Privacy Policy

GDPR Policy (May 2018) 1 Data Privacy Notice GDPR (General Data Protection Regulation) Compliance Policy for TUFF Security Ltd
The General Data Protection Regulation (GDPR) demands greater accountability and transparency from organisations about how they collect, process and store personal information. This compliance policy sets out our commitment to data protection and individual rights and obligations about personal data.
Data Protection Officer Tuff Security has appointed Rob Flowers – Operations Director as our Data Protection Officer. He is the person responsible for overseeing data protection strategy and implementation to ensure compliance with GDPR requirements. Personal Data Personal data, including digital data, relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the ‘GDPR’) Data Controller: ‘Tuff Security is the body that determines the purpose and means of the processing of personal data. We only ask for data that is strictly necessary to carry out our services. Tuff Security will identify what personal data is required, processed and for what purposes. Appropriate safeguards are in place to protect your data from being misused and to protect your data privacy. Processing of personal data will be processed in a manner that ensures appropriate security of the personal information. Personal Data will be processed according to the following data protection principles: • Tuff Security processes personal data lawfully, fairly and in a transparent manner • Tuff Security collects personal data only for specific, legitimate purposes • Tuff Security processes personal data only where is adequate, relevant, limited to what is necessary for processing. • Tuff Security keeps only accurate and up to date personal data and will take all reasonable steps to ensure that inaccurate personal data is rectified without delay. • Tuff Security keeps personal data no longer than necessary. Data will be deleted when it is no longer required. 2 • Tuff Security adopts appropriate measures to make sure that personal data is secure and protected against unauthorised or unlawful processing and accidental loss, destruction, or damage. Processing Personal Data All personal data held by Tuff Security is securely stored. All digital data is stored with password protection and is encrypted at rest and in transit. This personal data is only accessible by Tuff Security Staff. All Tuff Security staff have undergone Police and Security Screening checks in line with BS7858 and have completed the National Security Inspectorate (NSI) General data protection regulation (GDPR) training course for NSI compliant companies. Personal data is only processed where ‘necessary’ to fulfil a legal obligation, contractual agreement, via consent or for legitimate interests Reasons for collecting and processing your personal data: Employees including sub-contractors and potential employees • For staff administration, to manage our employees and sub-contractors • For legal obligations relating to employment law and National Security Inspectorate (NSI) & ACPO (Police) Compliance for security screening and police checks. • to review job applications Customers and Suppliers • To maintain our trading relationship and for the provision of products and services o to process orders that have been submitted to us o to provide you with products and services o to comply with contractual obligations we have with your to help us identify you and any accounts you hold with us o to enable monitoring of your alarm with keyholder and or police response. o to update you of alarm activations and any issues relating to your system o to offer keyholder response • Where we need the information to perform the contract, we have entered into with you; • Where we need to comply with a legal obligation; or • Where we need your information because it is in our legitimate interests (or those of a third party) to use it and your fundamental rights do not override those interests. • To inform you of service and price changes. Product Supply and Provision When you buy a product or service from us, we will process your data for administration, billing, support and the provision of products and services. We may also share your data with our suppliers, Alarm receiving centres, couriers and other parties required for us to supply and ship products and services to you. Alarm receiving centre (ARC) For all our customers with a monitored alarm system with keyholder and police response the personal data of keyholders is shared with our ARC. As a Data Controller Tuff Security only shares the information that is ‘necessary’ to provide monitoring services with 3 of our ARC. We use the UK and Europe’s leading alarm monitoring company. their GDPR Policy can be accessed here: https://www.ccs.utc.com/ccs/en/worldwide/privacy-policy/ Individual rights as a data subject, you have several rights about your data. You as an individual have the right to make a Subject Access Request. Should you do this we will tell you within 1 month: • Whether your data has been collected and how it will be processed. • Allow you to request that your information be changed if it is incorrect or incomplete. • Ask for your data to be erased from our records if we do not have a lawful basis for continuing processing. • Restrict the processing of your information until you can confirm that it can be further processed unless Tuff Security have a lawful reason to continue processing. • Request the data in a portable format to share with a 3rd party. • You have the right to object to your data being processed in a particular way. • Your right to complain to the Information Commissioner if you think Tuff Security has failed to comply with your data protection rights • Whether or not we carry out automated decision making, and the logic involved in any such decision-making. Rights about automated decision making and profiling – check to make a subject request please send an email addressed to Rob Flowers via the following email info@Tuff Securityuk.com International Transfers Tuff Security will not transfer personal data to countries outside the EEA. Visitors to our website: In using our website, if you choose to contact us and submit your data to us this data will be processed for our legitimate interest. It is in both of our interests to process this personal data to manage your enquiry. Social media Our website contains links to our social media pages. Any information you provide to us via social media (including messaging, “liking”, “following” and other communications) is controlled by the social media network. We currently use a) Facebook, which has its privacy notice that can be located at https://www.facebook.com/privacy/explanation; b) Twitter, which has its privacy notice that can be located at https://twitter.com/en/privacy; 4 We recommend that you read their privacy notices and contact them directly if you have any concerns regarding their use of your data. For further information on GDPR please refer to the ICO website https://ico.org.uk/ Signed: Robert Flowers Date: 25/05/2018 Name: Robert Flowers Position: Operations Director

To secure your home or business, contact us to find out more.