New rules have come into force regarding the protection of personal information. The new rules (General Data Protection Regulations) apply across the European Community and set out what must be done where the personal information of any individual is collected, stored or processed.
Personal information is any information or data which is stored and/or used where that information or data can be used to personally identify an individual.
We (Circom Limited/Circom Fibres Ltd/Speedy Clear Ltd “the Company”) are classed as a “data controller”, and we may hold and use information about you in order to operate our business properly and lawfully, and to enable us to communicate with you in any matters relating to the goods or services we supply or buy. The details below set out what information we collect, why and how we use that information, and your rights with regard to that information.
What Data Do We Hold?
We hold a basic amount of information about any identifiable individual. The information we hold is:
- Telephone (mobile and/or work number(s))
- Email address(es)
- Address of work location(s)
Why Do We Hold Information About You?
We hold the necessary information in order to:
- Communicate with you regarding any goods or services we buy or sell
- Communicate with you in order to follow up on meetings or communications we have had
How Do We Use Your Information?
We use your information only for the following purposes to:
- Communicate with you (by phone, email, post or instant messaging)
We do not supply information to anyone outside the company who is either (1) not legally entitled to it or (2) not involved in helping or working with us to with regard to the proper operation of the Company without your permission.
How Do We Protect Your Information?
We store your information either electronically in mainstream, cloud-based storage systems or in physical, paper format.
How Do We Ensure Personal Information Is Kept Protected?
Each electronic system has access restricted to those in the company who have a need to know (i.e. to carry out their role properly). Each storage system is encrypted to the highest industry standard and this is verified before we start using those systems. Each electronic system’s security is reviewed periodically, no less than annually to verify that they adhere to the required level of security.
All Company computers are protected with mainstream, firewall and anti-virus protection to prevent individual machines from being accessed by unauthorised persons.
Where possible, we scan and store paper-based information as electronic files in one of the above systems. Exceptions include original signed licenses, certificates, transfer or consignment notes, and health and safety records, each of which is held in locked cabinets or displayed (if designed for display) at our place of work.
Paper-based records that are no longer needed are stored in designated storage containers for secure shredding by a vetted data destruction company.
What processes do we operate for Data Protection?
Data protection is being included in the Company quality management system. This is work in progress.
Our policy regarding protection of data is to:
- Store personal, private data in universally trusted, encrypted cloud hosting environments.
- Store hard copies of personally identifiable information only in locked cabinets, but with a view to scanning and storing such information electronically and destroying hard copies.
- Restrict access to cloud storage to only those in the Company with a specific requirement to carry out a necessary task involving that information (e.g. customer service or finance).
- Keep our storage and access to information under regular review.
- Ensure any third party (namely the Company’s accountants) also use secure storage systems to at least the same standard as our own.
- To record any data breaches we become aware of and act to correct any breaches or deficiencies and report any breaches to the Information Commissioners Office accordingly.
- Notify you of any changes or other updates to our information storage and/or use.
Do We Share Any Personal Information outside the Company?
In short, no.
If we have a need or wish to pass on your contact details to a relevant interested party, we will only do so with your prior consent.
We may be required to supply relevant information by any authority that is lawfully empowered to require such information.
Can You Access Your Data?
You have a right to request from us what data we hold about you, and we have a duty to provide this to you within a reasonable timescale.
Right To Correct Personal Information
If you find any of your information we hold is incorrect, you have a right to request any corrections are made by us.
Consent to Hold and Use Personal Information
Under the new GDPR rules, you must give your consent for us to be able to collect, store or process your information. This consent may be as follows:
- Where we have a “vital interest” (as defined by the Information Commissioner), e.g. a contract or similar agreement exists between us for the purchase or supply of goods or services, we assume by you wanting to engage with us is such a way, that you consent to us holding and using necessary personal information as described above (and for a reasonable period after an agreement has ended), unless you tell us otherwise.
- Where we collect, hold and process personal information for general marketing or other communications, you have the right to ask us what personal information we hold and to correct or delete that information, and we will act accordingly on your instruction.