Privacy Policy: Rupert’s Mobile Phones (Southport) Ltd
Policy Last Updated 26 Sep. 18
Introduction
Rupert’s Mobile Phones (Southport) Ltd understands your concerns over the privacy of Personal Data you may provide to us as part of our day to day dealings with you. We will only collect and use information in ways that are useful to you and in a manner consistent with your rights and our obligations under the law.
This policy provides you with information about what types of information are collected, retention periods and other elements to comply with the EU Wide – General Data Protection Regulation and the UK’s Data Protection Bill 2018.
If you have any questions about this Privacy Policy or our treatment of your Personal Data please contact us using the details given below.
If you are dissatisfied with this response you may request that your complaint be escalated, in which case it will be escalated to The Managing Director who will review your complaint and the initial response and provide a further response within 28 days of your request to escalate the matter.
If we are unable to resolve your complaint, you may make a complaint to the Information Commissioner’s Office (if based in the UK, otherwise to your local Supervisory Body). Please see https://ico.org.uk/for-the-public/raising-concerns for more information.
Whilst this privacy policy sets out a general summary of your legal rights in respect of your Personal Data, this is a complex area of law and this privacy policy is not intended to represent legal advice. More information about your rights in respect of your Personal Data can be found on the Information Commissioner’s website at https://ico.org.uk/for-the-public
Who we are
- Rupert’s Mobile Phones (Southport) Ltd
Southport
Merseyside
PR8 4SX - Informal Data Co-ordinator: Mr R. Paton
- 07947472846
- rupert@rupertsmobiles.co.uk
Key Terms
The following terms are used or referred to in this privacy notice – as such it helps to be familiar with these core terms (amended version based on GDPR – Article 4): –
- ‘Data Subject’ – The individual about who the data is held (you, or your employees in the case of a Company who have asked us to provide services on their behalf)
- ‘Data Controller’ – company/individual that determines the purposes and means of the processing of personal data (typically this refers to us when we market to you, and your employer when they provide personal details about you)
- ‘Data Processor’ – Company/Individual which processes personal data on behalf of the controller. This is typically a company that provides services to your employer e.g. IT company.
- ‘Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes signifies agreement to the processing of personal data relating to him or her. This is typically used by us to provide marketing services to you.
How and Where we store your data
We only keep your data for as long as we need to in order to use it as described in this policy, typically per statutory requirements/ and or as long as you are an active client.
Data security is of great importance to Us, and to protect your data, We have put in place suitable physical, electronic and organisational procedures to safeguard and secure data your personal data.
Some examples of steps we have taken to secure your data include (but are not limited to) :-
- Physical access control. Office access limited to approved personnel. PII Records kept in locked filing cabinet.
- Secure destruction of worksheets containing PII.
Data Retention Policy
We only keep your data for as long as we need to in order to use it, and/or for as long as we have your permission to keep it. In any event, We will conduct an annual review to ascertain whether we need to keep your data. Your data will be deleted if we no longer need it in accordance with the terms of our Data Retention Policy.
Some of your personal data will need to be kept to meet either contractual or legal requirements – please contact us if you have any detailed queries.
| Personal Data | Retention Period |
| Client Contact Details | 6 Years |
| Client Payment Details | 1 Year |
| Staff Contact Details | 2 years after employment ceases |
| Staff Identity Documentation (Right To Work) | 2 years after employment ceases |
| Staff Personnel File (disciplinary, holiday records etc) | 6 Years after employment ceases |
| Application forms and interview notes (unsuccessful Applicants) | 1 Year |
| Staff Payroll Information | Current tax year + 6 |
| Time Sheets/Cards | 2 Years after audit/approval |
| Retirement Benefits Schemes – records of notifiable events | 6 years after scheme year of event |
| Maternity Pay Records | Maternity tax year + 3 |
| Staff Accident Books & Records (general) | 3 years after last entry |
| Staff Accident Records involving COSHH, Asbestos, Lead or Ionising Radiation | 50 years (or age 75) |
| Vehicle Logs (where details of personal journeys included) | 6 years |
The information we collect and the reasons why
Personal Data is anything which identifies you as an individual, either on its own or by reference to other information. If you are engaging with us to provide services this also applies to any information you share with us.
In some cases, the collection of data may be a statutory or contractual requirement, and we will be limited in the products and services We can provide you without your consent for Us to be able to use such data.
We collect data from you in order to be able to provide you with our Mobile Phone & associated accessories sales & repair services.
Our Website
We have a website which also collects details about you including your IP address and we may also use a technical feature called a cookie to record your visits.
We will only use your personal data for providing and managing access to our website, providing a sales service and if appropriate, tailoring your experience whilst visiting.
What Cookies Do We Use and What For?
Our Site may place and access certain first or third party Cookies on your computer or device. First party Cookies are those placed directly by Us and are used only by Us. We use Cookies to facilitate and improve your experience of Our Site and to provide and improve Our services. For more details, please refer to the appropriate sections. We have carefully chosen these Cookies and have taken steps to ensure that your privacy is protected and respected at all times.
