The importance of data security and privacy can never be underestimated. We will only ever request information from you which is relevant to our needs and will never sell, share or use your personal information other than as described within this document.
Who we are: This policy is designed to describe your relationship with DCRS Limited.
DCRS (Direct Communications Radio Services Ltd) is registered in England | Registration number (2102081)
You can get in touch with us via: email@example.com
Telephone: 0800 0432688
Or write to us at: DCRS Limited, 52 Edison Road, St Ives, Huntingdon, Cambs, PE27 3LH
As a business, we will strive to operate in line with GDPR (General Data Protection Regulations) and take those responsibilities seriously.
This document sets out the obligations of DCRS Limited (“the Company”) with regard to data protection and the rights of people with whom it works in respect of their personal data under GDPR.
This Policy shall set out procedures which are to be followed when dealing with personal data. The procedures set out herein must be followed by the Company, its employees, contractors, agents, consultants, partners or other parties working on behalf of the Company.
We will endeavour to maintain your personal rights, allowing the data subject to change or withdraw their consent to use and hold data at any time. We will also provide assistance if you wish to complain to the Information Commissioners Office if you feel your information request has not been addressed in the correct manner.
The Company views the correct and lawful handling of personal data as key to its success and dealings with third parties. The Company shall ensure that it handles all personal data correctly and lawfully.
INFORMATION CLASSED AS SENSITIVE
We do not collect any Sensitive Data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.
WHAT THIS POLICY APPLIES TO
This section describes the lawful basis for processing your data and applies to the information about yourself that you choose to provide us with, or that you allow us to collect. This includes:
SCOPE OF CONSENT
By submitting your personal data, you are affirming your explicit consent for such information to be used in line with our policy.
The consent you give can be withdrawn at any time by contacting firstname.lastname@example.org via the details stated previously.
STORING AND PROCESSING DATA
We will retain any personal data for only as long as necessary to fulfil the initial purposes of collection. In considering the time frame we will take account of the amount of data, nature and sensitivity, the purpose of processing and if it can be done via any other means.
In line with HMRC guidelines, we will retain any customer or supplier information for 7 years after ceasing to trade with DCRS Limited. Data will be held securely in an encrypted and backed-up media. This data may include financial transactions, contact, identity and transaction listings.
Information is held on protected local servers and backed up by our IT provider, who are a recognised IT support services provider. Should you request data to be erased, if there are open transactions then this cannot be completed and will be reviewed when all transactions are complete.
With Suppliers and Customers we only collect the basic information which is relevant to the matter we are dealing with. We may collect:
- Personal details (name, address, email and phone number)
- Financial and bank details
- Business activities
The most common uses of personal data, which will be processed in a legally permitted way may include:
- Providing quotations upon request for our products and services
- Securing a contract between both parties
- Where we need to comply with a legal or regulatory obligation
- Where necessary for our legitimate interests
We will comply with the Data Protection Act 1998 and the GDPR  in the way we use and share your personal data.
Amongst other things, this means that we will only use your personal data:
- Fairly and lawfully
- As set out in the legislation and this policy
- To the extent necessary for these purposes
We will process your personal data ourselves as the data processor. We will take reasonable precautions to safeguard the personal information that you supply.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. We will report any breaches or potential breaches to the appropriate authorities within 24 hours and to anyone affected by a breach within 72 hours.
HOW WE USE YOUR DATA
We use your data to process and manage orders and enquiries, necessary for the performance of the contract and services between us.
With your permission, we will contact you via email or phone. Occasionally we may even send a good, old fashioned letter. We only email business email addresses and will only contact you if:
- You have asked us to; or
- We genuinely believe you have a legitimate need for our services and we deem this to represent a legitimate interest in line with the ICO’s guidance.
If at any point you decide you would prefer us not to contact you, let us know and we won’t.
We may also use your personal data for:
1) Administering any accounts;
2) Processing your bank/credit card details in order to obtain payment;
3) Market research;
4) Our own internal marketing; and
5) Credit reference checks (where appropriate).
We will only use your data where we’re allowed to by law, e.g. carrying out an agreement we have with you, fulfilling a legal obligation, because we have a legitimate business interest or where you agree to it. We do not use your data for automated decision making or profiling.
WHO DATA IS SHARED WITH
We may have to share your data with certain third parties for example:
- Service providers who provide IT and system admin services
- Professional advisors including lawyers, auditors, accountants, insurers
- HM Revenue and Customs and other authorities acting as processors or joint controllers
- Internal within DCRS to other employees, but constantly ensuring data required is used in line with GDPR purposes and significant security is maintained
Where data is shared, we respect third parties to respect the security of your data and use it in accordance with the law. We do not allow any third-party service to use your personal data for their own purposes and only permit them to process data for specified purposes in accordance with our instructions. Data is not shared outside the European Economic Area (EEA).
You are allowed to opt out of consent for holding and using data at any time. Any information then held about you will be deleted promptly (within 14 days in most circumstances).
You have the rights to:
- Request access to the personal data which we hold
- Request data be corrected if you believe it to be incorrect
- Request your personal data to be erased
- Object to personal data being processed
- Request for the processing of your data to be restricted
Should you wish to exercise these rights, please get in contact with us.
Should you wish to access your personal data then there may be a fee if the request is excessive, repetitive or unfounded. There is also the right for the business to refuse access in these circumstances.
We endeavour to provide all information within 30 days of a request, pending sourcing and verifying all data for completeness.
Any amendments to this policy will be advised of in writing to all our clients.
This policy has been approved and authorised by:
Name: Peter Bailey
Position: Managing Director