ATCL (GDPR ) Data Protection Policy 2018
In this Policy document dated 7/4/2018 the customer is referred to as ‘you’ or Your & our Company as ‘us’.
Your data: how it is collected, stored and used.
Any data collected by us is for the purpose of satisfying your request for us to do the work requested by you, ‘You’. We will need your full name, address and full invoice details for work to be carried out for ‘you’. This data will never be passed on to a third party unless it is for the purpose of debt collection, in which case we will inform you first, prior to ‘us’, instructing a third party debt collection service to act on our behalf to collect a debt not settled by ‘you’ If you wish for the details NOT to be passed on to the debt collection agency, you must make payment in full. Any dispute on your part must then be given in writing and will then be dealt with by ‘us’, If you are not satisfied with the outcome then you will need to take your own legal advice in getting this dispute rectified.
Invoicing & Job sheets
All data collected will be used solely by us for the purpose of entering the details of your requested work onto our online diary and to raise a job sheet for our engineers to successfully carry out their daily tasks. Following this, we will also create an invoice or a receipt for the work carried out by ‘us’. All details collected by us are filed away for 6 years as per the requirements from HMRC, (Her Majesty’s Revenue & Customs) law.
All the data collected by us is kept in our online accounts software, “Xero”, accessible on our computers which are password protected. “Xero” is also password protected and only accessible by our staff. Passwords are changed frequently and whenever a staff member leaves the company. All computers are locked in our business premises which are not open to the public. Visitors are allowed by appointment only and are not left alone at any time.
Any data relating to key copying is either stored on physical documentation, which is filed away in a locked cabinet within the business premises, accessible by our staff only. If it is a master suite, then an encrypted key file is produced (example)by Mul-T-Lock UK Ltd. which is sent to us as an encrypted file via email. This can only be read by our key duplication machine, which is uploaded via a USB removable storage device as the key machine is partnered with a PC. This key machine is also locked via a ‘Secured Section Key’ so it can not be copied by anyone other than the machine’s manufacturer and the machine can not be used unless the key is inserted. The PC is also password protected and not connected to the internet. Both machines are kept in a separate part of the business premises which are in a locked room and are solely used for the purpose of duplicating keys only.
Credit card payments
Credit card payments are made via our online Barclaycard payment service. No details are recorded, besides being taken verbally over the phone and entered directly into the Barclaycard payment system while ‘you’, are on the phone. No data relating to this payment are taken or kept by ‘us’.
At the moment no data is or will be disposed of and will be kept filed away at our business premises. If you require any data to be returned to you, then you may request this to be sent to you at your own costs. If you would like your data disposed of, please advise which data, if not all data, is to be disposed of and your preferred method of disposal, which will be arranged for you. All costs incurred are chargeable and payable by ‘you’. Please note that if key duplication details and files are disposed of for you, you will be unable to get your keys duplicated in future.
End of Policy.