory obligations;
  • Deal with enquiries and complaints made by you relating to your installation.
  • If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
  • We will not share your personal data with others, unless:
  • We are under a duty to disclose or share your personal details to comply with any legal obligation or in order to enforce or apply our rules.
  • Our business enters a joint venture with - or is sold to or merged with - another business. We may then share your personal details with our new business partners or owners.

 

What is our legal basis for processing your personal data?

 

For processing to be lawful under the GDPR, a lawful basis before you can process personal data. It is important that a lawful basis for processing personal data and document this.

 

We are mandatorily required by law to provide necessary data & information to HRMC.

 

We are required to advise you of your necessity to register with ICO. For the purposes of CCTV installation and monitoring. We may also be required by ICO to provide details of persons/properties who have had CCTV installed. Please see https://ico.org.uk/for-organisations/guide-to-data-protection/cctv/

 

*Please note that rules around consent are much stricter under GDPR. Consent means offering individuals genuine choice and control and requires a positive opt-in. Pre-ticked boxes and any other methods of consent by default are not lawful.

 

The GDPR gives individuals a specific right to withdraw consent. Please contact the data controller to request this.

 

**In order to rely on the ‘legitimate interests’ condition you must meet certain requirements.

The first requirement is that you must need to process the information for the purposes of your legitimate interests or for those of a third party to whom you disclose it.

 

The second requirement, once the first has been established, is that these interests must be balanced against the interests of the individual(s) concerned. The “legitimate interests” condition will not be met if the processing is unwarranted because of its prejudicial effect on the rights and freedoms, or legitimate interests, of the individual. Your legitimate interests do not need to be in harmony with those of the individual for the condition to be met. However, where there is a serious mismatch between competing interests, the individual’s       legitimate interests will come first.

 

More information relating to conditions for processing can be found on the ICO’s website or by contacting Secure Defences Data Protection Officer.

 

Who receives your (our Clients) information?

 

  • https://www.gov.uk/government/policies/cyber-security
  • https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/legal-obligation/
  • Norfolk Police. https://www.norfolk.police.uk/about-us/our-policies
  • Suffolk Police. http://www.suffolk-pcc.gov.uk/wp-content/uploads/2012/11/13-2018-General-Data-Protection-Regulation.pdf
  • 1st County Monitoring. ARC/RRVC. http://firstcountymonitoring.co.uk/
  • Secure Defences Banking supplier.
  • The SSAIB, which is our governing body. https://ssaib.org/page/privacy-policy/
  • Our Accountancy Provider, for the purposes of VAT verification.

 

Safeguards in place and any transfers to third countries

We store all of your personal details on a secure server, within the European Economic Area.

We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.

Any payment transactions will be encrypted using SSL technology. Where we have given you - or where you have chosen - a password that enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site. As such, any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent un-authorised access.

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an un-authorised way, altered or disclosed.

In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

 

How long will your information be held?

HRMC and Companies House company law requires we hold records and data for at least 7 years.

We only keep your personal data for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data - and whether we can achieve those purposes through other means - and the applicable legal requirements.

 

Any recorded CCTV data will be held no longer than your sites HDD has capacity for. Any CCTV images committed to media will be held by Police and or insurance companies for as long as their GDPR policies state. Again we record any committal and subsequent passing of CCTV images to the 3rd parties, from that point it becomes the 3rd parties responsibility.

 

What are your rights?

 

  • Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

 

  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

 

  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).

 

  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.

 

  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.


You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

 

You have a right to to access your personal information, to object to the processing of your personal information, to rectify, to erase, to restrict and to port your personal information. Please visit Secure Defences website for further information in relation to your rights.

 

Any requests or objections should be made in writing to the Data Controller:-

 

Data Controller

C/O Secure Defence UK Ltd

Unit 16

Brooke Industrial Estate,

Norwich Road,

Norwich

NR15 1HJ

Email: support@securedefence.co.uk  

 

Security of your information

Here you will need to provide some information on how the data will be kept secure.

 

How to make a complaint

 

If you are unhappy with the way in which your personal data has been processed you may in the first instance contact the Data controller using the contact details above.

 

If you remain dissatisfied then you have the right to apply directly to the Information Commissioner for a decision. The Information Commissioner can be contacted at: -

Information Commissioner’s Office,
Wycliffe House,
Water Lane,
Wilmslow,
Cheshire,
SK9 5AF

www.ico.org.uk