Effective from 25/05/2018
1.1 In this policy, “we”, “us”, “our” refer to Gloucester Locksmiths and “you” and “your” refer to our customers.
1.2 We are committed to protect the private data we receive and store from you and respect your rights under the General Data Protection Regulation.
1.3 This policy applies when we receive your data and we are acting as “data controller” and when we process it, we are acting as “data processor”.
1.4 For more information about us and how you can contact us, please see Section 10.
2. Origin of our data
2.1 We only collect information directly from our customers (you) for schedule and financial purposes, before a job (when the customer gets in contact with us), or at the end of a job, when details such as name and address are requested to create a VAT invoice.
3. Processing your data
3.1 In this section we explain how we use your personal data.
3.2 Your data will be used as correspondence data (Gloucester Locksmiths may contact you by e-mailing or calling to give you updates on the service required or to send you a written quote). The legal basis of processing the correspondence data is the legitimate interest to perform a service, requested by you from us.
3.3 Your data will be used as transaction data and it may be used for financial records such as VAT invoices and it will be kept for 7 years. The legal basis of this processing are the legal obligations to which Gloucester Locksmiths is subject.
4. Sharing your details
4.1 Only on very specific national contracts we will use sub-contractors purely to achieve early attendance as required. Some of these companies handle our customers’ data on behalf of Gloucester Locksmiths. Before we send data to any third party, we review their approach to information security to make sure that we only rely on companies with good security standards and ensure that we have relevant contractual documentation in place.
4.2 IT Service/Software providers may have remote access to our servers for technical issues, we review their approach to information security to make sure that we only rely on companies with good security standards and ensure that we have relevant contractual documentation in place.
5. Storing your data
5.1 This section explains how we store your private data and for how long.
5.2 Your personal data may be printed and secured by high level security and a monitored alarm system.
5.3 We store our correspondence/schedule data for 7 years for the legitimate purpose of keeping a record of the jobs our company attends.
5.4 Your private data may be stored electronically on our servers that are based in the UK. Our computers are protected by password and anti-virus program, and they can only be accessed by our staff members.
6. Deleting your data
6.1 This section explains how we delete/destroy your data once it is no longer needed. For more details about the length of time we store your data, please see Section 3 (3.3) and 5 (5.3).
6.2 Once your private data is no longer relevant/needed, Gloucester Locksmiths will permanently delete the electronic files.
6.3 Once your private data is no longer relevant/needed, Gloucester Locksmiths will destroy the documents.
7. Data breaches
7.1 Gloucester Locksmiths has standard procedures to protect your details against data breaches such as passwords for electronic files, alarms and secure filing cabinet for physical documents. For more details on how we securely store your documents please see Section 5.
7.2 We back up your data by creating an electronic copy of each document that is securely stored on our server based in the UK, which is protected by password and anti-virus program.
7.3 We back-up your data to an external hard drive which is stored securely in a safe.
7.4 Gloucester Locksmiths understands the legal requirements to report a breach to ICO (Information Commissioner’s Office) in maximum of 72 hours from the event. We also commit to inform every person that has been affected by the data breach.
8.1 We may update this policy in order to improve our data management.
8.2 We will notify you of any significant changes to this policy.
9. Your rights (GDPR rights of the natural person)
9.1 This section explains the rights, you have, as a data subject, in relation to your personal information.
9.2 To be informed about how, why and on what basis that information is processed.
9.3 To obtain confirmation that your information is being processed and to obtain access to it and certain other information, by making subject access request – your request will be answered in maximum 7 days.
9.4 To have data corrected if it is inaccurate or incomplete.
9.5 To have data erased if it is no longer necessary for the purpose for which it was originally collected/processed, or if there are no overriding legitimate grounds for the processing (the right to be forgotten).
9.6 To restrict the processing of personal information where the accuracy of the information is contested, or the processing is unlawful (but you do not want the data to be erased), or where the employer no longer needs the personal information, but you require the data to establish, exercise or defend a legal claim.
9.7 To restrict the processing of personal information temporarily where you do not think it is accurate (and the employer is verifying whether it is accurate), or where you have objected to the processing (and the employer is considering whether the organisation’s legitimate grounds override your interests).
9.8 If you wish to exercise any of the rights above, please contact the data protection officer on Gary@gloslocks.co.uk
10. Gloucester Locksmiths details
10.1 You can contact us:
i) By post Gloucester Locksmiths, Unit 32 Sabre Close, Green Farm Business Park, Quedgeley, Gloucester, GL2 4NZ.
ii) By email to Gary@gloslocks.co.uk
iii) By telephone 01452 306824