Data Protection Policy

An easy downloadable, printable version is available here

SCUTES Limited

Unit 8a

Gledrid Industrial Park

WREXHAM

LL14 5DG

 

01691 674074

info@scutes.co.uk

www.scutes.co.uk

 

 

 

 

DATA PROTECTION

POLICY

 

Author: Nicolle Elizabeth Evans

Date: 21st April 2020

 

 

CONTENTS

 

Page 3.           What Is GDPR?

 

Page 4.           How Do We Ensure Your Information Is Safe?

 

Page 6.           Scutes Using A Third Party

 

Page 7.           CCTV

 

Page 8.           Contact Us

 

 

 

 

WHAT IS GDPR?

 

The General Data Protection Regulation (GDPR) comes into effect on the 25th May 2018 and in the UK will replace the previous Data Protection Act (1998). It describes how organisations must collect, handle, and store personal data[1].

 

  1. a) processed lawfully, fairly and in a transparent manner in relation to individuals;

 

  1. b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;

 

  1. c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

 

  1. d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;

 

  1. e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and

 

  1. f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

 

It also states[2]:

 

“the controller [SCUTES Limited] shall be responsible for, and be able to demonstrate, compliance with the principles.”

 

 

HOW DO WE ENSURE YOUR INFORMATION IS SAFE?

 

Data protection is incredibly important to us to ensure that our customers, employees, and anyone else who deals with us are secure in the knowledge that their information is safe with us. The steps below are how we ensure your information is kept safe:

 

  • All staff, regardless of level of involvement with processing your personal data, are trained according to this policy.

 

  • Any third-party company working on our behalf that needs to deal with your data have been verified by ourselves.

 

  • Any electronic information we have stored is stored on password protected computers that are not shared. These computers are located in our locked premises that is protected by CCTV. The only people who have access to this information are people who require it in order to process orders or enquiries about orders. If this information needs to be uploaded to the cloud it is only uploaded to authorised and checked cloud services.

 

  • Any electronic information we have stored on portable hard drives, or USB discs, are password protected and are kept in a secure office where unauthorised people cannot access.

 

  • There is only one approved company laptop that leaves the company building and no personal data is stored on this.

 

  • All computers are protected by approved security software and internal firewalls.

 

  • Any non-electronic information we have stored is in a secure office within a locked cupboard where unauthorised people cannot access.

 

  • No personal data is left out on desks when not in use.

 

  • Personal data will be held in as few places as possible.

 

  • Data Protection Impact Assessments (DPIA) are completed on all new technologies.

 

  • Our database is password protected and only authorised users can access using their own passwords.

 

  • Business issue phones are protected by encryption software and are password protected. CCTV is available on one business phone.

 

  • We use Transport Layer Security (TLS) & Secure Sockets Layer (SSL) to encrypt and protect emails traffic in line with government standard. If your email service does not support these, you should be aware that any emails we send or receive may not be protected in transit. We also monitor incoming emails, including any attachments, for viruses or malicious software.

 

  • Any bank details that are taken, either on the website, or on the phone, are stored securely and adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers. If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with an AES-256 encryption.

 

 

SCUTES USING A THIRD-PARTY

 

Before transmitting any personal data to a third-party processor, we confirm that they have a data privacy policy and data protection policy in place (that forms part of our contract with them) that complies to GDPR and that they are registered with the ICO.

 

Transferring personal data to other organisations needs to take place with appropriate safeguards and you can be assured that we will only share the personal data that is needed for these organisations to be able to provide the right service to you or support us in doing so.

 

We may transfer your personal data to the following third parties:

 

  • Technology service providers – our partners who provide IT and website services.

 

  • Telephone providers – our partners who provide telephone services and functionality.

 

  • Delivery companies – our couriers, parcel firms and mail firms who deliver your goods or services and manage any returns on our behalf.

 

  • Marketing service providers – our partners who work with us to make sure we send your information about products, services and special offers that are of interest to you.

 

  • Debt collectors, tracing agencies, debt purchasers or organisations providing debt support – our partners who help us to recover debts, who purchase debts or who offer debt advice and support.

 

  • Regulators and other governmental agencies or law enforcement agencies.

 

  • Organisations who may be interested in purchasing our business or organisations who we may be interested in purchasing - we may sell parts of our business or acquire other businesses and your personal data may be shared with such third parties as part of this process.

 

 

CCTV

 

We use “Closed Circuit Television” CCTV to monitor our property for the prevention of crime.

 

The live screens of the four cameras we have around the property are in a secure office and can only be monitored off-site by an authorised user using a business phone.

 

The only time this information is shared is in the event of a crime or work related issue. This information may be shared with staff where work grievances and work time issues need to be dealt with. It may also be handed over to the police until they are finished with it and it is disposed of by them.

 

The CCTV has only one authorised user who is fully trained in its use and security.

 

Recordings are only kept for 30 days before they are automatically overwritten on the system.

 

Our CCTV system uses high quality, clear imagery.

 

CCTV cannot be accessed by anyone other than the authorised user bar the live video showing in the secure office.

 

The ability to view anything beyond the live video within the office has been locked with a password and only the authorised user can use it.

 

The footage is only stored in one place unless the police request footage where it is supplied on a separate USB stick.

 

 

 

 

 

 

 

CONTACT US

If you have any queries about anything in the policy, or anything else, then please feel free to contact us.

 

We are contactable by post, email, or phone.

 

SCUTES Limited

Unit 8a

Gledrid Industrial Park

WREXHAM

LL14 5DG

 

01691 674074

info@scutes.co.uk

www.scutes.co.uk

 

 

[1] Official Journal of the European Union – Page 35-36 – http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN

[2] Official Journal of the European Union – Page 36 –http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN