GDPR Privacy Policy

West Valley Mobile Security Ltd

Introduction

This document refers to personal data, which is defined as information concerning any living person (a natural person who hereafter will may be called a Data Subject) that is not already in the public domain.

The General Data Protection Regulation (GDPR) seeks to protect and enhance the rights of data subjects. These rights cover the safeguarding of personal data, protection against unlawful processing of personal data and the unrestricted movement of personal data within the EU.

West Valley Mobile Security Ltd Ltd (hereinafter known as the Company) is committed to protecting and respecting your privacy and is pleased to provide the following Privacy Notice for Employees; Applicants; Suppliers; and Clients.

This Policy has been written for compliance with the 2016 General Data Protection Regulation (GDPR) and to explain when and why we collect personal information about people who are employees, or our clients or potential clients, how the Company uses it, the conditions under which we may disclose it to others and how we keep it secure. We are registered with the Information Commissioners Office (ICO) and our Registration No. is:. ZA039176.

We may change this Policy from time to time so please check that you have the current version. If you are using our website, you’re agreeing to be bound by this Policy.

Any questions regarding this Policy and our privacy practices should be sent by email to dataprotectionofficer@westvalley.co.uk

Who are we?

West Valley Mobile Security Ltd is a keyholding and intruder alarm response company with both patrolling and emergency/non-emergency response services. We provide such services to both domestic and commercial clients. We pride ourselves in providing a good cost effective solution for security services.

How do we collect information from you?

We obtain information about our:

  • 1. Employees when they initially apply for positions in the Company and;
  • 2. Clients when they make and initial enquiry for our services and ongoing through the term of the contract services provided.

From our website and callers:

If you ring or contact us via our website contact form us we will collect your name, address and contact number so we can respond to your enquiry.

What type of information is collected from you?

1. Personal Data - Employees/Applicants

West Valley Mobile Security Ltd uses the information from you both on your initial application and on various capture forms throughout your employ/application for the following processes and procedures. By entering into our employment contract or submitting the application (to take steps to enter into a contract) you are agreeing to the processing of your Personal Identifiable Information for the following purposes:-

  • Processing of application to include vetting; references; verification of ID; National Insurance/HMRC verification; DBS/Enhanced DBS as required; SIA license checks as necessary; personnel file (including next of kin); uniform; training; bank details for necessary financial transactions; set up of I.T equipment where required; scheduling holidays; sickness; performance monitoring/review; disclosure of limited information (name and contact details) to clients where necessary.

In respect of all our employees and in addition to background checks they are subject to a lie detector test, specifically in respect of client information, both at application stage and as subsequently determined by the Company.

2. Personal Data - Suppliers/Customers/Customer Enquiries

West Valley Mobile Security Ltd uses information collected from you to provide quotations, assess personal security risks, make telephone contact and to email you in relation to the supply of services both within or without contract. It will be used for contact information, to create invoices, notes of any transactions relating to the agreed service/sale.

With regard to clients the range of data we hold is that which is essential to delivery of the contracted services. In the event of you making initial contact you consent to West Valley Mobile Security Ltd maintaining a marketing dialogue with you until you either opt out (which you can do at any stage), or we decide to desist in promoting our services.

Some personal data may be collected from you from records of our correspondence and phone calls, including but not limited to personally identifying information like email addresses; telephone numbers and physical addresses.

Any information West Valley Mobile Security Ltd holds about you and your business encompasses all the details we hold about you and any sales transactions or sales/service enquiry or contract agreement, including any third-party information we have obtained about you from public sources and our own suppliers such as credit referencing agencies.

West Valley Mobile Security Ltd will only collect and process information needed so that it can provide you with the services agreed and the company does not sell or broker your services.

In relation to our clients the personal information we collect may well include family members names, address, email address, contact telephone number(s) of our primary client as well as, details about family members and/or key employees, alarm codes and details of any associated alarm receiving centre and security equipment installer. In respect of the majority of our clients we also hold bank details to facilitate regular Direct Debit applications.

Legal basis for processing any personal data

To meet West Valley Mobile Security Ltd Ltd contractual obligations to clients, potential clients, suppliers and employees/potential employees.

Legitimate interests pursued by West Valley Mobile Security Ltd

To promote the marketing and consulting services offered by the Company and/or to market the services offered by the company to existing clients.

Disclosure - How is this information used?

We may use this information to:

  • Process an application for employment (including those required for pre-employment checks current at the time of application) and ongoing through employment for such as pensions, personal taxation and the like;
  • Process enquiries and orders from our clients;
  • To carry out our obligations arising from any contracts entered into;
  • Dealing with system users and keyholders in relation to installed and maintained systems;
  • Seeking views or comments on the services we provide;
  • Live notifications to a mobile device of physical venue checks carried out;
  • Contact regarding de-briefing of any emergency response;
  • Notification of changes to our services;
  • Sending of information which has been requested and that may be of interest. This may include information about terms and conditions, service upgrades and, on occasions, personal security awareness information that we believe will enhance a clients personal safety.

