Data Protection Policy
The protection of Personal and Non Personal (Technical) data is recognised as being important and therefore will be managed, protected and secured. All personal data will be treated confidentially and in accordance with EU General Data Protection Regulation (EU2016/679) under the control of Apex Chimney Services.
Hardcopy data will be secured within a locked environment at all times when in transit or storage and access will be granted to authorized persons only.
Electronic data will be stored on computer hard drives, protected by password protection and again secured within a locked environment when in transit (in vehicle) or use (office location)
Apex Chimney Services will ensure that it maintains appropriate and current software protection on all electronic devices that it utilises.
Authorised Persons and Data Sharing
Only persons authorised by Lee Pearce, the proprietor of Apex Chimney Services will be granted access to data and Lee Pearce will be the nominated individual responsible for data protection.
Personal Data may be shared with third party financial advisors and statutory bodies (HMRC) as part of proof of invoicing and income required for the generation of accounts and for tax audit purposes.
Personal and technical data regarding services provided or appliance status data may be shared with the individual commissioning service (landlord or agent) in the event that the resident is not the recognized owner or their authorized agent. It may also be shared with the Guild of Master Chimney Sweeps, HETAS or RIDDOR as part of its monitoring activities.
Data Retention and Deletion
Only the data necessary for the provision of the requested services and / or goods will be collected. It will be retained within the UK for the purposes of administering and managing customer and supplier accounts, and as require under statutory obligations.
The data retention period will be determined by applicable legislation, in particular the requirement to provide evidence for tax audits for up to 7 years after the end of the financial year to which the information applies.
If not determined by legislation, the data will be deleted or destroyed 2 years after the end of the enquiry or the service / goods provision to which it applies.
Data will be securely destroyed and / or disposed of after the end of the retention period.
Data Breach Monitoring
Under the GDPR there are strict requirements for the notification of individuals in the event of a data breach. If there are reasonable grounds to believe that any personal data has been lost or compromised, then the applicable GDPR notifications will be made to the ICO and / or the individual data subject.
Apex Chimney Services will act on any notification that data may have been breached and separately will undertake a periodic review to ensure that all hard copy data remains secure.
Transparency of Data Processing and Data Subjects Rights
Under the GDPR all personal data should be processed lawfully, transparently and fairly. To ensure that data subjects are aware of their rights, Apex Chimney Services will provide individuals with Privacy Notices which set out what personal data is processed, for what purposes and with whom it is shared. In addition, they will be advised if their rights including their right to see, amend and to have their personal data erased.
In support of this, individuals have the right to make a Data Subject Access Request that will be responded to within one month as per the GDPR requirements.
Where required, individual consent will be required for any activities that require consent, such as direct marketing for instance if undertaken.