Updated 18th May 2018
This Policy sets out the obligations of Blackwood Fire Ltd (“the Company”), a company registered in England & Wales under number 01687636, whose registered office is at 14 & 15 Penmaen Industrial Estate, Pontllanfraith, Blackwood, NP12 2DQ, regarding data protection and the rights of data subjects (“data subjects”) in respect of their personal data under EU Regulation 2016/679 General Data Protection Regulation (“GDPR”).
The GDPR seeks to ensure that personal data is processed lawfully, fairly, and transparently and is collected and processed for legitimate purposes and is adequate and relevant.
The GDPR defines “personal data” as any information relating to an identified or identifiable natural person (a “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Blackwood Fire Ltd is a company that provides, services and maintains fire protection equipment. We also provide fire risk assessments, fire training and other related fire safety products and services.
This Policy sets the Company’s obligations regarding the collection, processing, transfer, storage, and disposal of personal data. The procedures and principles set out herein must be followed at all times by the Company, its employees, agents, contractors, or other parties working on behalf of the Company.
The Company is committed not only to the letter of the law, but also to the spirit of the law and places high importance on the correct, lawful, and fair handling of all personal data, respecting the legal rights, privacy, and trust of all individuals with whom it deals.
This Policy aims to ensure compliance with the GDPR. The GDPR sets out the following principles with which any party handling personal data must comply. All personal data must be:
2.1 Personal data shall be processed fairly and lawfully.
2.2 Personal data shall be obtained for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes.
2.3 Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
2.4 Personal data shall be accurate and, where necessary, kept up to date.
2.5 Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
2.6 Personal data shall be processed in accordance with the rights of data subjects under the Data Protection Act 1998.
2.7 Appropriate technical and organisational measures shall be taken against unauthorised and unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
2.8 Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
3. The Rights of Data Subjects
The GDPR sets out the following rights applicable to data subjects:
3.1 The right to be informed;
3.2 The right of access. Data subjects may make subject access requests (“SARs”) at any time to find out more about the personal data which the Company holds about them, what it is doing with that personal data, and why. Responses to SARs shall normally be made within one month of receipt, however this may be extended by up to two months if the SAR is complex and/or numerous requests are made. If such additional time is required, the data subject shall be informed.
3.3 The right to rectification. Data subjects have the right to require the Company to rectify any of their personal data that is inaccurate or incomplete.
3.4 The right to erasure (also known as the ‘right to be forgotten’). Data subjects have the right to request that the Company erases any personal data it holds about them. Unless the Company has reasonable grounds to refuse to erase personal data, all requests for erasure shall be complied with, and the data subject informed of the erasure, within one month of receipt of the data subject’s request. The period can be extended by up to two months in the case of complex requests. If such additional time is required, the data subject shall be informed.
3.5 The right to restrict processing;
3.6 The right to data portability;
3.7 The right to object; and
3.8 Rights with respect to automated decision-making and profiling.
We make every effort to handle and use your personal data as directed by the GDPR. If you wish to implement any of these rights or have any concerns about how we collect or use your personal data, please contact us via the contact details provided in section 1 above. If, for some reason, you are not satisfied with the way we have dealt with your personal data you are entitled to contact the Information Commissioner’s Office.
4. Accuracy of Data and Keeping Data Up-to-Date
The Company shall endeavour to ensure that all personal data collected, processed, and held by it is kept accurate and up-to-date. This includes, but is not limited to, the rectification of personal data at the request of a data subject.
5. Data Retention
The Company shall not keep personal data for any longer than is necessary in light of the purpose or purposes for which that personal data was originally collected, held, and processed.
6. Security of Personal Data
The Company takes the protection of your personal data very seriously and we take appropriate steps to ensure your personal data is stored in a secure environment to prevent any unauthorised access.
The Company shall endeavour to ensure that all personal data collected, held, and processed is kept secure and protected against unauthorised or unlawful processing and against accidental loss, destruction, or damage.
When any personal data is to be erased or otherwise disposed of for any reason (including where copies have been made and are no longer needed), it should be securely deleted and disposed of.
