The purpose of this policy is to set out principles and procedures of Air Compressors and Blowers North Ltd with regards to data protection, collection and rights of individuals in respect of their personal data under the EU Regulations regarding General data protection Regulation.
The policy refers to the collection, processing, transfer, storage and disposal of data. The policy and its procedures laid out in this document will therefore be followed by the company, its employees, any agents & contractors or any other party where information is shared. Air Compressors and Blowers is committed to placing high importance on the lawful processing and fair handling of all personal data kept and shared by the company.
Data Protection Principles:
- processed lawfully, fairly and in a transparent manner in relation to individuals;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”
Processing of data:
When Air compressors and Blowers process data we ensure one of the following apply to the data used:
- Consent has been given by the individual to process the data for a specific purpose.
- The data processed is necessary for a contract we hold with the individual or because they have asked us to take specific steps before entering into a contract.
- The processing is necessary to comply with the law (not including contractual obligations).
- It is necessary in order to to protect someone’s life.
- Processing the data is necessary for us to perform a task in the public interest or for official functions, and the task or function has a clear basis in law.
- The processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
Data that falls into a special category:
For example; race; ethnic origin; politics; religion; trade union membership; genetics; biometrics (where used for ID purposes); Separate consent will be sought for this data as it may not fall under the initial lawful processing reasoning behind its use.
Data that is collected:
The data collected will be dependant on whether an enquiry is made to us or whether you buy products and use services from us. Some of the information we may collect could include:
names, home addresses, photos, email addresses, bank details, posts on social networking websites, medical information, or a computer’s IP address
How we use the data:
Personal data will be collected and used to carry out a purchase or sale, this data will be held for any later correspondence needed with payments & delivery information. It is also used in the operation of the business for financial reasons or other internal exercises. After market will also have this information regarding usage of our products and services to enable us to diagnose technical issues and any service work to be carried out.
Where consent is given, marketing communications may be sent to individuals relating to Air Compressors and Blowers North Ltd.’s products and services, including any events or promotions unless the individual has opted out of this.
Rights of Data Subjects:
The GDPR provides the following rights for individuals:
The right to be informed.
As data is collected and processed by Air Compressors and Blowers North Ltd, individuals will be informed of data held and under which lawful purpose. Any information that would be shared with 3rd parties will also be relayed to the individual.
The right of access
Individuals can request information held on them via a formal email/letter. Any requests will be responded to within 1 month.
The right to rectification
Any data that is deemed inaccurate can be rectified by request from individuals via a formal email/letter request. Any requests will be processed within a short timescale. Steps will first be taken to confirm the update is legitimate and accurate before any changes are made to the data we hold.
The right to erasure
Data held on individuals can either verbally or in writing request that their personal data is erased using the “right to be forgotten” Any such requests will be manually documented where verbal communication has been provided. Any such requests will be responded to within 1 month.
The right to restrict processing
Individuals can request that the way in which we use their data is limited. Any requests can be made verbally or in writing and will be responded to within 1 month. If any restriction is placed upon data appropriate methods will be taken to move or make the data unavailable to users.
The right to data portability
Individuals can receive any personal data provided to a controller in a standard format, any individual can request we send this to another data controller.
The right to object
Individuals can object to the processing of their personal data in writing or verbally, we reserve the right to refuse the objection where we do so information will be made available to the individuals, or we will limit the use, erase or otherwise cease to process such data.
Rights in relation to automated decision making and profiling.
Where any profiling and automated decisions are based upon the data we hold we will only carry this out under the lawful processing of data. Any data held on individuals will be confirmed to the individuals.
Accountability & Governance
Air compressors and Blowers takes responsibility for complying with GDPR, appropriate data protection policies are in place throughout the whole organisation. Securing, storing and usage of data falls within the scope set out in the policy. Relaying personal held information to individuals is complied with at all times and consent sought. Any 3rd parties who we share data with adhere to our policy and documentation of all processing activities and is maintained within the organisation.
We may share data with 3rd party organisations such as credit card payments, banking information shipping, deliveries. Where any 3rd party service is used an agreement is set up that requires them to set to implement appropriate technical and organisational measures to protect the individual’s information. Other necessary 3rd party sharing will include information for government purposes.
We may also transfer your data in the event that we sell or transfer a portion of the business or assets.
Retaining personal data will be for as long as is necessary to carry out the purpose of the processing unless a longer period is needed for example for legal reasons – tax, sales law, & warranty. It will be securely held within the organisation and destroyed securely when the data is no longer needed.
Although every effort is made to store and process data securely in the occurrence of a breach within 72 hours a report will be made to the supervisory authority ICO, if necessary due to a high risk to individuals rights and freedom then these individuals will be contacted without delay. All information will be documented correctly.
LIST OF ALL DATA PROCESSED AND HELD WITHIN AIR COMPRESSORS AND BLOWERS NORTH.
|Internal staff personal information; Address, names, PAYE information.
||To enable the company to pay and correspond with individuals based on their employment contract with the company.
|Customer information (business2business); address, email, contact information
||To enable us to liase and invoice with regards to the contract agreed upon at point of sale.
|Customer database information; Name, address, email, contact name, phone number
||Businesses information within target industries to market ACB and gain customer base. Mostly by telephone, but following up with emailed information.
||Consent (not on TPS or CTPS) in first instance.
|Supplier information; Name, address, bank details, contact information
||To enable us to liaise with the supplier, commit to orders and payments.