This policy was last updated on Wednesday 23rd May 2018.
Gracelands Complete Maintenance Services Ltd (Gracelands CMS) is an Approved property maintenance contractor to several local authorities and social housing organisations. We currently employ between 40 and 50 staff.
For the purpose of the General Data Protection Regulations, the Company acts as both Data Controller and Data Processor.
When telephoning our office, you may be asked to provide your name, address, contact telephone numbers and details of the works we have programmed, or which you ask to be quoted for. Existing customers may be asked to confirm that information we are currently holding is correct.
When emailing us directly you will typically provide your name, address and contact telephone numbers, as well as your email address. The content of your email will depend upon the nature of your enquiry or feedback on the service we have delivered.
Visiting our offices
When visiting our offices, you will be captured on our CCTV and intruder alarm system. CCTV recordings are retained for a period of three months after which time they are overwritten.
Why does Gracelands CMS collect and store personal data?
To enable us to provide you with the service you require we need to collect personal data for correspondence between us, and to enable us to schedule the agreed works. In so doing, we are committed to ensuring that the information collected and used is appropriate for this purpose, and does not constitute an invasion of your privacy.
Gracelands CMS does not use information for marketing purposes. Should it choose to do so, you will be contacted to obtain your consent.
We may, as part of our quality assurance and training, record telephone calls.
Your rights as a Data Subject
- Right of access: you have the right to request a copy of the information that we hold about you.
- Right of rectification: you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten: in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing: where certain conditions apply you have a right to restrict the processing of your personal data.
- Right of portability: you have the right to have the data we hold about you transferred to another organisation.
- Right to object: you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling: you also have the right to be subject to the legal effects of automated processing or profiling.
- If you feel your rights have been breached, you have the right to complain direct to our management team at email@example.com or, to the Information Commissioner’s Office through their website ico.org.uk
How we use your Personal Data
Gracelands CMS will process (collect, store and use) the information you provide in a manner compatible with the EU’s General Data Protection Regulation (GDPR). We will always endeavour to keep your information accurate and up to date, and we will not keep it for longer than is necessary.
Gracelands CMS is required to retain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices. Personal data may be held in addition to these periods depending on individual business needs.
We collect and process your personal data to:
- Enable us to deliver the services for which we are contractually bound by our customers.
- Perform contractual obligations, such as processing customer works orders, planning and executing the agreed works.
- Improve the services we offer to our commercial and private customers.
- Conduct statistical analysis to formulate our organisational strategies and business plans.
Any third party that we may share your data with is equally obliged to keep your personal data secure, and to use it only to fulfil the service for which they have been formally engaged. Once the service has been delivered in full, your data will be removed by the third party in accordance with ours, and our local authority customer’s procedures.
In delivering our services to you, should it become necessary for us to pass sensitive personal data to a third party, we will only do so once we have obtained your consent; unless we are legally required to do so.
We may also pass your personal data to external agencies, including law enforcement agencies, to help prevent unlawful activities.
- Users of our systems can only access them with a unique username and password.
- Users can only access information for which they have been assigned permission, and as appropriate to their job role.
- Data is secured securely on Microsoft 365 Cloud servers and is subject to the technical processes, systems and safety protocols implemented by Microsoft.
- Data is backed up during the day, and at the end of each day to safeguard against loss or corruption.
- Gracelands CMS does not retain card payment data. Specialist trusted providers are used for the processing of card payments and card details are encrypted.
In addition to the above measures, the management team at Gracelands CMS has undergone bespoke GDPR training and continues to deliver induction training to employees on GDPR compliance and the importance of keeping your data safe.
That said, whilst we take all reasonable measures to protect your personal data, we cannot 100% guarantee its security. Should you have any specific concerns, please contact us at firstname.lastname@example.org or call our offices on 020 8502 2250 and ask to speak to a Company Director.
T: 020 8502 2250
Any use or reproduction of this website or any of its components is strictly prohibited without the prior written permission of Gracelands CMS.
Whilst great care has been taken to ensure that the information on this website is accurate, information is subject to change without notice.