Data Protection Principles

West Valley Mobile Security Ltd Ltd process personal data in accordance with the following principles;

  • Lawfully, fairly and in a transparent manner
  • Collects personal data only for specified, explicit and legitimate purposes
  • Processes personal data only where it is adequate, relevant and limited to what is necessary for the purposes of processing as outlined in this policy
  • Keeps accurate personal data and takes all reasonable steps to ensure that inaccurate personal data is rectified or deleted without delay
  • Keeps personal data only for the period necessary for processing as outlined in this policy
  • Adopts appropriate measures to make sure that personal data is secure and protected against unauthorised or unlawful processing, and accidental loss, destruction or damage

Data Breaches

Should West Valley Mobile Security Ltd discover there has been a breach of personal data that poses a risk to the rights and freedoms of individuals, it will report it to the Information Commissioner within 72 hours of discovery. We will record all data breaches regardless of their effect.

If the breach is likely to result in a high risk to the rights and freedoms of individuals, we will tell affected individuals that there has been a breach and provide them with information about its likely consequences and the mitigation measures it has taken.

Accuracy of your Personal Information

We work hard to make sure the data we hold is accurate, if you believe that the data we hold may be inaccurate then please contact us and we will correct any inaccuracies.

Security of your Personal Information

Security of the information we hold is paramount. Access to our database is restricted by IP address and requires unique username and strong passwords. All databases employ encryption to protect the confidentiality. Access to all data is limited based on a strict access control policy. Access and operational logs are retained and audited on a regular basis.

Where we store your personal data

All information you provide to us is stored on our secure servers. Data will be stored in a range of different places on our servers, including Client Management systems, Finance Systems, Server folders, Client feedback portal, and other IT systems (including the company’s email systems).

The company has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.

Once we are in receipt of your data we will use strict procedures and security features to prevent unauthorised access.

Who has access to your information?

We will not sell or impart client information to any third parties other than the emergency services or third party alarm receiving centres or in the case of employees for pensions, personal taxation and the like.

We rely on any West Valley Mobile Security Ltd staff who may have access to the personal data of clients, customers and other individuals in the course of their employment to help meet our data protection obligations.

Individuals who have access to personal data are required:

  • To access only data that they have authority to access and only for authorised purposes;
  • Not to disclose data, except to individuals (whether inside or outside the company) who may have appropriate authorisation;
  • Not to remove personal date, or devices containing, or that can be used to access personal data, from the company’s premises without adopting appropriate security measures to secure the data and the device;
  • To report data breaches of which they become aware to the Data Protection Officer immediately.

Training

West Valley Mobile Security Ltd will provide training to all individuals about their data protection responsibilities as part of the Induction process and at regular intervals thereafter.

Individuals whose roles require regular access to personal data, or who are responsible for implementing this policy or responding to subject access requests under this policy, will receive additional training to help them understand their duties and how to comply with them.

Disclosure

West Valley Mobile Security Ltd may on occasions pass your personal Information to third parties exclusively to process work on its behalf. The company requires these parties to agree to process this information based on our instructions and requirements consistent with this Privacy Notice and GDPR.

Legal Disclosures

We may, in appropriate cases, voluntarily or where required by law, pass your data to the Police and similar organisations such as law enforcement agencies (including fraud prevention and detection) or other governmental agencies.

The Company may also enforce its Terms and Conditions, including investigating potential violations of its terms and Conditions or Terms of Contract to detect, prevent or mitigate fraud or security or technical issues; or to protect against imminent harm to the rights, property or safety of the Company, its clients and/or the wider community

We will never share information with third parties for marketing purposes.

Third Party Service Providers we may work in association with

We may pass information to our third party service providers, agents subcontractors and other associated organisations for the purposes of completing, such as alarm installation and tasks on a client’s behalf, and providing services on our behalf (for example for employee Vetting & Screening purposes). However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep all information secure and not to use it for their own direct marketing purposes.

Please be reassured that we will never release any information to third parties beyond the emergency services or approved sub-contractors for them to use for their own direct marketing purposes in any circumstance unless we are required to do so by law, for example, by a court order or for the purposes of prosecution or prevention of crime.

Due to the nature of our business, we work closely with the emergency services. The emergency services will only use such details to provide information and carry out their obligations arising from any contract entered into with us. However, we take steps to ensure that everyone’s privacy rights continue to be protected.

Retention Policy

West Valley Mobile Security Ltd will process personal data during the duration of any contract and will continue to store only the personal data needed for a set number of years dependant on its processing purpose:-

  • Employee - 6 years after leaving the employ of the company
  • Employee application/recruitment application (but not commenced employment) - 6 months
  • Financial - 7 years after the last financial transaction date (includes suppliers and customers within or without contract)
  • Marketing or potential customer/supplier (with no transaction) - 1 year
  • Site based Daily Occurrence logs - 4 years
  • Personal Information processed as part of a contract on behalf of the data Controller - for the length of the contract, then returned to the Data Controller

We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory or regulatory obligations (for example Security Screening Records and employment records). We will hold your personal information on our systems for as long as is necessary for the relevant activity or as long as is set out in any relevant contract agreement.

