The General Data Protection Regulations (GDPR) come into force on 25 May 2018 superseding the UK’s Data Protection Act 1998 and it is a legal requirement for the Company to comply with the GDPR.
Therefore, it is the Company’s policy to ensure any personal data held by us in whatever form be treated with sensitivity and privacy, as befits such information in respect of our employees, suppliers, customers and sub-contractors.
Roof Vent UK Ltd needs to keep certain information about its employees, suppliers, customers and sub-contractors for financial and commercial reasons to enable the monitoring of performance, to ensure legal compliance and for health and safety purposes.
In particular, this policy requires Roof Vent UK Ltd staff to consult the Data Protection Manager before any significant new data processing activity is initiated to ensure that relevant compliance steps are addressed.
This policy applies to all subsidiaries of Roof Vent UK Ltd, 31 Brookgate Trading Estate, Ashton Vale, Bristol BS3 2UN. Telephone number 01179 637385. You can find out more about us on our website www.roofventuk.com
The Board of Directors is ultimately responsible for ensuring that Roof Vent UK Ltd meets its legal obligations and seeks to protect personal data making sure that their staff understand the rules governing the use of personal data to which they may have access in the course of their work.
Data Protection Manager
To ensure the implementation of this policy Roof Vent UK Ltd has designated Mandy Allan as their Data Protection Manager. All enquiries relating to the holding of personal data should be referred to her in the first instance.
Managers will ensure that all staff are trained to comply with Data Protection and the relevant legislation surrounding it, so they know what is expected of them. Training must be applicable to the roles and responsibilities the individual holds and training records must be kept.
Sensitive Personal Data
In most cases where Roof Vent UK Ltd processes sensitive personal data they will require the data subject’s explicit consent to do this unless exceptional circumstances apply, or we are required to do this by law (e.g. to comply with legal obligations to ensure health and safety at work).
Any such consent will need to clearly identify what the relevant data is, why it is being processed and to whom it will be disclosed.
Accuracy and Relevance
Roof Vent UK Ltd will ensure that any personal data they process is done lawfully, fairly and transparently. The data collected on a subject should be adequate, relevant and limited to what is necessary in relation to the purposes for which it is being collected.
Personal data shall be accurate, where necessary kept up-to-date, and kept only for the period of time required to complete the processing task for which it is obtained. Individuals may ask that Roof Vent UK Ltd correct inaccurate personal data relating to them.
If you believe that information held is inaccurate you should record the fact that the accuracy of the information is disputed and inform the Data Protection Manager in writing.
Access to Personal Data
Access to all personal data is restricted to limited staff. Employment checks are carried out on personnel as applicable to their role and/or the service they are delivering.
Employees will obtain Disclosure Barring Service checks and complete relevant security clearances as required.
Right to be Forgotten
A data subject may request that any information held on them is deleted or removed, and any third parties who process or use that data must also comply with the request.
An erasure request can only be refused if an exemption applies.
Personal data stored electronically will be protected by Roof Vent UK Ltd security processes. Access to all systems are restricted to limited employees as required for the application of their job role.
Roof Vent UK Ltd operates an E-mail and Internet Policy, which defines appropriate and inappropriate use.
Transferring Data Internationally
There are restrictions on international transfers of personal data.
We will not transfer personal data anywhere outside the EEA without first consulting the Data Protection Manager.
Currently, Roof Vent UK Ltd do not transfer any personal data outside the EEA.
All members of staff have an obligation to report actual or potential data protection compliance failures.
This allows us to:
Any breach of the Data Protection Policy, either deliberate or through negligence, may lead to disciplinary action being taken and could in some cases result in a criminal prosecution.
Third Party Access to (FAB IT) ICT Systems
With the exception of our primary IT support partner, access to Roof Vent UK Ltd systems is restricted and can only be accessed as agreed with the System Administrator.
All other third-party providers are bound by confidentiality and security clauses within the service level agreements agreed.
Subject Access Requests
You are entitled to know what personal information Roof Vent UK Ltd holds about you, why it is being held and who Roof Vent UK Ltd discloses your information to.
All Subject Access Requests must be referred to the HR Manager in the first instance.
Storage of Data
Hard copy personal data, whether related to our employees, suppliers, customers or sub-contractors is held in secure cabinets with access restricted to limited staff.
This personal data is not routinely carried in transit however, where it is required to be transported, it will be held in secure containers.
Electronic personal information held locally will be held with restricted access to limited staff. Access will be controlled by means of user account control.
This personal data is not routinely carried in transit however, where it is required to be transported, it will always be held on encrypted USB drives and not copied to an employee’s personal computer.
Retention of Records and Data
For some records and data there are statutory retention periods with statutory authorities.
For other records there are no statutory retention periods.
However, there are either recommended retention periods or retention periods required by third party organisations.
Roof Vent UK Ltd will retain records in accordance with the relevant authorities’ recommendations and guidelines.
Disposal of Data
All hard copy personal data is securely shredded on-site by Roof Vent UK Ltd.
IT equipment including hard drives are disposed of in a secure manner by our IT consultant.
Electronic data is removed from our systems either through deletion or, if required, archiving.
If we have received the appropriate consent from a customer, individual or company, then they may be contacted for marketing purposes and sent information and/or news that would be of interest to them. However, they will always have the option to unsubscribe from these communications at any time.
If, however, they have previously advised us that they do not want any information on our products and services sent to them, or to be included in any market research, then we will continue to respect their wishes.
Managers will always check our compliance with legal obligations such as copyright or licensing requirements when downloading or copying information, and when publishing documents.
Roof Vent UK Ltd website is www.roofventuk.com
In order for you to receive your goods, Roof Vent UK Ltd work with a number of delivery partners. Again, we only pass limited information to them in order to ensure delivery of your items.
When you apply for credit with us, we will make searches about you with credit reference agencies. We do this to make sure customers who apply for credit accounts are able to manage the level of credit offered and not committing fraud by providing false or inaccurate information.
In order to process your application, we will supply your personal information to credit reference agencies, and they will give us information about you, such as your financial history. We do this to assess your creditworthiness, check your identity, manage your account, trace and recover debts and prevent criminal activity.
The Right to Complain
If you wish to discuss your personal data or lodge a concern about the way in which it is handled, please contact our Data Protection Manager in the first instance.