GDPR Policy
General Data Protection Regulation Policy
Issue Date: 09 July 2018
Introduction
1. The GDPR [General Data Protection Regulation – Regulation (EU) 2016/679] came into force on 25 May 2018. This means that all organisations must be fully compliant with all the provisions of the new legislation by this date. Organisations failing to comply with the regulations contained therein will be liable to prosecution under UK law. Please note that, ‘Many of the GDPR’s main concepts and principles are much the same as those in the current Data Protection Act 1998; however, there are some new elements and significant enhancements.’ To this end Southern Lightning Engineers Limited plans to enact such measures as to ensure that it is fully compliant with GDPR.sed.
2. The aim of this document is to provide background information for the methodology used.
3. Background Information
The document covers subject areas which are based upon the guidance provided by the ICO in their advice document entitled; Preparing for the General Data Protection Regulation (GDPR): 12 Steps To Take Now.
4. Summary
GDPR ismerely an augmentation of the existing principles and proceduresrequired by law under the Data Protection Act 1998 and so compliance should not be too burdensome either for the individual or the company as a whole.
5. This policy applies to all the information collected no matter the source including:
a. Our website; &,
b. Post, e-mails, telephone calls, text messages, and interactive social media,
6. Our policy ensures your rights under law to how we process your data in particular:
a. How we collect it and why;
b. How we process it;
c. What we do with it;
d. What we don’t do with it;
d. How we secure it; &,
e. Your right – along with the procedure for doing so – todiscover what information we hold and how to remove it should you wish to do so.
7. In the policy the use of terms such as ‘we’, ‘us’ or, ‘our’ refer to Southern Lightning Engineers Limited as Data Controller.
8. Data Retention Periods
Data will only be held for so long as is reasonable to ensure the day to day running of our Southern Lightning Engineers Limited which are:
a. Name, address, contact details, emails addresses, phone numbers,
b. All other data will only be retained for so long as is reasonably necessary for the day to day running of Southern Lightning Engineers Limited.
9. Lawful Basis for Data Processing
Our lawful bases for collecting and processing data are:
a. Vital interests;
b. Legitimate Interests; &,
c. Legal Obligation.
10. Data Retention and Removal
All data will be securely kept and disposed of in a responsible industry accredited manner.
11. Sharing of Information
Southern Lightning Engineers Limited will not share information about you with third parties without your consent unless we are legally obliged to do so, i.e. by a law enforcement agency, legitimately.
12. How Do We Use Your Data
Southern Lightning Engineers Limited only use the Data and information in communication with you such as:
a. Ordering
b. Accounts
c. Emails
13. Type of Information
Southern Lightning Engineers Limited will only ever collect the information that we need to facilitate the running of Southern Lightning Engineers Limited as listed in the provisions of our lawful basis for collecting data in 10 above.
14. Complaints
Please be advised that you have the right to complain to the Information Commissioner’s Office should you consider that there is a problem with the way that we have or are handling your data.
To do this you can:
a. Phonethe ICO Help Line on 0303 123 1113; or,
c. Email the ICO through the portal at https://ico.org.uk/global/contact-us/email/.
Please be advised that in accordance with GDPR you are accorded the following rights:
b. The right of access;
c. The right to rectification;
d. The right to erasure;
e. The right to restrict processing;
f. The right to data portability;
g. The right to object; and,
h. The right not to be subject to automated decision-making including profiling.
16. Subject Access Requests
Should you wish to exercise your rights as listed above please apply in writing to Southern Lightning Engineers Limited, The Old Garage, 22 West Street, Harrietsham, Kent, ME17 1HX or email Russell Crittenden, russ@southernlightning.co.uk . We will reply in a similar manner within one month from the date of receipt. Please be advised that we are legally permitted to refuse or charge for requests that are manifestly unfounded or excessive. You should also know that we are bound to explain why the request was refused and that you have the right to complain to the supervisory authority [ICO] and a subsequent judicial remedy.
17. Storing your information
Your information will stored by us on computers or in paper files located within the UK. Please note:
a. All information held by us is securely stored;
b. We have security measures in place to protect against: misuse, loss, theft and improper alterations;
c. We will not transfer data inside or outside the European Union;
d. Only authorised persons have access to data stored by us;
e. Please note that the online transmission of data is not completely secure but that we will make every effort to prevent loss, theft, misuse or improper alteration of our data.
f. We will only keep information for so long as is necessary to facilitate the day to running of Southern Lightning Engineers Limited or as is required by legislation; &,
g. We will dispose of data in a secure manner.
18. Cookie Policy
Cookies are a digital reminder which is placed on the user’s computer whenever a web site is viewed. Cookies are used by the web site to identify a previous user and to track the user’s usage of the website. We do not currently use cookies; however, we reserve the right to use them in future in which case the user will be notified of their prescience and afforded the opportunity to prevent the cookie being placed on their computer should they so wish.
19. Summary
Southern Lightning Engineers Limited are fully compliant with the Data Protection Act 1998 and GDPR. Should you wish to learn more about how we use your personal information or to find out what we hold on your organisation or to find out more about how we use your personal data or personal information please contact us on the contact details in 17 above.