1.1. We take the protection of your data seriously, treat it as we would our own, & respect your privacy.
1.3. As a necessary part of our business we require information (such as name/address/email) from customers, employees, third parties (such as suppliers/contractors etc), in order to provide our services. This notice is in place to provide you with a guidance as to what we do with your information, and your rights with regards to it, under The General Data Protection Regulation (GDPR).
1.4. We may update this Policy from time to time, so advise you to check it as you feel necessary.
2. Company Data/Privacy Protection Contact
2.1. Our contact details for any queries regarding Data/Privacy is our Data Controller, Daniel Meara. - Telephone 01702 741789 or 07968 943447, email firstname.lastname@example.org, or in writing by post to 208 Shoebury Road, Southend on Sea, Essex. SS1 3RQ.
2.2. You have a right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. This can be made at their website (www.ico.org.uk).
3. The Data We Collect About You
3.1. The data we collect about you, is limited to what is necessary to provide our services to you. The data will be held for as long as is necessary for us to provide the level of service you would expect from us. For example, we will hold details in order to have a record of services carried out by us, for future reference, and in the instance that you should contact us regarding it. An example of this would be a customer contacting us for a yearly service (maintenance) of a boiler installed by us previously.
3.2. For customers this data collected will normally be limited to name, address, email (if provided), services requested by you (a diary entry for a call and/or a quotation), and services carried out by us (a completion invoice). This data will be in the form of being written in a work schedule diary, written quotations & estimates, and invoices for works carried out. All can be in both hard copy paper form or digital copy of the same.
Employees/Suppliers/Sub Contractors Etc
3.3. For employees, suppliers, sub contractors etc, this data collected will also include details required for us to meet our legal obligations such as to deduct & pay tax etc, - and therefore will also include other data, such as financial data etc. We will only process & hold this data for as long as necessary to fulfil our legal obligations to the owners of the data, and authorities, such as HMRC etc.
4. Access/Rights To Your Data
You have the following rights/access to your data under GDPR:
4.1. The right to request access to the personal data that we hold about you.
4.2. The right to request rectification of the personal data we hold about you.
4.3. The right to request erasure of the personal data we hold about you.
4.4. The right to request restriction of processing of data about you.
4.5. The right to object to processing of data about you.
4.6. The right to data portability.
5. How Long Do We Hold Your Data
5.1. We will hold your data for as long as is necessary for us to fulfil our service to you, or until you exercise one of your rights to the data as detailed above. Our policy is to hold your data after completion of a contract (for example a boiler installation), by means of a paper copy of quotation/costing/invoice/Building Regulation Notification etc, so that we have a record of the installation particulars, and in order that we can continue to provide the after sale level of service you would expect from us (details for servicing requirements etc). You can request that we erase your data at any time as detailed above, should you wish.
6. Data Security
6.1. Your data will be kept as securely as possible. Hard copy paper work are kept in locked filing in our office, unless current & being worked on, & which requires removal from the office to allow us to provide our services as part of our business. Any digital copies of the same are kept on secure devices. In addition, access to your personal data is limited to those employees, sub contractors, suppliers, and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality and/or their own Company Data/Privacy Policies & GDPR. Where applicable they will delete your data when there is no longer a need for them to have it in order for us to fulfil our service to you.
6.2. Any suspected breach of personal data will result in us notifying you and the applicable regulator.
7. Third Parties and Your Data
7.1. We will only ever use your data for the purpose of providing the services you have requested (or in circumstances where we are otherwise legally obliged to). We will never sell your data, or share your data unnecessarily. We will only share your data with third parties that require your data, in order to fulfil something that is necessary for us/them to provide the service you have requested us to do (or in circumstances where we are otherwise legally obliged to). For example, passing your name & address to a supplier, in order to deliver a component/material that we are supplying to you as part of our service. These third parties are Companies that we trust with our own data, and that we trust will treat your data and ours with the respect that we would treat our own. These Companies have their own Data/Privacy Policies, which you also have a right to access, and are legally obliged to comply with GDPR. If you would like details of any then please ask.
7.2. As outlined above, your data may be passed to our suppliers to fulfil a delivery of component/materials to you on our behalf. Your details could be stored by them by means of a written paper copy invoice, or digital copy invoice. This is usually limited to address only but may include name. On occasion telephone details may also be passed on if requested by yourself.
Boiler/Parts/Material Manufacturers, Building Regulation Authorities Etc
7.3. Your data may be passed to boiler/parts/material manufacturers & Building Regulation Authorities etc, for the purpose of fulfilling a guarantee or registration on your behalf, in order to fulfil our service to you. We will ask your permission to do this & you have the right to request we do not disclose certain parts of your data to them should you wish.
7.4. Your recorded data can be passed to our accountants & subsequently held filed, by way of your information recorded on an invoice. This is to fulfil our duty of keeping records for auditing/taxation purposes. You will have your own copy of this invoice from the time that a service was provided to you. You have a right to request your data be erased, as detailed in the 'Access/Rights To Your Data' section above.
Third Party Websites
7.5. This website includes some third party website links. Clicking on those links may allow third parties to collect or share data about you. We do not control these third party websites and are not responsible for their Data/Privacy Policies. We encourage you to read their Data/Privacy Policies if/when you visit them. These are however Companies with who we trust our own data, & we expect will treat yours and our data as we would our own, and in accordance with GDPR.
8.1. In general we do not carry out marketing. However we would only ever use your data to do so if you ask us to, or if we have received your permission to do so.
Third Party Marketing
8.2. We will only ever provide your data to third parties for marketing if you ask us to, or if we have received your permission to do so.
8.3. You can ask us or third parties to stop sending you marketing messages at any time by contacting our data/privacy contact (detailed above) or the relevant third party. Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us in connection with the provision of our services to you and any other lawful reason why we may process your personal data.