The company is committed to complying with the General Data Protection Regulation (GDPR).
The company only keeps relevant information about customers to provide them with the service they require. The person responsible for Data Protection is Tom Faulkner.
Our legal basis for processing data is:
Processing is necessary for the performance of our service.
Processing is necessary for the purposes of carrying out works specified by the customer.
Hard copy and computerised data is stored, reviewed and updated securely and confidentially. Data is securely destroyed when no longer required. Confidential information is only seen by personnel who need to see it and the team are trained on our policies and procedures to keep client information confidential.
To facilitate works required, personal information may be shared with a third-party company for the purpose of delivery of materials. In all cases only relevant information is shared. Information is never shared with a third-party without the client's authority.
All confidential information is sent via secure methods. Electronic communications and stored data are encrypted. No sensitive information or comments about client's data are posted on social networking or blogging sites.
Access is strictly controlled and limited to persons who need to have access to information in the course of their work.
What personal information do we need to hold?
We need to hold details such as your name, address and telephone number.
We will need to keep information about the work we have proposed and provided along with its price.
Why do we hold this information?
We keep accurate personal data about clients in order to provide you with a professional service.
Data should only be kept for as long as there is an administrative need to keep it to carry out its business or support functions, or for as long as it is required to demonstrate compliance for audit purposes or for legislative requirements. Legislative requirements include, but are not limited to, compliance with the Freedom of Information Act 2000, the Data Protection Act 2018 and the UK GDPR.
Information about you is stored in APEX VENTILATIONS LTD's computer system and in a secure manual filing system. The information is only accessible to authorised personnel. Your personal information is protected by everyone at APEX VENTILATIONS LTD. All access to information is held securely and can only be accessed by passwords, which are routinely changed. Data is encrypted, and computer terminals are locked if unattended.
Security Measures Include:
Password protection changed regularly
security systems (including CCTV)
Secure cloud-based storage Access
You have a right to access the information that we hold about you and to receive a copy. You can make a request by contacting APEX VENTILATIONS LTD or by emailing firstname.lastname@example.org
You have a right to correct any information that you believe is inaccurate or incomplete. Please contact APEX VENTILATIONS LTD to request a change in information.
You have a right to request that we delete your personal information. Please contact APEX VENTILATIONS to make this request.
You have the right to request us to restrict the processing of your personal information for example, sending you marketing for products or information about our service. Please contact APEX VENTILATIONS LTD to make this request.
You have a right to data portability; this could include supplying your information to another supplier. Please contact APEX VENTILATIONS LTD to make this request.
If you have any concerns about how we use your information and you do not feel able to discuss it with us or anyone at the company, you can contact our Data Protection Officer via email at email@example.com
You can also seek advice from The Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, or start a live chat or call helpline on 0303 123 1113.
When we may need to disclose your information:
• Should a client make a complaint or claim, we may need to provide information about the client, and work they have received to insurers.
Disclosure will take place when relevant at a need-to-know basis. This means only those individuals or organisations that need to know in order to provide a service to you and for the proper administration of Government will be given this information. Only information that the recipient needs to know will be disclosed.