Privacy Notice – May 2018
At Impulse Engineering Limited (hereafter referred to as ‘the company’) we take data protection very seriously and respect your privacy and rights with regards information processing. We are aware that we will be required to process personal data of your company and employees on some occasions. Below is our policy for compliance with the General Data Protection Regulations 2018. Our privacy notice is available on our website.
The company is a specialist electrical engineering contractor. The scope of the company is defined as
‘The design, supply, installation, verification, commissioning and servicing of fire detection, alarm and extinguishing systems, including voice alarm, public address, portable and fixed fire extinguishers. Security systems including intruder detection, access control and CCTV systems. The servicing of low and extra low voltage emergency lighting systems. The design, supply, installation and testing of low voltage electrical circuits and equipment’
The companies head office is located in Bentley, Hampshire. Field engineers and office staff may visit client sites as is necessary to deliver contract works and to ensure information is collated for the purposes of tenders, quotations, contracts and audits.
All staff are required to compete GDPR training and the overall Data Protection Officer will complete and update training annually. Key changes that affect our systems or the way we operate will be implemented and communed to all staff.
Cyber Essentials has been attained by the company and will be kept in place to improve the security procedures of our IT systems. All personal data stored on our IT systems is held securely and released to our Data Processors who require the information, to complete tasks, to fulfil contracts etc. Some hard copy data is also held, this is held under controlled conditions within our offices, processed by trained staff and controlled by processes in our Integrated Management System.
The company ensures they only collect data that is required for the delivery of contracts / orders. This may be at enquiry, quotation, order or approval stage. Our standard forms have been altered to ensure only the required information is requested.
How do we collect data
- Visits to customer premises
- Collating information from photographs, documents and conversations to enable us to prepare a quotation, tender or complete a contract
- Purchase orders
- Third party suppliers
- Information provided on our standard forms from our integrated management system
- Visitors to our offices
- Enquiries through letters, emails and website information and correspondence
- New applicants, employees and former employees – a separate privacy notice is in place
Data sent to the company
Transmitting information through the internet is not secure. The company endeavours to use best practice to ensure your data is secure, but information sent to our systems is at your own risk. Once received by the company systems, we have robust security measures in place to minimise the risk of a data breach.
Please note any data that is sent to us must be lawful and we retain the right to monitor emails sent to us including attachments and links for viruses and malicious software.
What data do we hold
The company will hold only sufficient data required for the purposes of delivering and fulfilling contract or services requested by you, this may include the following
Company details, names, contact details, addresses, building information, system information, customer & supplier supplied documents, credit reference, billing information and email, hard format or website correspondence.
The company does not hold equipment access user codes to any intruder alarm, access control or CCTV systems. Engineering codes will be held to enable us to deliver & complete our contracts. These codes are only released to our staff and agents (approved subcontractors) under specific processes.
What we do with your data
Your data will be used to deliver, complete or provide services requested by yourself.
This information is used exclusively by Impulse Engineering Limited and is only disclosed to third parties either as a contractual requirement, with your consent or if required to do so by lawful or legitimate reasons. Any third party suppliers will have been approved through our integrated management system. Details will be passed to third party certification bodies for the purpose of issuing certification.
No data will be used for the purpose of marketing without your consent. Data may be used to remind you of outstanding quotations for the rectification of faulty equipment on site.
When will we destroy your data
We are required to hold details of our customers for a period of 12 years in some cases. Therefore we have now made this a standard policy. Once a contract is cancelled with us or completes at the end of a contract, your data will be held for a period of 12 years, this may be in electronic or hard formats. The data will be held under the same guidelines as detailed in this policy. After 12 years we will delete any electronic data and shred any hard format data unless you ask us in writing to keep this for longer periods.
