This Privacy Notice explains the types of personal data CIA Fire and Security Ltd. (CIA) may collect about you, the client, when interacting with us. It also explains how we intend to store and utilise the data we hold.
- Who are we?
- What legal bases do we have to process your data?
The General Data Protection Regulations define a number of reasons for which a company may collect and process your personal data, including:
In specific situations, we can collect and process your data with your consent, for example, when you tick a box to receive email newsletters.
Under certain circumstances, we require your personal data to comply with our contractual obligations, for example, if you place an installation order we will require your personal details for directing our engineers to your property to install the specified system.
If the law requires CIA to collect and process your data, we have an obligation to cooperate. For example, CIA may be requested to pass on details of people involved in fraud or other criminal activity affecting CIA to the law enforcement.
Under certain situations, we require your data to pursue our legitimate interests in a way which should reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example, we may use your service history to send you, or make available, personalised offers.
We also combine the purchasing history of many customers to identify trends and ensure we can keep up with demand or develop new products / services.
- What sort of personal data do we collect?
CIA will only hold personal details relevant to your service and maintenance contract. For example, we will collect your name and title, along with billing details to enable us to perform our contractual obligations to you.
- Details of your interactions with us
Our coordinators may:
- Collect notes from their conversations with you, including details of any complaints or comments you make, details of services requested or delivered, and how and when you contact us. This helps us provide you with the best service and to understand how we can improve our service based on your experience.
- Record bank details for any direct debit mandates you complete.
- Gather information using cookies in your web browser.
- Collect technical information about your internet connection and browser as well as the country and telephone code where your computer is located, the associated web pages viewed during your visit, the advertisements you selected, and any search terms you entered.
- When do we collect your personal data?
- When you visit our website;
- When you contact us, by any means, with enquiries, requests, praise or complaints etc.
- When you enter into a contract with us;
- When you engage with CIA on social media;
- When you ask one of our employees to email you information about a product or service;
- When you complete a CIA company form;
- When you have given a third-party permission to share with us the information they hold about you.
- How and why do we use your personal data?
CIA will actively use your personal data to:
- Respond to any of your queries. We may also keep a record of these items to assist with future communication and to demonstrate how we communicated with you throughout. We do this to satisfy our contractual and legal obligations to you, and our legitimate interests in providing you with the best service.
- Keep you informed, by email, about relevant services including new products, industry news and company updates. This will require your consent, which you reserve the right to withdraw at any time by contacting CIA by telephone, email or in writing.
- Send you communications required by law or that are necessary to inform you about changes to the services we provide. For example, updates to this Privacy Notice and legally required information relating to your orders. These service messages will not include any promotional content and do not require prior consent when sent by email or text message. If we do not use your personal data for these purposes, CIA would be unable to comply with our legal obligations.
- Develop, test and improve the systems, services and products we provide you. We will do this on the basis of our legitimate business interests.
- Comply with our contractual and legal obligations to share data with law enforcement.
- Combining your data for personalised direct marketing
We would like to bring you offers and promotions that are most relevant to your interests at particular times. To help us develop a better understanding of you as a customer, we combine your personal data gathered across our business as described above.
- How we protect your personal data
We know how much data security matters to all our customers. With this in mind we will treat your data with the utmost care and take every appropriate step to protect it.
We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business purpose. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you, and any applicable regulator, of a suspected data security breach where we are legally required to do so.
We regularly monitor our system for possible vulnerabilities and attacks.
- How long will we keep your personal data?
Whenever we collect or process your personal data, we will only retain it for as long as is necessary for the purpose for which it was collected.
- Who do we share your personal data with?
We sometimes share your personal data with trusted third parties. They provide an integral part of the service we provide to you and support our business operations. Examples of the kind of third parties we work with are:
- Alarm monitoring centres that provide alarm notification support;
- IT companies who support our website and other business systems;
- Direct marketing companies who help us manage our electronic communications with you.
We may also be required to disclose your personal data to the police or other enforcement, regulatory or Government body, in your country of origin or elsewhere, upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our customers into consideration.
Here’s the policy we apply to those organisations to keep your data safe and protect your privacy:
- We provide only the information they need to perform their specific services;
- They may only use your data for the exact purposes we specify in our contract with them;
- We work closely with them to ensure that your privacy is respected and protected at all times;
- If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
- What are your rights over your personal data?
Under the General Data Protection Regulations, you have the right to request:
- Access to the personal data we hold about you, free of charge in most cases;
- That we stop using your personal data for direct marketing (either through specific channels, or all channels);
- That we stop any consent-based processing of your personal data after you withdraw that consent;
- Review by an employee of any decision made based solely on automatic processing of your data (i.e. where no human has yet reviewed the outcome and criteria for the decision).
- The correction of your personal data when incorrect, out of date, or incomplete. For example, when you withdraw consent, or object and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end.
You have the right to request a copy, at any time, of any information CIA holds about you and to have that information corrected if it is inaccurate. To request your information, please contact our Data Protection Officer (DPO), Joanne Harrison.
To ask for your information to be amended, please contact our Servicing Department.
If we choose not to action your request, we will explain to you the reasons for our refusal.
- Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
- Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
- Direct marketing
You have the right to stop the use of your personal data for direct marketing activity through all channels or selected channels. We must always comply with your request.
- Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
- How can you stop the use of your personal data for direct marketing?
There are several ways you can stop direct marketing communications from CIA:
- Click the ‘unsubscribe’ link in any direct marketing email communication that we send you. We will then stop any further direct marketing emails.
- Please email your request to firstname.lastname@example.org or write to CIA.
Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.
- Contacting the Regulator
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made regarding the use of your personal data, you have the right to register a complaint with the Information Commissioner’s Office.
You can contact them by calling 0303 123 1113 or go online to www.ico.org.uk/concerns (opens in a new window; please note we cannot be responsible for the content of external websites).
- Any questions?
If you have any questions that have not been covered, please contact our DPO either by email, post or telephone:
Joanne Harrison (Data Protection Officer)
CIA Fire and Security Ltd
82C Chesterton Lane
Telephone: 01285 651025