Procare Group Limited Privacy Notice
Procare Group Limited, herein after referred to as ‘Procare’ will only process personal data in a manner that is compatible with the GDPR by striving to ensure we handle personal data fairly, lawfully, sensitively and with justification. Personal data relates to a living individual who can be identified from that data. Identification can be directly from the information alone or indirectly from any other information in the Data Controller’s possession or likely to come into their possession. The processing of personal data is governed by The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679).
2. How we may collect personal data from you
The personal data that we may collect from you includes your name (First name/Last name/Trading name/Company name), Contact and Invoicing address, email address, Contact phone numbers and details, all accounting activities including historical payment information, bank details, company registration numbers and copy correspondence
3. How we may process your personal data:
The Data Controller is the person within our organisation who decides how personal data is processed and for what purposes. The Data Controller is responsible for compliance with our obligations under the GDPR by ensuring personal data is kept up to date, by storing and destroying it securely, by not collecting or retaining excessive amounts of data, by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical security measures are in place to protect personal data. Specifically:
- Processed lawfully, fairly and in a transparent manner
- Collected for specified, explicit and legitimate purposes
- Adequate, relevant and limited to what is necessary
- Accurate and kept up to date
- Retained only as long as necessary
- Processed in an appropriate manner to maintain security
4. Purpose of the processing
We use information about you in the following ways:
- To process orders that you have submitted to us;
- To provide you with services of the Procare Group Limited;
- To comply with contractual obligations, we have with you;
- To help us identify you and any accounts/ contracts you hold with us;
- To enable us to review, develop and improve services;
- To provide customer care, including responding to your requests if you contact us with a query;
- To administer accounts, process payments and keep track of billing and payments;
- To detect fraud and to make sure what you have told us is correct;
- To carry out marketing newsletters all relevant to Procare.
- To review job applications;
- To notify you about changes to our website and services;
- To provide you with information about our services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes; and
- To inform you of service and price changes.
5. Legal basis for processing personal data
Must comply with one of the following conditions:
- Consent of the data subject – must be freely given, specific, informed and unambiguous by clear explicit means.
- Processing essential to the performance of a contract or steps required to enter into a contract such as a contract of employment, processing bank and salary information for payroll purposes.
- Compliance with a legal obligation – complying with the law such as compliance with security screening and vetting, technical accreditations and permits to work.
- When necessary to protect the vital interests of a data subject – such as an emergency or urgent situation with good reason and in the interests of the data subject.
- When necessary in the public interest or exercise of authority vested in the controller. An example would be release of data to the police in the course of a criminal investigation.
- Legitimate interests pursued by the Data Controller – examples would include corporate governance and legal compliance.
6. The independent UK regulator
For data privacy is the Information Commissioners Office (ICO) for more information on GDPR visit – https://ico.org.uk
7. Record of processing
Procare will process personal data for the following purposes;
- Maintenance Services/Projects & Contracts
- Construction Services/Projects & Contracts
- Electrical Services/Projects & Contracts
- Marketing and promoting services
- Managing Accounts
- Personnel Records
- Management of our staff
From time to time the use of CCTV systems to monitor and collect visual images for the purpose of security, prevention and detection of crime, public safety, staff safety.
Processing personal data as a contractual requirement for the purposes of security screening and vetting of staff, partner agencies and their sub-contractors in compliance with:
- Baseline Personnel Security Standard (BPSS)
- Counter Terrorism Check (CTC)
- Security Clearance (SC)
Processing personal data through the use of vehicle tracking devices (Telematics) for the purposes of;
- Safety and legal compliance – to increase driver safety and security, through safer and compliant driving as well as helping ensure the safety and consideration for other road users.
- Operational efficiencies – to provide data that supports operational improvements for example – start and finish times, and engineer availability.
- Vehicle cost efficiencies – to reduce maintenance costs, insurance costs, reduce the likelihood of accidents, and hire costs associated with vehicle downtime etc.
- Environmental – improve fuel efficiency, CO2 reduction, engine idling reduction etc.
Processing personal data using telematics enabled smart devices for the purposes:
- Legal compliance – Statutory Inspections of plant and safety equipment
- Operational efficiencies – to provide data that supports operational improvements for example – start and finish times.
- Productivity – planned and reactive maintenance
- Efficiencies – reduced time to respond and fix
Processing personal data for productivity and efficiency of staff in respect of effective planning and organisation of resources, travel time, overtime and budgetary management.
8. Sharing of personal data
Typical examples where we are required to share data are:
- HM Revenue and Customs
- HM Government Screening and Vetting Unit
- Payroll Bureau
- Clients and customers who restrict access to their sites for security reasons
- Training providers and accrediting bodies
- Travel and accommodation bookings
We also process and share personal data from the following sources as a direct consequence of our business:
- Service partners, suppliers of services and sub-contractors
- Clients and customers
9. How much information is shared
Information is shared on a need to know basis, and only the necessary information is shared
10. How long we keep personal data
Any personal data we collect about you we will keep for the entire duration of the period that you are a customer of Procare Group Limited. We will keep your data only for as long as we need to, in accordance with applicable laws.
Upon termination of our relationship, or the closure of your account, we may retain your data for up to 7 years. We may not be able to delete your data before this time due to our legal and/or accountancy obligations.
We assure you that your personal data shall only be used for the purposes stated herein.
11. Data subject rights and personal data
- The right to request a copy of your personal data which Procare holds about you
- The right to request that the Data Controller corrects any personal data that is found to be inaccurate or out of date
- The right to request your personal data is erased where it is no longer necessary to retain such data
- The right to withdraw our consent to processing at any time – if consent is relied upon as a processing condition
- The right to request that the Data Controller provide the data subject with their personal data and where possible to transmit that data directly to another Data Controller (Data Portability) – only applies where the processing is based on consent or is necessary for the performance of a contract with the data subject and where the Data Controller processes the data by automated means
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing
- The right to object to the processing of personal data – where processing is based on legitimate interests or performance of a task in the public interest/exercise of official authority, and direct marketing
- The right to lodge a complaint with The Information Commissioners Office
12. Transfer of data abroad
Procare do not transfer personal data outside of the European Community.
13. Automated decision making
Procare do not process data solely by automated means.
14. Further processing
If Procare wishes to process your personal data for a new purpose, not covered by this privacy notice, then we shall provide you with a new notice explaining this new issue prior to commencing the processing and setting out the relevant purpose and processing conditions. Whenever necessary we will seek your prior consent to the new processing.
15. Right to be informed
If the personal data is not obtained directly from the data subject, the Data Controller will provide the data subject with the following additional items of information within 1 month of having received their personal data:
- The categories of personal data we are processing
- The source from where the personal data originates and whether it came from publicly accessible sources
16. Key contacts
To exercise all relevant rights, queries or complaints please contact:
- Data Controller – David Williams email@example.com
- Human Resources – Angela Williams firstname.lastname@example.org