Building Services Management Ltd (BSML) are committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data we collect from you, or that you provide to us and how it will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
This policy applies to:
The head office of BSML
All staff and volunteers of BSML
All contractors, suppliers and other people working on behalf of BSML
It applies to all data that the company holds relating to identifiable individuals, even if that information technically falls outside of the Data Protection Act 1998. This can include:
- Names of individuals
- Postal addresses
- Email addresses
- Telephone number
Collecting and processing data
We may collect data from you, this may arise from you filling in forms or by corresponding with us by phone, e-mail or otherwise. This includes information you provide, when you change/update your personal details, contact preferences etc. and when you report a problem with our site. The information you give us may include your name, address, e-mail address and phone number and financial information.
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
- Internal record keeping.
- We may use the information to improve our services.
- We may periodically send promotional emails about special offers or other information, which we think you may find interesting using the email address which you have provided.
- For health and safety purposes.
Subject access requests
All individuals who are the subject of personal data held by BSML are entitled to:
- Ask what information the company holds about them and why.
- Ask how to gain access to it.
- Be informed how to keep it up to date.
- Be informed how the company is meeting its data protection obligations.
If an individual contacts the company requesting this information, this is called a subject access request.
Subject access requests from individuals should be made by email to the Director at email@example.com
The director will always verify the identity of anyone making a subject access request before handing over any information.
Along with our business and internal computer systems, our website is designed to comply with the following national and international legislation with regards to data protection and user privacy:
• UK Data Protection Act 1988 (DPA)
• EU Data Protection Directive 1995 (DPD)
• EU General Data Protection Regulation 2018 (GDPR)
This site’s compliance with the above legislation, all of which are stringent in nature, means that this site is likely compliant with the data protection and user privacy legislation set out by many other countries and territories as well. If you are unsure about whether this site is compliant with your own country of residences’ specific data protection and user privacy legislation you should contact our data protection officer (details of whom can be found at the end of the policy.
Should you choose to contact us by email link on our website, none of the data that you supply will be stored by this website or passed to / be processed by any of the third party data processors. Instead the data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet. The email content is then decrypted by our local computers and devices.
How we store your personal information
We do not store any of your information on our website.
When data is stored on paper, it should be kept in a secure place where unauthorised people cannot see it. These guidelines also apply to data that is usually stored electronically but has been printed out for some reason:
- When not required, the paper or files should be kept in a locked drawer or filing cabinet.
- Employees should make sure paper and printouts are not left where unauthorised people could see them, like on a printer.
- Data printouts should be shredded and disposed of securely when no longer required.
When data is stored electronically, it must be protected from unauthorised access, accidental deletion and malicious hacking attempts:
- Data should be protected by strong passwords that are changed regularly and never shared between employees.
- If data is stored on removable media (like a USB, CD or DVD), these should be kept locked away securely when not being used.
- Data should only be stored on designated drives and servers, and should only be uploaded to an approved cloud computing services.
- Servers containing personal data should be sited in a secure location, away from general office space.
- All servers and computers containing data should be protected by approved security software and a firewall.
About our website’s server and website
- Our website is protected and we do not have any identifiable data on our website.
- We do not use Google Analytics on our website.
- We have a SSL certificate for our website.
The right to be forgotten
All individuals who are the subject of personal data held by BSML are entitled to ask to be completely forgotten and for all their data to be removed from our records.
We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
The data controller of this website is: Building Services Management Ltd, (Company Registration No 5783474)
Whose registered office is: 153 -155 London Road, Hemel Hempstead, Hertfordshire, HP3 9SQ
And whose operating office is: Ltd, Unit 1, The Harness Room, Whitehouse Business Centre, Gaddesden Row Hemel Hempstead HP2 6HG
Data protection officer
The Data Protection Officer in our office is Mr Daniel Price, firstname.lastname@example.org
- 18 May 2018