What is the purpose of this notice ?
To describe how we collect, use, and protect personal data in accordance with the prevailing laws and regulations (e.g. the UK General Data Protection Regulation (UK GDPR), General Data Protection Regulation (EU) and the DPA 2018.
What we need.
TC Shielding Ltd is a “Data Controller” of the personal data you provide to us. We only collect basic personal data about you which does not include any special categories of personal information (known as Special Category Data). This does however include name, work address, e-mail, telephone number and is limited to what is necessary to conduct business.
Lawful basis for processing.
For existing clients with whom we work, the Legal Basis for Processing Personal Data is on the Basis
for Performance of a Contract, we are typically required to retain this data for up to 7 years, per the
HMRC guidelines for Business Information.
For Prospective Clients we process personal data on the Legal Basis of “Legitimate Interest” for
which we have completed a “Legitimate Interest Assessment”.
For Employees we process personal data on the Legal Basis of Performance of a Contract.
Why we need it.
We need to process your basic personal data in order to provide goods and services to you, process your orders and tell you about our products and services.
What we do with it.
We only ever use your personal data following your initial contact with us and where it is necessary:
- to enter into or perform a contract with new and existing customers.
- for a legitimate interest, with prospective customers.
- for our own (or a third party’s) lawful interest, as we may have to provide your data under legal obligations, provided your rights don’t override these.
In any event, we’ll only use your information for the explicit purpose it was given for.
We may process personal information for certain legitimate business purposes, which include some or all of the following:
-where the processing enables us to enhance, modify, personalise, or otherwise improve our services/communications for the benefit of our customers.
-to better understand how people interact with our website.
Whenever we process data for these purposes we will ensure that we always keep your personal data rights in high regard and take account of these rights at all times.
When we process your personal data for our legitimate interests, we will make sure that we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests do not automatically override your rights – we will not use your personal data for activities where our interests are overridden by the impact on you. You have the right to object to this processing if you wish, and if you wish to do so please contact our designated Data Controllers as outlined below.
Where we keep it.
We are based in the UK and we store our data within the EU. Some organisations which provide services to us may transfer data outside of the EU, but we will only allow them to do it if your data is adequately protected.
For example, some of our systems use Microsoft products. As a US company, it may be that using their products result in personal data being transferred to or accessible from the US. However, we will allow this as we are certain personal data will still be adequately protected (as Microsoft is certified under the prevailing USA scheme).
How long will we keep it ?
We will only use and store information for so long as it is required for the purposes it was collected. How long information will be stored depends on the information in question and what it is being used for. For example communications regarding application requirements will be important to keep for historical reasons.
We continually review what information we hold and delete what is no longer required. We will not retain your data for any longer than necessary.
What are your rights ?
We want to ensure that you remain in control of your personal data. Part of this is making sure you understand your legal rights, which are as follows:
-the right to confirmation as to whether we have your personal data, if we do, to obtain a copy of the personal information we hold (this is known as a data subject access request).
-the right to have your data erased (though this will not apply where it is necessary for us to continue to use the data for a lawful reason).
-the right to have inaccurate data rectified.
Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so.
If you wish to contact us regarding how we handle your personal data, please contact our data controllers.
They can be contacted at m.walker@tcshielding.com or a.wisdom@tcshielding.com. Please bear in mind that if you object to the use of your data, this may affect our ability to carry out tasks above for your benefit.
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law you can find out more from the Information Commissioner’s Office, the UK supervisory authority for data protection issues.
Please note we may update this Privacy Notice from time to time. We will always include the date of a new version so that you will know when there has been a change.
Compiled By:
Matt Walker Anita Wisdom
Managing Director Director
14/9/21 Revision 3
All Rights Reserved | TC Shielding Ltd