Data Storage

Data is stored in the United Kingdom using different (multiple) servers. West Valley Mobile Security Ltd does not store personal data outside the EEA.

Your Choices

You will always have a choice about whether or not you wish to receive information from us.

The accuracy of your information is important to us. If you change email address, or any of the other information we hold is inaccurate or out of date, please email us at: dataprotectionofficer@westvalley.co.uk or write to us at the address below.

You have the right to ask for a copy of the information the Company holds about you. In certain circumstances, such as where the data is no longer necessary for the purposes for which it was collected, you have a right to require us to erase all personal data held about you.

Note: There are a number of exemptions to this right, for example in relation to freedom of expression and compliance with legal obligations.

Security precautions in place to protect the loss, misuse or alteration of your information.

When you give us personal information, we take steps to ensure that it’s kept securely.

Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our IT Systems (soft copy information) or held securely in our offices (hard copy information).

System users. Where we have given you a password or passcode for identifying you as an authorised system user, you are responsible for keeping this password

confidential. We ask you not to share your password with anyone.

Profiling

We do not analyse your personal information to create a profile of your usage or any other such as interests and preferences so that we can contact you with information relevant to you.

We may make use of the information about you in order to provide you with information that directly affects you or in the case of system users, their system.

Links to other websites

Our website may contain links to other websites run by other organisations. However, these are limited to our Certifications/Accreditations namely, SSAIB, and The Security Industry Authority. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access these using links from our website.

In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site. This privacy policy does not cover all the links within this site linking to other websites.

18 or Under

We are concerned to protect the privacy of children aged 18 or under (although under the GDPR this is currently the under 16’s). If you are aged 18 or under‚ please get your parent/guardian’s permission beforehand whenever you provide us with personal information.

Website Recording

At the time of publication of this Policy, our web site does not use any web site recording service. Should this change then this Policy will be updated to reflect this change.

Cookies

We do not use cookies on our website

Your Rights as a data subject

At any point whilst West Valley Mobile Security Ltd is in possession of or processing your personal data, all data subjects have the following rights:

  • Right of access - you have the right to request a copy of the information we hold about you.
  • Right of rectification - you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten - in certain circumstances you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing - where certain conditions apply you have the right to restrict the processing.
  • Right of portability - you have the right to have the data we hold about you transferred to another organisation.
  • Right to object - you have the right to object to certain types of processing such as direct marketing.
  • Right to object to automated processing, including profiling - you also have the right not to be subject to the legal affects of automated processing or profiling

In the event that West Valley Mobile Security Ltd refuses your request under rights of access, we will provide you with a reason as to why which you have the right to legally challenge.

West Valley Mobile Security Ltd at your request can confirm what information it holds about you and how it is processed by emailing us at: dataprotectionofficer@westvalley.co.uk or by writing to us at the address below

You can request the following information:

  • Identity and the contact details of the person or organisation (West Valley Mobile Security Ltd) that has determined how and why to process your data.
  • Contact details of the data protection officer, where applicable.
  • The purpose of the processing as well as the legal basis for processing
  • If the processing is based on legitimate interests of West Valley Mobile Security Ltd Ltd, or a third party such as one of its clients, information about those interests.
  • The categories of personal data collected, stored and processed.
  • Recipient(s) or categories of recipients that the data is/will be disclosed to.
  • How long the data is stored
  • Details of your rights to correct, erase, restrict or object to such processing.
  • Information about your right to withdraw consent at any time.
  • How to lodge a complaint with the supervisory authority (Data Protection Regulator).
  • Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the persona data and the possible consequences of failing to provide such data.
  • The source of personal data if it wasn’t collected directly from you.

To access what personal data is held, identification will be required

West Valley Mobile Security Ltd will accept the following ID when information on your personal data is requested: a copy of your national ID card, driving license; passport; birth certificate and a utility bill not older than three months. A minimum of one piece of photographic ID listed above and a supporting document is required. If West Valley Mobile Security Ltd Ltd is dissatisfied with the quality, further information may be sought before personal data can be released.

All requests should be made to the dataprotectionofficer@WestValleyMobileSecurityLtd.co.uk or writing to us at the address below.

Compaints or queries

If you want to make a complaint about the way we have processed your personal information, please bring it to our attention by contacting - dataprotectionofficer@westvalley.co.uk or writing to the address below

If you do not get a response within 30 days can contact the ICO, the statutory body which oversees data protection law – www.ico.org.uk/concerns.

The Data Protection Officer, West Valley Mobile Security Ltd, Lincolns View, Oak Green, Stanley Green Business Park, Cheadle Hulme, SK8 6QL