General Data Protection Regulation (GDPR) – Privacy Notice

General Data Protection Regulation (GDPR) – Privacy Notice

 

 

This Privacy Notice has been written for compliance with the General Data Protection Regulation (GDPR) and explains how and why we use and collect personal information about people who are employees, clients, or potential clients, and the conditions under which we collect and disclose it to others and how we keep it secure. The “data controller” is Midlands Electrical Fire & Security Ltd. with the “Data protection officer” being either director of the business as deputies for each other.

 

When you accept employment, or make your enquiry through Midlands Electrical Fire & Security Ltd and provide us with personal data, we will process such personal data on the basis that it is necessary to do so in order to perform the “Contract” you enter into with us, or by “Legitimate interests”

 

We will process your personal data on the basis set out below as it is in our legitimate interests to do so following contact with Midlands Electrical Fire & Security Ltd.

 

What Information do we collect about you?

 

 

As an employee, we collect personal data about you in order to fulfill the employment contract between us and adhere to NSI rules including security screening requirements.

 

As a client, or potential client, we collect personal data about you to provide our services that are available through Midlands Electrical Fire & Security Ltd, as well as for administrative purposes when confirming your project, callouts, continuing with your service contract, customer satisfaction surveys, or complaints.

 

The personal data that we collect can include or fall into categories such as personal data, or business data, to include, contact details which include your name, business name, email address, telephone number, of the persons enquiring. Further employee data may include, date of birth, home address, national insurance number, bank details, passport details, and driving licence. At times we may require additional information as part of an employee’s security screening consent requested at induction stage and prior to obtaining and providing to our third-party NSI approved service provider and other entities.

 

What do we do with your personal data?

 

 

We require some categories of information in the list primarily to allow Midlands Electrical Fire & Security Ltd to perform our services, or offer employment with our business. It is our responsibility to be clear about data collected and used in a fair and lawful manner. This can include:

  1. Process an application for employment (including those required for Security Screening checks current at the time of application) and ongoing through employment for such as, pensions, personal taxation, driving licence information and the like.
  2. Process enquiries and orders from our clients;
  3. To carry out our obligations arising from any contracts entered into dealing with system users and key-holders in relation to installed and maintained systems;
  4. Seeking views or comments on the services we provide;
  5. Notification of changes to our services;
  6. Sending of information which has been requested and that may be of interest. This may include quotations, information about terms and conditions, system installations, maintenance & monitoring and for employee’s company changes, H&S notifications and the like.
  7. We review our data retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory or regulatory obligations (for example Security Screening Records are retained for term of employment plus 7 years) We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any contract agreement.
  8. We will keep your data safe and secure
  9. Not transfer data outside the European Economic Area without adequate protection

 

Data Sharing and Transfers

 

Your personal data is stored and secured within GDPR EU complaint safeguards we have in place. Your data will only be transferred to service providers who have an agreement with us committing to the model contract clauses defined by the European Commission or certified under the GDPR Privacy Policy format. If we share your personal data with any third-party service providers during employment, and/or providing you with our services, those third parties are required to process your data in accordance with contracts which comply with the General data protection regulation and legislation.

 

We might share your information with third parties where required and by law if requested to do so in accordance with a contract between us, as well as to administer the working relationship with you or where we have another legitimate interest in doing so.

 

For employees, your personal data may be shared with training providers and other entities such as, payroll, pension, administration, HMRC Tax office, and/or legal advisors.

 

Data Security

 

We have put in place measures to protect the security of your information in accordance with our NSI accreditation body; details of these measures include, restriction to servers, office storage cabinets, electronic security systems, monitored and Policed intruder alarm system out of hours. Other details are available upon request. Our third-party service providers, training providers and other entities will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.

 

We have put in place appropriate security measures to prevent your personal information from being accidentally lost , used or accessed in an unauthorised way, altered or disclosed, in addition, we limit access to your personal information provided.

 

We will not process or issue your personal data for marketing purposes.

Data Retention

We will only use your personal information for as long as necessary to fulfil the purposes that we collected it for, including for the purposes of satisfying any training, accounting, legal or reporting requirements.

 

Right of access correction, erasure and restriction

It is important that the information we hold about you is accurate and current. Please keep Midlands Electrical Fire & Security Ltd, informed if your information changes during your working relationship with us.

We want to make sure that your information is accurate and up-to-date and will delete or amend any information that you think is inaccurate. By sending Midlands Electrical Fire & Security Ltd an e-mail or viewing our website we will accept this as consent to hold your personal data on our database. Should you wish to delete your account or change your communication preferences, please email the team at info@midlandsefs.co.uk to update or opt out?

Under the limited circumstances where you have provided you consent to data collection, processing and transfer for example “Under contract” and the contract terminates, you have a right to withdraw consent for the specific data processing. To withdraw consent on this basis, please contact either data protection officer at info@midlandsefs.co.uk

Once we have received notification that you have withdrawn your consent, we will no longer process your personal information (data) for the purposes of which you originally agreed to, unless we have another legitimate interest for doing so in accordance with current GDPR.

 

Review and changes to this privacy policy          

We reserve the right update this privacy notice at any time. We will provide you with a new privacy notice when we make any substantial changes and send this via email in the future.