Data Protection Policy – Three SG

 

 

Policy information

Organisation

SSSG Ltd trading as Three SG

Scope of policy

THREE SG is committed to protecting your personal information and respecting your privacy and rights when it comes to information processing. THREE SG is committed to maintaining compliance with current data protection legislation, any future legislation that comes into force as and when required, and to maintain transparency about how it processes personal data. THREE SG processes the personal data of both its own employees and its business contacts and works to ensure this data is kept secure and the risk of data breach is reduced to a minimum.

 

Policy operational date

25th May 2018

 

Policy prepared by

Barry Sinclair

Date approved by Board/ Management Committee

18th May 2018

Policy review date

18th May 2021

 

 

Introduction

Purpose of policy

Three SG’s reason for the policy:

This informs you how and why THREE SG collects your personal information, how THREE SG processes your personal information, who has access to your personal information, and details your rights as an individual to control how your personal information is processed.

By continuing to use THREE SG’s services you give THREE SG permission to process your personal data for the purposes identified as set out within this policy.

Types of data

Three SG will collect data relating to:

·   Name of client/company/employee

·   Address details of client/company/employee

·   Phone numbers of client/company/employee

·   Email address of client/company/employee

·   Key holder information of client/company/employee

·   Passwords for key holder information of client/company/employee

·   Job applicants information

 

Policy statement

Three SG are committed to:

·         comply with both the law and good practice

·         respect individuals’ rights

·         be open and honest with individuals whose data is held

·         provide training and support for staff who handle personal data, so that they can act            confidently.

·         Notify the Information Commissioner voluntarily, even if this is not required

·         Inform the ICO of any breach within 72hours of discovery

·         The right of access to your information.

·         The right to erasure to erase data held.

·         The right to restrict processing of data when not required.

 

 

 

Use of information

How THREE SG uses your information

Where THREE SG collects personal data (for example your name, postal address or e-mail address) this information is used exclusively by THREE SG for providing the services you have requested or which are detailed within your service contract.

 


Responsibilities

The Board / Company Directors

Three SG Barry Sinclair and Sophie Campbell Sinclair

Data Protection Officer

Barry Sinclair’s responsibilities include:

·         Briefing the Board on Data Protection responsibilities

·         Reviewing Data Protection and related policies

·         Advising other staff on tricky Data Protection issues

·         Ensuring that Data Protection induction and training takes place

·         Notification to the ICO

·         Handling subject access requests

·         Approving unusual or controversial disclosures of personal data

·         Approving contracts with Data Processors

 

Employees &

Data Processors

All staff are required to read, understand and accept any policies and procedures that relate to the personal data they may handle in the course of their work.

 

 

 

 

CCTV Recording on site

CCTV system

THREE SG has CCTV cameras installed around their premises for the purposes of crime prevention and public safety. THREE SG staff, visitors to THREE SG or passersby may be recorded on these cameras. The footage is stored by THREE SG for a limited time before it is overwritten. THREE SG may monitor the footage in the event of an incident. THREE SG will only ever share the footage with the local Police force in the event of a criminal investigation. The contact number for CCTV enquiries is stated on signage around the building.

Visitors to THREE SG are asked to sign in using the Visitors Book in the Reception area. Information requested includes name, company and vehicle registration. In the unlikely event of a fire, this information is used to perform a roll call and ensure all visitors have evacuated the building. This information remains at THREE SG office and is not shared with any other party.

 

 

 

Right of Access

Customer rights of access

Under the General Data Protection Regulation (GDPR) and the Data Protection Act 1998 (DPA) you have rights as an individual providing personal data:

  • You have the right to know exactly how your personal data will be processed. THREE SG commits to processing your data fairly, lawfully and transparently, details of which are set out in this policy.
  • You have the right to request access to the personal data that THREE SG holds about you.
  • You have the right to request changes to the data held about you if the data is incorrect or requires additional information.
  • You have the right to request erasure of your data or the right to be forgotten completely, where there is no legitimate reason for your data to continue to be processed.
  • You have the right to request that processing of your data is restricted so that the data remains stored but is not further processed by THREE SG.
  • You have the right to request a copy of your data in a portable format.
  • You have the right to object to your data being processed, if the processing is for a legitimate interest without compelling grounds, or for direct marketing.

