Privacy Policy

ProtectAVan Ltd.
21 Tadman Street
Wakefield
WF1 5RG
01924 201498

accounts@protectavanltd.co.uk
www.protectavanltd.co.uk


CONTENTS

Page 3. What Is GDPR?
Page 4. Information Audit
• What Information Do We Collect?
• How Do We Collect It?
• Why Do We Collect It?
• How Do We Use It?
• Legal Bases
Page 10. Removing, Updating, Restricting, or Obtaining Your Personal Data
Page 10. Disposal of Personal Data
Page 11. ICO Registration Certificate
Page 12. CCTV
Page 13. Marketing
Page 14. Contact Us

WHAT IS GDPR?

The General Data Protection Regulation (GDPR) comes into effect on the 25th May 2018 and in the UK will replace the previous Data Protection Act (1998). It describes how organisations must collect, handle, and store personal data[1].

a) processed lawfully, fairly and in a transparent manner in relation to individuals;

b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;

c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;

e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and

f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

It also states [2]:

“The controller [ProtectAVan Ltd] shall be responsible for, and be able to demonstrate, compliance with the principles.”

INFORMATION AUDIT
ProtectAVan Ltd AS A CONTROLLER
Customers
Information We Collect
How Do We Collect It?
Why Do We Collect It?
How Do We Use It?
Legal Bases
Name, Email Address, Delivery Address, Billing Address, Phone Number, Vehicle spec/reg.
From you over Email.
To enter into and perform our contract with you.
This information is processed through our database and where applicable, shared with an authorised third-party supplier/shipping company.
Contract.
Name, Delivery Address, Billing Address, Phone Number, Vehicle spec/reg.
From you over Facebook.
To enter into and perform our contract with you.
This information is processed through our database and where applicable, shared with an authorised third-party supplier/shipping company.
Contract.
Name, Phone Number, Delivery Address, Billing Address, Bank Details, Vehicle spec/reg.
From you over the phone or face-to-face.
To enter into and perform our contract with you.
This information is processed through our database and where applicable, shared with an authorised third-party supplier/shipping company.
Contract.
Name, Delivery Address, Email Address, Phone Number.
PayPal.
To ensure that goods have been paid for.
This information is processed through our database to create an invoice.
Legitimate Interest.
Name, Phone Number, Delivery Address, Email Address, Billing Address, Vehicle spec/reg.
Online Sales.
To enter into and perform our contract with you.
This information is processed through our database and where applicable, shared with an authorised third-party supplier/shipping company.
Contract.
Name, Phone Number, Billing Address, Email Address.
Worldpay.
To ensure that goods have been paid for.
This information is processed through our database to create an invoice.
Legitimate Interest.
ProtectAVan Ltd AS A CONTROLLER
Abandoned Checkout Customers
Information We Collect
How Do We Collect It?
Why Do We Collect It?
How Do We Use It?
Legal Bases
Name, Phone Number, Delivery Address, Email Address, Billing Address, vehicle spec/reg.
Online Website.
To remind you of goods that weren't purchased at time of checkout.
To send an email regarding your potential purchase.
Legitimate Interest.
Non-Customers
Information We Collect
How Do We Collect It?
Why Do We Collect It?
How Do We Use It?
Legal Bases
Name.
From you on Facebook.
To identify who we are talking to.
To discuss any enquires you may have contacted us about.
Legitimate Interest.
Name, Email Address, Phone Number, vehicle spec/reg.
From you over Email or Phone.
To identify who we are talking to and a method to contact you back if necessary.
To discuss any enquires you may have contacted us about.
Legitimate Interest.
Name, Email Address, Delivery Address, vehicle spec/reg.
From you from subscription forms for marketing emails.
To identify who you are when we send you marketing emails.
To send marketing emails regarding the company and products.
Consent.
After Sales
Information We Collect
How Do We Collect It?
Why Do We Collect It?
How Do We Use It?
Legal Bases
Name, Email Address, Delivery Address.
From you when you consent to marketing emails and review request emails at checkout.
To be able to send you review request emails and marketing emails.
To send you review request emails and marketing emails.
Consent.
ProtectAVan Ltd AS A CONTROLLER
Trade Customers
Information We Collect
How Do We Collect It?
Why Do We Collect It?
How Do We Use It?
Legal Bases
Name(s), Email Address(es), Company Address, Phone Number(s), Company Number, VAT Numbers, Authorisation Letter.
Trade Application Form.
To enter into and perform our contract with you.
This information is processed through our database to create an account.
Contract.
Name, Email Address, Delivery Address, Phone number, Vehicle spec/reg.
From you over phone or email.
To enter into and perform our contract with you.
This information is processed through our database to create an order and shared with an authorised third-party shipping company and/or our third-party distributor (if required).
Contract.

Name(s), Email Address(es), Company Address, Phone Number(s), Company Number, VAT Numbers, Authorisation Letter, Order Information, Historical Payment Information, Account Information.

From our database.
To perform our contract with you.
To share to debt collectors, tracing agencies, debt purchasers or organisations providing debt support – our partners who help us to recover debts, who purchase debts or who offer debt advice and support.
Legitimate Interest.
ProtectAVan Ltd AS A PROCESSOR
Dropship Order
Information We Collect
How Do We Collect It?
Why Do We Collect It?
How Do We Use It?
Legal Bases

Name, Email Address, Delivery Address, Billing Address, Phone Number, Order number (if required), Vehicle spec/reg.

