Introduction
Whenever PES Southern need to obtain information about our customers, all necessary steps are taken to ensure that data is used only for the purpose clearly stated. This policy details what personal information is stored, how we use it and why we need it, and is produced in accordance with the General Data Protection Regulations (GDPR) 2018.
What data do we store?
Personal details
- Name and company
- Company address
- Payment method and company payment details
- Work telephone/ mobile number
- Work email address
Why does PES Southern need to collect your personal information?
PES Southern needs to collect information about yourself and your company account. The legal bases for collecting this data are our legitimate interest, namely:
- The proper administration and management of your security systems
- To deliver products and services to you
- To improve our service to our customers
How long does PES Southern retain your data?
There are strict laws in the uk which determine for how long we may hold personal data about you. These now include guidelines on data protection and privacy.
Upon termination of your contract/ dealings with us your account information, contact information and records are stored securely for 7 years and then deleted or securely destroyed. We keep this information so that we can confirm the relationship existed – and that it has ended – as well as some of its details should any previous customers either require them for future queries or complaints.
How do we expunge your data?
- Electronic data is being deleted from our hard drives and our servers
- Physical records will be shredded on site and then securely sealed in a confidential waste bag and collected by our paper recycling company
- PES Southern will erase, destroy and remove all/ or any data held on file unless we are required to retain the data for purpose of legal requirements
What data do we share and why?
We need information so that we can confirm your identity and process your order when you first sign up for our service. We may also use your personal data for
- Regulatory compliance
- We may need to share your personal details with a public authority or law enforcement agency if requested. We may also share your data to comply with UK law/ regulations, or for possible legal proceedings.
- We may need to share your information if you give us personal information that is wrong or it is discovered that you’re responsible for fraud. In these circumstances we might share your information with third parties
The legal bases for sharing this data are our legitimate interests, namely:
- The proper administration and management of your business account
- To suggest and deliver products and services relevant to you
- To improve our service to our customers
Special notes on data storage for security keys
We currently hold details on company/ personal property access security codes of security keys these details are held purely for your convenience, under 3 separate systems, i.e. your key code does not compute to your key number which in turn does not compute to your address
No Alarm codes are retained
No access cards are retained
Data Breaches
- PES Southern has standard procedures to protect your details against data breaches such as passwords for electronic files, that are periodically changed (every 3 months), alarms and locked filing cabinets for physical documents.
- We back-up your data by creating an electronic copy of each document that is securely stored on our server based in the UK, that is protected by password and anti-virus program
- PES Southern understands the legal requirement to report a data breach to the IOC (information commissioner’s office) in a maximum of 72 hours from the event. We also commit to inform every person that has been affected by the data breach.
Amendments
- We may update this policy in order to improve our data management
- We will notify you of any significant changes to this policy by email.
Your rights (GDPR rights of the natural person)
This section explains the rights, you have, as a data subject, in relation to your personal information
- To be informed about how, why and on what basis that information is processed.
- To obtain confirmation that your information is being processed and to obtain access to it and certain other information, by making a subject access request – your request will be answered in a maximum 7 working days
- To have data corrected if it is inaccurate or incomplete
- To have data erased if it no longer necessary for the purpose for which it was originally collected/ processed, or if there are no overriding legitimate grounds for the processing (the right to be forgotten)
- To restrict the processing of personal information where the accuracy of the information is contested, or the processing is unlawful (but you do not want the data to be erased), or where the employer no longer needs the personal information, but you require the data to be established, exercise or defend a legal claim
- To restrict the processing of personal information temporarily where you do not think it is accurate (and the employer is verifying weather it is accurate), or where you have objected to the processing (and the employer is considering weather the organisation’s legitimate grounds override your interests)