Please notify THREE SG of any request to change how your personal data is processed or to update your records by telephone, email or post

Subject Access Requests

If you wish to make a free Subject Access Request to access a copy of the personal data THREE SG stores about you, or understand how it is processed and why, please follow the instructions below:

  1. Contact THREE SG Office.
  2. Include details of your request – which information about you do you wish to have access to?
  3. Provide sufficient evidence about yourself for THREE SG to verify your identity. (THREE SG may have to contact you otherwise.)

 

 

 

THREE SG will deal with your request without undue delay, within 1 month of the receipt of your request. THREE SG will notify you if it is unable to provide the information within 1 month, detailing the likely timescale. If THREE SG is unable to grant you access to your data for a specific reason you will be notified immediately.

In certain circumstances, such as where a large amount of data is requested which may require extra time or resource to gather and collate the data, THREE SG reserves the right to charge a fee to account for this activity.

 

 

 

 

 

WEBSITE

Visitors

You can visit the THREE SG website without revealing who you are or giving any information about yourself, except where you voluntarily choose to give THREE SG your personal details via e-mail or by enquiring about any of THREE SG’s services.

 

Email and contact details

People who email THREE SG

THREE SG may monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.

People who contact THREE SG via Facebook

You can contact THREE SG via Facebook if you wish to enquire about THREE SG services or wish to comment on THREE SG services. These communications are managed by Barry Sinclair and are only ever shared internally at THREE SG, either for the purpose of providing you with the information you have requested.

Enquiries

THREE SG receives enquiries through the website and by telephone, post and email. Enquiries will typically require the person to enter some form of contact details to allow THREE SG to follow them up.

For general enquiries, a record of the enquiry is retained by THREE SG until the enquiry has been dealt with and no further follow up is needed.

If we receive an enquiry and the customer does not wish to proceed, the details are held on THREE SG’s internal system for 24 months before deleting.

This policy does not cover the links within this site to other websites, or the content of those sites. THREE SG encourages you to read the policy statements on the other websites you visit.

 

 

COMMUNICATIONS

Three SG may contact you from time to time regarding servicing, invoices and general correspondence with regards to the system installed. At anytime you can opt out using our contacts page, email, telephone or post.

 

 


Security Screening

Screening Information

Successful applicants to THREE SG are required to complete a security screening check before commencing employment with THREE SG. This process is outsourced to the National Security Screening Agency Ltd (NSSA), a THREE SG approved screening company. The NSSA collect personal data for the purpose of carrying out background screening on behalf of THREE SG employees. Successful applicants are asked to complete an NSSA security screening application form provided by the THREE SG. Applicants are asked to provide their current passport or a birth certificate, a driving license and a utility bill or bank statement with their current home address stated. These forms are checked and counter signed by the THREE SG and then forwarded to the NSSA. The NSSA will ask the applicant about their previous work experience, education, referee details, and for answers to the questions relevant to the role they have applied for. The NSSA will share the applicant’s name, date of birth and address history with third parties (the Criminal Disclosure and Barring Service and Equifax) where it is necessary to fulfill their contractual obligations to the applicant and to THREE SG, and where obliged to do so by law.

Once the preliminary screening is successful, the applicant can then commence their employment with THREE SG. The THREE SG compiles a separate file relating to their employment containing the documentation listed above. The information contained in this is kept in a secure location and is password protected by the THREE SG and only used for purposes directly relevant to that person’s employment.

 

Information Retention

If the employment is terminated or an employee resigns, THREE SG retains both the security screening and HR file for each individual file for 7 years before destruction. THREE SG will inform any third parties processing the data to remove it subject to data protection requirements.

 

 

Key holding Information

CUSTODIAN MONITORING SERVICES

Three SG will collect for key holding services:

  • Name, address, telephone and passwords.

This is for the identification of end users and to inform clients of alarm conditions and events relating to the system under contract.

 

Information Retention

This information will be held for the length of the contract and deleted/erased 24 months after cancellation.

For information regarding Custodian data policy please go to their website www.custodianmonitoring.com

 

 

 

 


Three SG Data Policy.pdf

Three SG Data Protection Policy