Protecting Your Personal Data
From the 25th of May 2018, the EU General Data Protection Regulation replaces the Data Protection Act 1998. This gives you new rights in relation to the privacy of your personal information. GDPR, simply put, means that you have more control over how your personal information is used and makes it quicker and easier for you to check and update the information we hold on you.
You can request details on your personal data kept by us at any time. In the case of any request involving one of your rights (described below), we will respond to your request without delay and at most, within one month of receipt of your request. We are permitted to extend this time period by up to two months if your request is a particularly complex one.
Our Legal Basis
DIRECTION FIRE LTD has chosen ‘Contract’ as our legal basis unless otherwise stated. We rely on this basis when processing someone’s personal data so that we can;
- Fulfil our contractual needs to you; or
- Because you have asked us to do something before entering into a contract (e.g. provide you with a quote)
Article 6(1)(b) of the GDPR states that we will have a lawful basis for processing data where:
“processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”.
Information We Collect from You
We use the EU General Data Protection Regulation’s definition of personal data. This is any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such:
- Name or contact details
- Location Data
- Personal Identification Number
- Website, apps or software identifiers
- IP address
How We Store Your Personal Information
We store information on you in a number of ways. We have taken great precautions to keep your information secure.
We use physical, technological and administrative safeguards to protect your personal information. All physical files and computer-based data are stored in a secure location, where use of alarms, locks and encrypted hardware and software are used in order to protect any personal data we hold about you.
How We Use Your Information
The personal data we hold on you will be used in the following ways:
We may disclose your personal information to members of our staff who process your data on our behalf.
In addition, we may share your details to a third party with your prior consent (for example, outsourcing another contractor to help with our contract with you).
We may also share your personal data in order to comply with any legal obligations.
Right To Be Informed
Right of Access
You have a right to access the data we hold about you. Subject Access Requests give you the right to ask us to provide you with this information free of charge. Any Subject Access request can be made verbally or in writing to the Data Controller (Address and information in our contact information below)
Right to Rectification
You are entitled to have any information that we hold about you rectified if it is inaccurate or incomplete.
If you believe that the information we hold about you is inaccurate, incomplete or out of date then please let the Data Controller know, either verbally or in writing. We shall also inform any third parties of the rectification in order that they can update their records too.
We endeavour to rectify any incorrect information about you within one month of your request.
The Right to Erasure
You have the right to request that we delete the personal information we hold about you where we have no compelling or legitimate business reason for its continued processing. We will also inform any third parties of the request in order that they can erase their records too. Erasure request can be sent to the Data Controller.
This right will only apply if:
- The retention of the personal data is no longer necessary for the purpose which we originally collected or processed it for.
- Where you have withdrawn consent.
- Where you object to us processing the data and there is no overriding legitimate interest for us to continue to do so.
- When the data has been unlawfully processed.
- When we have to do it to comply with a legal obligation; or
- We have processed the personal data to offer information society services to a child.
The right will not apply if:
- We are exercising the right of freedom of expression and information;
- We are complying with a legal obligation.
- For archiving data in the public interest, scientific research, historical research or statistical purposes.
- We need the data to exercise or defend any legal claims.
DIRECTION FIRE LTD. will refuse to comply with a request for erasure if it is manifestly unfounded, excessive or repetitive in nature and may request a ‘reasonable fee’ to do so.
The Right to Restrict Processing
You have a right to request that information we hold about you is restricted or suspended. This may be due to exercising one of your other rights, where until your request has been dealt with we will suspend the processing of your data. We will inform any third party we have passed your information on to, to restrict processing your data. Restriction requests can be made verbally or in writing to the data controller. We will respond to your request within one month.
The Right to Data Portability
Information you have provided to us can be supplied to you in a portable format if requested. The format we supply your information will be posted as a printed document or .txt file via email. The right to data portability requests should be sent to our Data Controller. We will respond to your request within one month.
The Right to Object
You have a right to object how we use your personal information. You can make a verbal or written request to our Data Controller who will respond within one month. We may however continue processing your information if we can show we have compelling and legitimate grounds to do so that overrides your reasons. We will inform you of this decision however you maintain the right to make a complaint to the Information Commissioners Office.
Rights in Relation to Automated Decision Making and Profiling
DIRECTION FIRE LTD. do not profile or make automated decisions. If you feel we have done this please contact the Data Controller.
We may also exchange your information with other companies and organisations for the purposes of fraud protection and credit risk reduction. Where false information or fraud is suspected, we may pass this information to fraud prevention and law enforcement agencies.
Retention of Data
We retain your information for as long as we are working together. This enables us to maintain an ongoing relationship with you and allows us to complete the orders that you place with us. We follow a strict data retention schedule; this has been put in place to ensure that we retain the minimum amount of personal data about you.
Any financial data we have on you, in accordance with HMRC will be retained for a maximum of 6 years. This information is kept on a secure and encrypted server that is only accessible by our Data Controller, Directors and Accounts team.
Security measures we put in place to protect your personal information:
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our website and any transmission is at your own risk. Once we have received your personal information it will be handled in accordance with this document.
Links to other websites:
Our website may contain links to other websites run by other organisations. This policy does not apply to those other websites so we encourage you to read their privacy statements. We cannot be responsible for the privacy policies and practices of other websites even if you access them using links that we provide. In addition, if you linked to our website from a third-party website we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party website and recommend that you check the policy of that third-party website.
If you make an enquiry about our services or products or enter into a contract with us for services or products, we may from time to time send you updates on our services or products or let you know about promotional offers.
From time to time we may also contact you about events that are being held
Where you are an individual (rather than an officer or employee of a company or corporate body), and where you have not entered into a contract with us for our services, we will only send you unsolicited marketing material by email if you have consented for us to do so on the website contact form or walk-in enquiry form.
You have the right to opt-out, should you require to do this please see the section below “How do I Opt-Out of various activities?”.
Use of Our Services by Children
Our company and our website is not intended for the use of children under the age of 16. We ask that children do not provide us with any of their personal information via email, post, telephone, social media pages or website. If we become aware that we have collected personal information from a child under the age of sixteen, then we will delete that data from our records immediately.
We may from time to time advertise our business on Social Media such as Twitter, Facebook, Google+ and Instagram; along with images of works carried out, which could include yours. We do not publish your personal details on these posts. If you contact us via Social Media, we will only use your data for what it is intended, for example; you’ve requested a quote or information on our company. We will only keep your information to follow through with the request.
Direct Marketing Communications
How Do I Opt-Out of Various Activities?
If you do not wish to receive certain types of communication, just let us know.
When you start to use/be part of the services provided by DIRECTION FIRE LTD., you will be given the opportunity to opt out of certain communications.
Any communication you subsequently receive from us will always include a clear, simple method to ‘opt-out’ of future communications.
DIRECTION FIRE LTD. will always respect our clients wish to remain anonymous however we will still need to process some of your data.
Finding Out About Your Rights
You can find out more about your rights here https://ico.org.uk
Changes to Our Policy
The Data Controller
Unit 5, First Quarter,
This policy was last updated on 26th November 2020