A38 Car Storage General Data Protection Regulation (GDPR)
A38 Car Storage aims to be as clear as possible about how and why we use information about you so that you can be confident that your privacy is protected. This policy describes the information that A38 Car Storage collects when you use our services. This information includes personal information as defined in the General Data Protection Regulation (GDPR) 2016 (and the subsequent UK Data Protection Bill that is expected to be enacted in 2018).
The policy describes how we manage your information when you use our services, if you contact us or when we contact you. It also provides extra details to accompany specific statements about privacy that you may see when you use our website (such as cookies) or with other online presence (such as Facebook or Twitter). In respect of cookies the policy includes information about the type of cookies that we use and how you may disable those cookies.
A38 Car Storage uses the information we collect in accordance with all laws concerning the protection of personal data, including the Data Protection Act 1998 and the GDPR 2016. As per these laws, A38 Car Storage is the data controller; if another party has access to your data we will tell you if they are acting as a data controller or a data processor, who they are, what they are doing with your data and why we need to provide them with the information.
If your questions are not fully answered by this policy, please contact Admin at A38CS If you are not satisfied with the answers from A38CS , you can contact the Information Commissioner’s Office (ICO) https://ico.org.uk.
name: A38 CAR STORAGE Ltd
1. Why do we need to collect your personal data?
The nature of work at A38 Car Storage include vehicle storage. The following is a broad description of the way this organisation/data controller processes personal information. To understand how your own personal information is processed you may need to refer to any personal communications you have received, check any privacy notices the organisation has provided or contact the organisation to ask about your personal circumstances.
We need to collect information about you so that we can:
· Know who you are so that we can communicate with you in a personal way. The legal basis for this is a legitimate interest.
· Deliver services to you. The legal basis for this is the contract with you.
· Process your payment for the services. The legal basis for this is the contract with you.
· Verify your identity so that we can be sure we are dealing with right person. The legal basis for this is a legitimate interest.
· Contact you in case there is an issue with the service we offer you. The legal basis for this is a legitimate interest.
· Optimise your experience on our website. The legal basis for this is a legitimate interest.
· Send you information about offers and sales. The legal basis for this is your consent.
· Provide you with a useful and relevant website. The legal basis for this is legitimate interest.
2. What personal information do we collect and when do we collect it?
For us to provide you with your services, we need to collect the following information:
· Personal details, family details, lifestyle and social circumstances, employment and education details
· Your contact details including a postal address, telephone number(s) and electronic contact such as email address
· Your payment card details
· Details about how you access our website such as the IP address, the browser you use, and which pages you access
We collect this information directly from you. We may also collect information about you from third parties; for example, if we need to gather information from another health professional (such as your Doctor, Solicitor or Local Authority) to provide a complete psychological assessment.
To make sure that you are looked after safely, we record your personal information, such as that mentioned above, as well as all contacts you have with the service.
3. How do we use the information that we collect?
We use the data we collect from you in the following ways:
· To communicate with you so that we can inform you about your appointments with us we
use your name, your contact details such as your telephone number, email address or postal address
· To deliver the correct service to you we use your name, your contact details and the details about the service you are using
· To create your invoice using our accounting package we use your name and address
· To process your payment (through Bacs Payment Schemes Limited (Bacs), cheque or cash)
· To optimise our website so that users can find the information they need
4. Who do we share your personal information with?
Your information is kept confidential within the service at all times and is only shared with staff when they need it to carry out their job. All staff are required to work to strict professional and contractual codes of confidentiality and where possible we will anonymise information so that individual patients cannot be identified.
If we become aware of your intent to cause harm to another person/organisation (e.g. terrorism), the law may require that we inform an authority without seeking your permission. In such a situation, the law may require that I share your personal information without your knowledge.
5. Where do we keep the information?
We keep your information in the stores described below.
5.1. On our company Servers
Data stored electronically is encrypted with restricted access in line with the GDPR.
5.1.1 Your Case Record
We use a server which processes requests and delivers data over a secured network connection. The anonymized case record includes a brief description of your sessions and any correspondence between us and third parties regarding your case.
5.2. As a paper copy
We take hand written notes during vehicle check in.
6. How long do we keep the information?
We will keep the personal information you provide for as long as it is reasonable and necessary for the purpose of the processing. On request, or at seven years after our last contact, we delete by electronic means and destroy paper records by shredding.
7. Who do we send the information to?
We send the paper copy of our invoices to our accountant. The accountant is based in the UK and all their computer systems are in the UK.
8. How can I see all the information you have about me?
You can make a subject access request (SAR) by contacting the Data Controller. We may require additional verification that you are who you say you are to process this request. We may withhold such personal information to the extent permitted by law. In practice, this means that we may not provide information if we consider that providing the information will violate your vital interests. However, there may be a ‘reasonable fee’ when a request is manifestly unfounded or excessive, particularly if it is repetitive. There may also be a reasonable fee to comply with requests for further copies of the same information. The fee may be based on the administrative cost of providing the information.
9. How you can access your information and correct it, if necessary?
A38CS tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘Subject Access Request’ or ‘Right of Access’ under the Data Protection Act and the General Data Protection Regulation. We will then supply to you:
· A description of all data we hold about you
· Inform you how it was obtained (if not supplied by you)
· Inform you why, what purposes, we are holding it
· What categories of personal data is concerned
· Inform you who it could be disclosed to
· Inform you of the retention periods of the data
· Inform you around any automated decision making including profiling
· Let you have a copy of the information in an intelligible electronic form unless otherwise requested.
To make a request to A38CS for any personal information we may hold you need to put the request in writing. We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate, please address these changes to the Data Controller, via ‘How to contact us’.
10. How can I have my information removed?
If you want to have your data removed we have to determine if we need to keep the data, for example in case HMRC wish to inspect our records, or in legal cases that are not yet closed. If we decide that we should delete the data, we will do so without undue delay. Please see further guidance on: https://ico.org.uk/for-the-public/personal-information/
12. Website Security
A38CS website has an SSL certificate. An SSL certificate shows that the data connection to an Internet page is secured with a Secure Sockets Layer (SSL). This ensures that the transferred data cannot be read or modified by third parties. You can recognize the encrypted connection to the lock icon in the address bar of the browser.
13. Complaints or queries
A38CS tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures. If you do have a complaint, contact us as per below.
If you are not satisfied with the response from A38CS or believe we are not processing your personal data in accordance with the law you have the right to raise your complaint with the Information Commissioner’s Office (ICO).
Contact information ICO:
Telephone: +44 (0) 303 123 1113
14. Who we are and how to contact us
A38CS is the company that you are supplying your personal information to. A38CS can be contacted by:
Telephone: 01773 843338