The Company may use external providers that to process personal data on our behalf. When we do so we have appropriate agreements in place to protect the data. Any data transfers between external service providers and ourselves are conducted by secure means.
7. Sharing of Personal Data
We will only disclose your personal data if required to do so by law or some other legitimate purpose. We will not share your personal data with third parties for any other reason including for their own marketing purposes.
8. How we collect personal data
Below are some of the ways we collect your data, although this list may not be exhaustive:
8.1 Details provided to us by you when ordering or requesting information from us about our products and services. This may be by means of face-to-face meetings, by telephone, email, via our website enquiry forms or by subscribing to receive news, advice & services information direct to your inbox via our website.
8.2 Via social media sources such as LinkedIn and Twitter or our website.
9. Personal Data Collected and Held
The following personal data is commonly collected, held, and processed by the Company:
9.1 Full Name;
9.2 Business or Organisation Name;
9.3 Position or Job Title within the Organisation;
9.4 Address Details;
9.5 Contact details and, if relevant, for example, keyholder contact details.
We hold your personal at the Company’s registered office at 14 & 15 Penmaen Industrial Estate, Pontllanfraith, Blackwood, NP12 2DQ and at other work locations as required.
10. How Personal Data is Used
10.1 In order to manage or fulfil an order for our products or services;
10.2 To manage, for example, your periodic fire equipment servicing requirements and fire risk assessment reviews;
10.3 To provide quotes or other information that you have enquired about or requested;
10.4 To provide relevant information to particular categories or types of business or organisations;
10.5 To provide you with information where you have subscribed via our website to receive news, advice & services information.
10.6 Data may also be used to track the use of our websites and social media accounts including analytical facilities provided by third parties such as Google, Twitter and LinkedIn.
10.7 To maintain records of our current, past and potential customers together with records of our suppliers.
The data listed above is always used in the performing or fulfilling of a contract or service agreement or for other legitimate business or statutory obligations.
11. Links to external sources
Definitions and Interpretation
means a small file placed on your computer or device by Our Site when you visit certain parts of Our Site and/or when you use certain features of Our Site;
means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003 and of EU Regulation 2016/679 General Data Protection Regulation (“GDPR”);
means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data, as defined by EU Regulation 2016/679 General Data Protection Regulation (“GDPR”).
13.2 By using Our Site, you may also receive certain third party Cookies on your computer or device. Third party Cookies are those placed by websites, services, and/or parties other than us.
13.2.1 Strictly Necessary Cookies
A Cookie falls into this category if it is essential to the operation of the Company’s Site.
13.2.2 Analytics Cookies
It is important for Us to understand how you use the Company’s Site, for example, how efficiently you are able to navigate around it, and what features you use. Analytics Cookies enable us to gather this information, helping Us to improve our Site and your experience of it.
13.2.3 Functionality Cookies
Functionality Cookies enable us to provide additional functions to you on our Site such as personalisation and remembering your saved preferences. Some functionality Cookies may also be strictly necessary Cookies, but not all necessarily fall into that category.
13.2.4 Targeting Cookies
It is important for us to know when and how often you visit our Site, and which parts of it you have used (including which pages you have visited and which links you have visited). As with analytics Cookies, this information helps us to better understand you and, in turn, to make our more relevant to your interests.
13.2.5 Third Party Cookies
Third party Cookies are not placed by Us; instead, they are placed by third parties that provide services to us and/or to you. Third party Cookies are used on our Site for analytical reasons. We use Google Analytics to track usage of our website so that we can use, for example, the information provided to analyse the content on our website that our audience is interested in.
13.2.6 Persistent Cookies
Any of the above types of Cookie may be a persistent Cookie. Persistent Cookies are those which remain on your computer or device for a predetermined period and are activated each time you visit Our Site.
13.2.7 Session Cookies
Any of the above types of Cookie may be a session Cookie. Session Cookies are temporary and only remain on your computer or device from the point at which you visit Our Site until you close your browser. Session Cookies are deleted when you close your browser.
13.3 Turning off Cookies