From our trade/sole-trader customers.
To act as a processor to complete an order from our trade/sole-trader customers.
This information is processed through our database to create an order and shared with an authorised third-party shipping company and/or our authorised distributor (if required).
Contract.
ProtectAVan Ltd AS A CONTROLLER
Employees & Potential Employees
Information We Collect
How Do We Collect It?
Why Do We Collect It?
How Do We Use It?
Legal Bases
Name, Address, Email address, Phone Number(s).
From You.
To enter into and perform our contract with you.
May be passed to a third-party engineer when on-site visits are required and/or suppliers when supplies are ordered for direct delivery.
Legitimate Interest.
Bank/Building Society Details, NI number, Tax Information, Date of Birth, Student Debt, Passport/Work Permit, Nationality, Sex, Marital Status.
From You.
To perform our contract with you.
To ensure we comply with current regulations. Information is shared with Payroll, HMRC, Nest Pension Scheme, & any other legal entities that we are required to by law.
Contract.
Information about your sickness and absence records (including, but not limited to, information relating to your physical and or mental health).
From you and/or your doctor.
To comply with legal obligations. For monitoring purposes.
To maintain employment records. To administer sick pay entitlement.
Legitimate Interest.
Information on grievances/conduct issues raised by, or involving you.
From you, from complainants, from witnesses, and from other members of staff, CCTV.
To comply with legal obligations. To protect you and other staff members.
For employee administration. To deal with grievances.
Legitimate Interest.
Details of your appraisals, performance reviews, improvement plans, details of your time and attendance and work output.
From you, your boss, and other employees you work with, CCTV.
To perform our contract with you.
For staff administration and assessment monitoring. For bonus and overtime payments.
Contract.
Your use of our IT, communication, and other systems.
From computers.
To monitor/manage staff access to our systems. To ensure that our policies are adhered to.
For staff administration and network security.
Legitimate Interest.
Details in references about you.
From you, from people you have stated we can contact.
To enter into contract with you.
To enable us to confirm your details before we enter into a contract with yourselves.
Legitimate Interest.
We will keep your personal data for the purposes set out in this data privacy policy and only for as long as any legal basis continues to apply. Below is a non-exhaustive list of some of the reasons we need to retain your personal data:

• Compliance with the requirements of the Financial Conduct Authority
• Compliance with Anti Money Laundering Regulations
• Reporting obligations to the Credit Reference Agencies
• Ensuring we have relevant information in the event of any queries or complaints
• Being able to identify if you have purchased a product which is subject to a product recall
• Being able to service any product or service guarantee you have purchased
• To assist with the establishment, exercise or defence of legal claims

The length of time we need to keep the personal data will vary depending on the nature of the personal data and the reason we are obliged to hold it.

We may transfer your personal data to the following third parties:

• Technology service providers – our partners who provide IT and website services.
• Telephone providers – our partners who provide telephone services and functionality.
• Delivery companies – our couriers, parcel firms and mail firms who deliver your goods or services and manage any returns on our behalf.
• Marketing service providers – if you have opted-in or is of legitimate interest, our partners who work with us to make sure we send you information about products, services and special offers that are of interest to you.
• Debt collectors, tracing agencies, debt purchasers or organisations providing debt support – our partners who help us to recover debts, who purchase debts or who offer debt advice and support.
• Regulators and other governmental agencies or law enforcement agencies.
• Organisations who may be interested in purchasing our business or organisations who we may be interested in purchasing - we may sell parts of our business or acquire other businesses and your personal data may be shared with such third parties as part of this process.

REMOVING, UPDATING, RESTRICTING, OR OBTAINING YOUR PERSONAL DATA

You have the right to:

• Ask what information we have about you, and why.
• Ask how to gain access to that information.
• Ask for that information to be deleted/removed, updated, or restricted.
• Ask to move, copy, or transfer the information from our IT environment to another

These requests can be made via post or email. You can phone to request a form to be sent via post or email. This is to ensure that all requests are made in writing and can be documented.

Requests will be reviewed and answered within one calendar month. No reasonable requests will be denied.

Identities will be verified before information is handed out.

Information can be given formally in writing, or informally over the phone – whichever you prefer.

Deletion/removal request within reasonable grounds will be accepted providing we are not required by law to keep them.

It is important that the personal information we hold about you is correct and current. Please keep us informed if your information changes during your contract with us.

DISPOSAL OF YOUR PERSONAL DATA

When it comes to disposing of your personal data we do so in a secure way. All printed and written documentation including any personal details are shredded before disposal. All emails and electronic forms of personal data are deleted at all instances of storage.

ICO REGISTRATION CERTIFICATE
(awaiting)

CCTV

We use “Closed Circuit Television” CCTV to monitor our property for the prevention of crime.

The live screens of the four cameras we have around the property are in a secure office and can only be monitored off-site by the authorised person using a business phone.

The only time this information is shared is in the event of a crime or work related issue. This information may be shared with staff where work grievances and work time issues need to be dealt with. It may also be handed over to the police until they are finished with it and it is disposed of by them.

The CCTV has only two authorised users who is fully trained in its use and security.

Recordings are only kept for 30 days before they are automatically overwritten on the system.

Our CCTV system uses high quality, clear imagery.

CCTV cannot be accessed by anyone other than the authorised user bar the live video showing in the secure office.

The ability to view anything beyond the live video within the office has been locked with a password and only the authorised user can use it.

The footage is only stored in one place unless the police request footage where it is supplied on a separate USB stick.

MARKETING

On our website we offer positive opt-in pop-up forms for our marketing newsletter. This information provided here will only be used in the way you signed up for it to be used; in this instance our marketing email.

On our website we offer a positive opt-in tick box to receive our marketing newsletter and a request to review the product you are purchasing. This information provided here will only be used in the way you signed up for it to be used; in this instance our marketing email and an email requesting a product review.

If your preferences ever change for any reason please let us know by emailing info@protectavanltd.co.uk or by phoning 01924 201498.

CONTACT US

If you have any queries about anything in the policy, or anything else, then please feel free to contact us.
We are contactable by post, email, or phone.