Chauhan Ltd – General Data Protection Regulation Policy Statement
Version 1.1 May 2018
Chauhan Ltd (Company 07372276) is a family run business who have over 25 years of experience in Information Technology. Based in Coventry, we offer a broad range of technical assistance and services to private individuals and businesses in the Midlands.
The business is run with two trading / brand names, The Geek Guys (www.thegeekguys.co.uk) and Purehosting (www.purehosting.co.uk).
As an essential part of our business, we have to collect and manage customer information. In doing so, we observe the UK Data Protection legislation, and are committed to protecting and respecting customers’ and non-customers’ privacy and rights. Specifically, we act as a “Data Controller” in respect of the information gathered and processed by us, and act in a fair, transparent and accountable manner.
In order that you are reliably informed about how we operate, we have developed this statement, which describes the ways in which we collect, manage, process, and store information about you, in order to provide you with our high level of customer service. This privacy notice also provides you with information about how you can have control over the use of your data.
This document sets out your rights of privacy under the GDPR [General Data Protection Regulation] after 25 May 2018 and how Chauhan Ltd as a company meet the compliancy requirements.
If you have any comments or queries regarding our use of your data, please contact our Data Protection Officer, Jag Chauhan via email at: email@example.com or write to us at:
3 Mercia Village,
Westwood Business Park,
What information do we collect about you?
Under the new GDPR coming into force at the end of May 2018, We are required by law to document what personal information we keep for all customers, whether they are one off or regular clients.
At the time of first contacting Chauhan Ltd, we will take your name, contact telephone number, email address and postal address.
After making subsequent contact, we may need to collect other information such as login details and passwords in order to complete the work required.
All information is retained for a period of up to one working week from the conclusion of one off service provision matters, up to six months from the conclusion of contracted services after which it will be securely destroyed. You do have the right to see any information we keep and you can request that any data be changed or securely destroyed at any point.
We do not use the information for anything other than to contact you regarding the reasons why you first contacted the company.
We will not pass your personal information to any third party unless you have agreed to use one of our external partners which we have pre-qualified.
If you opt out of email marketing you will no longer receive company newsletters.
Please also be advised that when you visit our website(s), cookies will be used to collect information about you such as your Internet Protocol (IP) address which connects your computer or mobile device to the Internet, and information about your visit such as the pages you viewed or searched for, pages response times, download errors etc. We do this so that we can measure our website’s performance and make improvements in the future. You can control this by adjusting your cookies settings. We refer you to our Cookies Policy on our website for more information on this.
How will we use the information?
In general terms, we would need to collect information about you so that we can:
• Provide our services and respond to enquiries
• Deliver requested information to you about our additional services
• Ensure the billing of any procured services and obtain payment
• Process and respond to any complaints
The information that we need for these purposes is known as your “personal data”. This includes your name, home address, email address, telephone and other contact numbers and financial information. We collect this in a number of different ways. For example, you may provide this data to us directly online or over the telephone, or when corresponding with us by letter.
Under the terms of data protection legislation, you have the following rights as a result of using our service and our website (subject to confidentiality, as mentioned above):
(a) Right to be informed
This privacy notice fulfils our obligation to tell you about the ways in which we use your information as a result of you using our services.
(b) Right to access
You have the right to ask us for a copy of any personal data that we hold about you. This is known as a “Subject Access Request”. Except in exceptional circumstances (which we would discuss and agree with you in advance), you can obtain this information at no cost after 25th May 2018. We will send you a copy of the information within 30 days of your request.
To make Subject Access Request, please email or write to our Data Protection Officer, Jag Chauhan, at the details set out above.
(c) Right to rectification
If any of the information that we hold about you is inaccurate, you can contact our Data Protection Officer in writing, via letter or email. Before we can do this, it may be necessary for us to investigate this with you and obtain proof of your identity.
(d) Right to be forgotten
From 25 May 2018, you can ask that we erase all personal information that we hold about you. Where it is appropriate that we comply, your request will be fully actioned within 30 days. Please note that there may be very good reasons why we cannot comply, for instance where we need to hold your file of papers electronically after conclusion of your matter for a statutory period e.g. limitation period. For further information please contact our Data Protection Officer, who will be able to help you and advise you on your case.
You have the right to object to:
• The continued use of your data for any purpose listed above for which consent is identified as the lawful basis for processing i.e. you have the right to withdraw your consent at any time.
• The continued use of your data for any purpose listed above for which the lawful basis of processing is that it has been deemed legitimate.
(e) Right to restrict processing
If you wish us to restrict the use of your data because (i) you think it is inaccurate but this will take time to validate, (ii) you believe our data processing is unlawful but you do not want your data erased, (iii) you want us to retain your data in order to perform subsequent tasks, or (iv) you wish to object to the processing of your data, but we have yet to determine whether this is appropriate, please contact our Data Protection Officer.
(f) Right to data portability
If you would like to move, copy or transfer the electronic personal data that we hold about you to another organisation, please contact our Data Protection Officer.
(g) Rights related to automated decision-making
If you would like to object to automated decision making without any individual involvement, and to the profiling of your data, please contact our Data Protection Officer.
Is the processing of information likely to cause individuals to object or complain?
Chauhan Ltd are not aware of any justifiable reasons that would constitute a legitimate reason for objecting or complaining about the way we process or control information.
How long will we retain information for?
Chauhan Ltd will typically retain information for a period of up to one working week from the conclusion of one off service provision matters, up to six months from the conclusion of contracted services, or six years for employment records. This is due to regulatory reasons and limitation periods in respect of any future claims or complaints and to ensure our business records are adequate to maintain the requisite levels of insurance to protect our clients and non-clients.
None of the information that we collect process or store as a result of our services is transferred outside of the European Union (EU).
Data privacy and security
At Chauhan Ltd, we maintain a comprehensive data management work programme, which includes processes for ensuring that data protection is a key consideration of all new and existing IT systems that hold personal data. Where any concerns, risks or issues are identified, we conduct relevant impact assessments in order to determine any actions that are necessary to ensure optimum privacy.
We also maintain an active information security work programme which seeks to protect the availability, confidentiality and integrity of all physical and information assets. Specifically, this helps us to:
• Protect against potential breaches of confidentiality;
• Ensure all IT facilities are protected against damage, loss or misuse;
• Increase awareness and understanding of the requirements of information security, and the responsibility of our colleagues to protect the confidentiality and integrity of the information that they handle; and
• Ensure the optimum security of our websites.
Questions and comments regarding this Privacy Notice are welcomed, and should be sent to our Data Protection Officer at firstname.lastname@example.org
Alternatively, you can write to our Data Protection Officer at 3 Mercia Village, Torwood Close,
Westwood Business Park, Coventry CV4 8HX if you have any concerns or complaints about the ways in which your personal data has been handled as a result of you using our website.
If we cannot resolve your concerns, you have the right to lodge a complaint with the Information Commissioner’s Office who may be contacted at Wycliffe House, Water Lane, Wilmslow SK9 5AF or https://ico.org.uk