(General Data Protection Regulation)
Basis for collecting your data (Lawful processing)
Categories of Personal Data
Recipients of data
Your Rights as a data subject
Automated decision making
Sterling Thermal as an organisation is a data controller and specifically, Mark Nicholson a company director, is Sterling Thermal Ltd.’s current nominated Data Controller.
Mark Nicholson can be contacted by email or telephone
ON WHAT BASIS DO WE COLLECT & PROCESS YOUR DATA? (KNOWN AS LAWFUL PROCESSING)
We collect information about you our clients or prospective clients in order to process your order, manage your account and if you agree by consenting at point of collection, to email you about other products and services. We also collect information when you voluntarily complete customer surveys and provide feedback. Personal information is transferred within the EU as part of hosted cloud services (Microsoft Azure, Office 365, SharePoint and Sage Cloud payroll and accounting). In addition, personal data may be transferred internationally outside of the EU by social media platforms. This particular processing is conducted within binding corporate rules approved by the EU. The lawful basis on which we process your data is in the legitimate interests of Sterling Thermal Ltd.
Personally Identifiable Information (PII) is also collected and processed in order to undertake the employment of staff. The lawful basis for this processing is also in the legitimate interest of Sterling Thermal.
In identifying this ‘Legitimate Interest’ as the lawful basis, we have conducted a ‘Legitimate Interest Assessment’ in order to be satisfied that the interests of Sterling Thermal Ltd do not override your own legitimate rights and freedoms.
Additionally, we collect PII for the purpose of engaging contractors and administering our contracts. In these processes, the lawful basis for processing has been established as the pursuance of a contract or to enter into a contract.
Each category of data subject is identified in our data inventory and the PII collected specified in detail along with the legal basis for processing and the retention period.
Sterling Thermal undertakes the processing of PII in relation to employees to ensure suitability for employment and to discharge any statutory responsibilities in relation to right to work, residency and HMRC requirements.
Both Sterling Thermal and the employee benefit from this processing activity as it provides safeguards for Sterling Thermal and facilitates employment for the Data Subject. If processing this data were not permitted, then the company could not operate and provide goods and services as well as not being able to offer employment opportunities.
The processing of client data is undertaken in order to engage commercially and offer the most appropriate data privacy and compliance related service and products. In addition, we maintain an oversight of our clients to continue our support. Sterling Thermal and the client benefit from this processing activity as it provides opportunities to establish and sustain commercial relationships and to provide the most focused advice for the benefit of the client. If processing this data were not permitted, then the company could not operate and provide services.
The data collected will not be used for any unlawful or unethical purpose.
Sterling Thermal Ltd does not process sensitive data.
CATEGORIES OF DATA
Sterling Thermal processes non-sensitive data. For our staff we process:
Name | Address | Phone No. | Date of Birth | Gender | Signature |Driving Licence | Annual Leave | Disciplinary | NI No. | Tax | Bank Account | Pension Details | Utility Bill | Accreditations | CSCS Card | Photograph | CSCS Reg No. | DBS Check | Name (Emergency Contact) | Phone No. (Emergency contact) | Relationship (Emergency Contact)
We process the following data of our clients:
Name | Address (business) | Phone number | Email address(s) | Signature
We process the following data of our contractor staff:
Name | Address | Date of Birth | Phone No. | NI No. | UTR | Bank Account |Signature | Email Address
Our website does not use 1st party or 3rd party cookies, we do not collect data from you during your interaction with our website.
Access to personal data is restricted to those who have a legitimate reason to retrieve it, e.g. company directors, managers and nominated individuals.
Personal Data is transferred to the EU by some of our data processors through their cloud service provision. This complies with the GDPR international transfers requirements. Facebook reside data worldwide and operate within agreed binding corporate rules approved by the EU.
The data we collect directly from you is the minimum we require to facilitate the lawful processing described above. Personally Identifiable Data placed on our system will be deleted at 7 years in order to comply with legal and financial requirements. If you consent for us to process your data for the purpose of marketing, we will retain your contact details for as long as the consent lasts.
YOUR RIGHTS AS A DATA SUBJECT
The regulations provide a number of rights to you as the Data Subject. Sterling Thermal Ltd is committed to upholding those rights and those applicable to the personal information we collect and process are listed below.
In addition to these rights, you have the right to escalate any concern to the Supervisory Authority, which in the UK is the Information Commissioners Office https://ico.org.uk. A full and detailed explanation of all rights can be found at https://ico.org.uk/for-the-public/
Right of Access – you have the right to know what personal information is held, by whom and why. You can send a Subject Access Request to see what personal information and any supplementary information relating to you is held by us. We will provide you with the information we hold within one month of your request, unless the provision of that information is particularly complex. In which case, we may extend the deadline by a further two months. This information will be provided free of charge unless you require multiple copies of the same information, in these circumstances, we retain the right to charge a reasonable administrative fee.
The Right to Rectification – If the information we have collected and processed is inaccurate or incomplete, you have the right to have it rectified. We will respond to your request for rectification within one month, unless the request is complex or multiple.
Right to Erasure – You have the right to have your personal data erased and to prevent processing in some specific situations, these include:
Where personal data is no longer necessary regarding the purpose for which it was originally collected
When you withdraw consent
When you oppose the processing and there is no superseding legitimate interest for continuing the processing
If the personal data was unlawfully processed (i.e. otherwise in breach of the GDPR)
If the personal data must be removed in order to comply with a legal obligation
If the personal data is processed in relation to the offer of information/ society services to a child.
Right to Restrict Processing - If you contest the accuracy of the personal data we hold, we will restrict the processing of your data until accuracy is verified. The restriction of processing can occur for other reasons too, such as if you require us to retain your data in the advent of a legal claim.
Right to Data Portability – You have the right to move, duplicate or transfer your data easily from one IT environment to another in a safe and secure way, without hindrance to usability.
You also have the right to lodge a complaint with the UK’s supervisory body, The Information Commissioners Office www.ico.org.uk
AUTOMATED DECISION MAKING
Sterling Thermal Ltd does not conduct any profiling or automated decision making.
HOW TO CONTACT US
You can write to us at this address:
Sterling Thermal Ltd
Eden House Business Centre, Suite F11, Enterprise Way
Edenbridge, Kent, TN8 6HF
You can telephone us on this number: +44(0)208 7635678
You can email us by using this address: firstname.lastname@example.org
Statement prepared by Derek Mann RISC, MSyl(Dip), CMgr FCMI
Compliance and Privacy Solutions Ltd
v 1.00 12-04-2018
Registered Office 2 Ferndown, Horley, Surrey
Commercial in Confidence