1.1 In this policy, “we”, “us”, “our” refer to Gate Systems and “you” and “your” refer to our customers.
1.2 We are committed to protect the private data we receive and store from you and respect your rights under the General Data Protection Regulation.
1.3 This policy applies when we receive your data and we are acting as “data controller” and when we process it and we are acting as “data processor”.
1.4 For more information about us and how you can contact us, please see Section 11.
2. Origin of our data
2.1 We only collect information directly from our customers (you) for schedule and financial purposes, before a job (when the customer gets in contact with us), or at the end of a job, when details such as name and address are requested to create a VAT invoice.
3. Categories of personal information
3.1 Personal information that we may collect, and process includes:
3.2 Contact Information that allows us to communicate with you, such as your name, job title, age and prefix, username, mailing address, telephone numbers, email address or other addresses that allow us to send you messages, company information and registration information you provide on our website.
3.3 Relationship Information that helps us do business with you, such as the types of products and services that may interest you, contact and product preferences, languages, creditworthiness, marketing preferences and demographic data.
3.4 Transactional information about how you interact with us, including purchases, enquiries, customer account information, order and contract information, delivery details, billing and financial data, details for taxes, transaction and correspondence history and information about how you use and interact with our websites.
3.5 Security and Compliance Information that helps us to secure our interests, including information for conflict checks, fraud prevention and internal verification, as well as information necessary for the security of our premises, such as visual recordings.
3.6 Our products may collect system and event information relating to their setup, configuration and operation, as well as information collected by our products in their ordinary course of operation. This information may include sensor data, equipment data, data regarding building spaces, energy usage data, fault data, event data, environmental data, and other internal or external data as well as product usage information and product performance data. In some circumstances, this information may be Personal Data. In the case of video or security products, the information may also include video and audio signals and data. The nature and extent of the information collected by our products will vary based on the type and function of the product and the type of services for which they are used, subject to applicable laws.
4.Processing your data
4.1 In this section we explain how we use your personal data.
4.2 Your data will be used as correspondence data, we may contact you by e-mailing or calling to give you updates on the service required or to send you a written quote. The legal basis of processing the correspondence data is the legitimate interest to perform a service, requested by you from us.
4.3 Your data will be used as transaction data and it may be used for financial records such as VAT invoices and it will be kept for 6 years. The legal basis of this processing is the “legal obligation” to which we are subject.
5.Sharing your details
5.1 We do not share your private data with any other third party.
6. Storing your data
6.1 This section explains how we store your private data and for how long.
6.2 Your private data may be printed and secured in our lockable filing cabinets. The cabinets are placed in our registered offices, see section 11 which are secured by high level security, CCTV and a monitored alarm system. We will retain your personal information for as long as necessary to achieve the purpose for which it was collected, usually for the duration of any contractual relationship and for any period thereafter as legally required or permitted by applicable law.
6.3 Your private data may be stored electronically on our servers that are based in the UK. Our computers are protected by password and anti-virus program, and they can only be accessed by our staff members.
7. Deleting your data
7.1 This section explains how we delete/destroy your data once it is no longer needed. For more details about the length of time we store your data please see Section 4 (4.3) and 6 (6.2).
7.2 Once your private data is no longer relevant/needed, we will permanently delete the electronic files.
7.3 Once your private data is no longer relevant/needed, we will hire a secure document shredding company, that complies to the GDPR, to destroy the documents.
8. Data breaches
8.1 We have standard procedures to protect your details against data breaches such as passwords for electronic files, that are periodically changed (every 3 months), alarms and secure filing cabinets for physical documents. For more details on how we securely store your documents please see section 6.
8.2 We back-up your data by creating an electronic copy of each document that is securely stored on our server based in the UK, that is protected by password and anti-virus program.
8.3 We understand the legal requirement to report a data breach to ICO (Information Commissioner’s Office) in maximum 72hr hours from the event. We also commit to inform every person that has been affected by the data breach.
9.1 We may update this policy in order to improve our data management.
9.2 We will notify you of any significant changes to this policy.
10. Your rights (GDPR rights of the natural person)
10.1 This section explains the rights, you have, as a data subject, in relation to your personal information.
10.2 To be informed about how, why and on what basis that information is processed.
10.3 To obtain confirmation that your information is being processed and to obtain access to it and certain other information, by making a subject access request— your request will be answered in maximum 7 days.
10.4 To have data corrected if it is inaccurate or incomplete.
10.5 To have data erased if it is no longer necessary for the purpose for which it was originally collected/processed, or if there are no overriding legitimate grounds for the processing (the right to be forgotten).
10.6 To restrict the processing of personal information where the accuracy of the information is contested, or the processing is unlawful (but you do not want the data to be erased), or where the employer no longer needs the personal information, but you require the data to establish, exercise or defend a legal claim. 10.7 To restrict the processing of personal information temporarily where you do not think it is accurate (and the employer is verifying whether it is accurate), or where you have objected to the processing (and the employer is considering whether the organisation’s legitimate grounds override your interests).
10.8 If you wish to exercise any of the rights in paragraphs, please contact the data protection officer Karl Parker on 0333 567 8247 or at email@example.com
11.1 We are registered in the UK under registration number 11104529 and our registered office is at Unit 6 Willowbrook Tech Park, Llandogo Road, Cardiff, CF3 0EF.
11.2 You can contact us:
a) by post to the address of our registered offices
b) by e-mail to firstname.lastname@example.org
c) by telephone Tel: 0333 567 8247