Acuity Environmental Services Ltd (AES) is a Limited Company. We take our responsibilities as a data controller seriously and are committed to using the personal data, customer data and supplier data we hold in accordance with the law. We take seriously the data held by third parties.
This privacy notice provides detailed information about how we process personal data. Please read it carefully and, if you have questions regarding your personal data or its use, please contact the Data Process Controller on 0121 517 0272.
- TYPES OF PERSONAL DATA WE PROCESS
We process personal data, customer data and supplier data, current and past and future: this can include next of kin, spouse/ partner driving licence details and other individuals connected to or visiting the company.
The personal data we process takes different forms – it may be factual information, images or other recorded information which identifies or relates to a living individual. Examples include:
names, addresses, telephone numbers, e-mail addresses and other contact details;
Interview notes, Application form, academic, disciplinary and other education related records, references, spouse/ partner details
education and employment data;
images, audio and video recordings;
financial information such as bank details
courses, meetings or events attended.
- COLLECTING, HANDLING AND SHARING PERSONAL DATA
We collect most of the data we process directly from the individual or company concerned. In some cases, we collect data from third parties (for example, references, DVLA).
Data held by us is processed by appropriate members of staff for the purposes for which the data was provided. We take appropriate technical and organisational steps to ensure the security of this data about individuals, customers and suppliers, including policies around use of technology and devices, and access to the company systems. We do not transfer data outside of the European Economic Area unless we are satisfied that the data will be afforded an equivalent level of protection.
In the course of business, we share data (including personal data where appropriate) with third parties such as relevant authorities, i.e. HM Revenue and Customs and Department for Work and Pensions, Environment Agency, business to business. Some of our systems are provided by third parties, i.e. hosted databases, website, payroll or cloud storage providers. This is always subject to contractual assurances that data will be kept securely and only in accordance with our specific directions.
We do not otherwise share or sell personal data, customer data or supplier data to other organisations for their own purposes.
- PURPOSES FOR WHICH WE PROCESS PERSONAL DATA
We process personal data to support the Company’s operation:
The selection and employment of an individual
Health Surveillance details to ensure fit for purpose to carry out work duties
Driving licence details to ensure an individual can drive legally a company owned vehicle
Limited spouse/ partner/ family member data for next of kin purposes
Limited spouse/ partner/ family member data to drive a company vehicle
Bank details to ensure payment of salaries
Collection of customer data to conduct business
Collection of supplier data to conduct business
Recording of customer business requirement to access solutions and provide costings
Recording of any Customer contract details
Recording of suppliers’ offerings to give our company solution to carry out work
Marketing to businesses on consent of those companies
The processing set out above is carried out to fulfil our legal obligations. We also expect these purposes to form our legitimate interests.
- HOW LONG WE KEEP PERSONAL DATA
We retain personal data, customer data and supplier’s data only for a legitimate and lawful reason and only for so long as necessary or required by law.
- YOUR RIGHTS
You have various rights under GDPR to access and understand the personal data we hold about you, and in some cases to ask for it to be erased or amended or for us to stop processing it, but subject to certain exemptions and limitations.
You always have the right to withdraw consent, where given, or otherwise object to receiving generic or other communications. Please be aware however that the Company may have another lawful reason to process the personal data in question even without your consent i.e. Police or other law enforcement agencies.
If you would like to access or amend your personal data or have some objection to how your personal data is used, please make your request in writing to the Data Process Controller.
We will aim to respond to any such written requests as soon as is reasonably practicable and in any event within statutory time-limits, which is one month in the case of requests for access to information. We will be better able to respond quickly to smaller, targeted requests for information. If the request is manifestly excessive or similar to previous requests, we may ask you to reconsider or charge a proportionate fee, but only where Data Protection Law allows it.
You should be aware that certain data is exempt from the right of access. This may include information which identifies other individuals, or information which is subject to legal privilege.
- CHANGE OF DETAILS
We try to ensure that all personal data held in relation to an individual is as up to date and accurate as possible. Please notify email@example.com of any significant changes to important information, such as contact details, held about you.
- THIS POLICY
Our privacy notice should be read in conjunction with our other policies and terms and conditions which make reference to personal data, customer data, supplier data including our Health & Safety Policies.
We will update this Privacy Notice from time to time. Any substantial changes that affect how we process your personal data will be notified on our website and to you directly, as far as practicable.
If you believe that we have not complied with this policy or have acted otherwise than in accordance with GDPR, you should notify the Data Process Controller. You can also make a referral to or lodge a complaint with the Information Commissioner’s Office (ICO), although the ICO recommends that steps are taken to resolve the matter with us before involving them.