You may request information is deleted sooner. This request should be made in writing to the Data Protection Officer by emailing email@example.com
Our monitoring stations (Alarm Receiving Centres - ARCs) and the company will hold personal data for key holder response for monitored alarm systems. Data held within the companies domain will be held under the same guidelines as detailed within this policy. We carry out checks of our ARCs for data protection compliance, however, when you provide your details directly to the ARC, this is done under your instruction and you agree to our supplier holding the information. It is the individuals’ responsibility to only provide details that they accept may be used to contact them and to keep these up to date at all times. Personal details provided to our ARCs is available to our data processors.
Details of staff or representatives that are required to be held by us for booking, key holding or other business purposes are held within the company or its suppliers or customers. We can make no definition on information held on our suppliers software. Therefore it is your companies responsibility to pass this privacy notice to your employees and make them aware of their personal responsibilities. If they do not wish the details to be held and used, the information should not be provided. This is out of our control on some occasions, as details will be passed directly to the sub-contract company.
The company will use the details provided to our ARCs to make contact with your staff or representative.
It is your responsibility to ensure you keep your information up to date with both our offices and on our suppliers and customers systems if you have access. We cannot be held responsible if we have not been notified of current information.
Spam – The company has a firm commitment against unsolicited or 'spam' mail. We will not contact you except in response to a specific request by yourself or unless you have asked to be kept informed of any changes to our products and services.
Cookies – The company website uses Google Analytics visitor analysis, which collects non-identifiable information for statistical purposes only. One or more persistent cookies are stored in connection with this. To remove any cookies Google Analytics has already stored, click here. Session cookies are also used to manage individual visits, but these are discarded upon leaving the site.
Third Parties – The company web site may contains links to http://www.goznet.co.uk who act as our webmaster. They maintain the site and may process our visitor logs. They do not normally have access to any of the information you send us.
The company is not responsible for the privacy practices or the content of the Goznet Systems web site. However, we do have their assurance that any personal / business details they may gather while administering this site will be regarded as strictly confidential and will not be used for any purpose or divulged to others.
Company CCTV and visitors
CCTV is located in and around the premises that the company operate from. The system is installed for the purposes of crime prevention and public and staff safety. The company staff, visitors and passer-by may be recorded on these cameras. Footage is held on the companies own recording systems for a maximum period of 30 days. The footage may be monitored by the company and may be shared with the police force in the event of a criminal activity taking place. Signage is in place at the company offices.
Visitors to the companies offices will be completed under strict guidelines. Access control restricts movement around the building. Visitors are asked to read and sign a short health and safety information sheet. Data collected includes the company name, persons name, signature and date of visit. Visitors forms are stored at the companies main offices, the contents are not disclosed to third parties and are destroyed within 12 months.
You have the right to access the personal data that we hold on you or your company. You may also request any CCTV images that you believe we hold on you that may be constitute as personal data. We only carry out CCTV recording around our offices. To obtain this information you must write to us, directing your request to the Data Protection Officer, either by email firstname.lastname@example.org, or via letter to Impulse Engineering Limited, 7 Bentley Park, Blacknest Road, Bentley, Alton, Hampshire, GU34 4PX. A charge may be applicable to provide CCTV images.
Data Breach and Complaints
We are committed to investigate and report any breaches of personal data within timeframes set out on the regulations. This will be reported to you with elements of rectification to prevent further data breaches. If you suspect a breach or have any reason to complain with regards data protection, you should write to us either by email email@example.com, or via letter to Impulse Engineering Limited, 7 Bentley Park, Blacknest Road, Bentley, Alton, Hampshire, GU34 4PX. This should be addressed to the Data Protection Officer.
By continuing to employ Impulse Engineering and or using our services you give the company permission to process your personal data for the purposes identified in this privacy notice.
Whilst the company has made every effort to provide information with regards personal data, this privacy notice may not be an exhaustive list of the type, processes or retention times of data provided.
The company cannot guarantee and cannot accept responsibility for any errors, misstatements, mistakes or omissions on our website or any other supplied information.