Our Site uses analytics services provided by Google. Website analytics refers to a set of tools used to collect and analyse usage statistics, enabling Us to better understand how people use Our Site. This, in turn, enables Us to improve Our Site and the services offered through it. You do not have to allow Us to use these Cookies, as detailed below, however whilst Our use of them does not pose any risk to your privacy or your safe use of Our Site, it does enable Us to continually improve Our Site, making it a better and more useful experience for you.
The analytics service used by Our Site uses Cookies to gather the required information. Certain of these Cookies may be placed immediately when you first visit Our Site and it may not be possible for Us to obtain your prior consent. For information on removing such Cookies please visit https://www.aboutcookies.org/ and/or http://www.aboutcookies.org.uk/managing-cookies
The analytics service(s) used by Our Site use(s) the following Cookies:
Google Cookies: _ga, _gid, _gat_
You may opt out of Google Cookies globally at https://tools.google.com/dlpage/gaoptout
You can choose to enable or disable Cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all cookies or only third party cookies. By default, most internet browsers accept Cookies but this can be changed. For further details, please consult the help menu in your internet browser or the documentation that came with your device.
You can choose to delete Cookies at any time however you may lose any information that enables you to access Our Site more quickly and efficiently including, but not limited to, login and personalisation settings.
It is recommended that you keep your internet browser and operating system up-to-date and that you consult the help and guidance provided by the developer of your internet browser and manufacturer of your computer or device if you are unsure about adjusting your privacy settings.
Marketing
We will market to existing customers where the information/notification is related to existing services only.
For sales related marketing activities – we will require consent and for you to take an affirmative action, furthermore you will have the option to opt-out (unsubscribe at any point). As per your rights – you may also object to direct marketing and we will cease all related activities (unless they impact our ability to deliver our contracted services to you – if you are an existing customer).
We will also market to you in relation to services and products we offer, where we have a commercial agreement/contract with you.
Data Processing where we are the Data Controller
Lawful Basis
Any personal data that is collected/processed must be processed in a lawful manner, this section informs you of the basis we have selected.
There are two types of personal data, standard data like names/addresses etc, as well as special categories of data which includes medical/biometric etc – to process this type of data we need to meet an additional legal basis.
Personal Data
We process the following personal data where the lawful basis is Consent where the documented purposes of processing is marketing : –
- Name & Contact Details
We process the following personal data where the lawful basis is Performance of a Contract where the documented purposes of processing are to provide mobile phone products and associated services : –
- Name & Contact Details
- Phone Details
- Payment Details
We process the following personal data where the lawful bases are is Legitimate Interests & Legal Obligation where the documented purposes of processing are related to staff employment & payroll : –
- Name & Contact Details
- Banking Information
- Identity Documentation to prove UK Right To Work (This may include items falling within Special Categories of Data)
- Operational Staff Documentation, including accident records which may contain sensitive, Special Category PII, as listed in the retention schedule.
Data Sharing (where we are the Data Controller)
In certain circumstances We may be legally required to share certain data held by Us, which may include your personal information, for example, where We are involved in legal proceedings, where We are complying with the requirements of legislation, a court order, or a governmental authority. We do not require any further consent from you in order to share your data in such circumstances and will comply as required with any legally binding request that is made of Us.
We may contract with third parties to supply products and/or services to you on Our behalf. These may include payment processing, delivery of goods, advertising and marketing. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, We will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, Our obligations, and the obligations of the third party under the law.
We will only share data with the third parties listed below and it is to enable us to provide our services as previously described.
- Data Backups encrypted at rest & whilst in transit. Data may be stored in encrypted form outside of the EU under the EU-US Privacy Shield Framework.
- Email Hosting provided by Heart Internet via The Duncan Reid Consultancy. CH44 5TN.
- Website Hosting provided by Heart Internet via The Duncan Reid Consultancy.
- Your data may be visible to our professional advisors (eg Accountants) or for audit purposes.
If we decide to change the services under our control & influence which process personal data we will request authorisation in advance (where required for that lawful basis) and undertake a DPIA if appropriate.
What Happens If Our Business Changes Hands?
We may, from time to time, expand or reduce Our business and this may involve the sale and/or the transfer of control of all or part of Our business. Data provided by users will, where it is relevant to any part of Our business so transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use the data for the purposes for which it was originally collected by Us.
In the event that any of your data is to be transferred in such a manner, you will be contacted in advance and informed of the changes.
Your rights
As an individual you have rights associated with your data :-
- Right of access by the data subject . You (the data subject) shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and related information.
- Right to Rectification – from the controller without undue delay the rectification of inaccurate personal data concerning him or here
- Right to Erasure – the right to obtain from the controller the erasure of personal data concerning him or her without undue delay – subject to suitable grounds.
- Right to Restriction of Processing– the right to obtain from the controller restriction of processing where certain rules apply
- Right to notify any recipients – where share data with in relation to the Articles 16,17 and 18 above.
- Right to data portability – to receive personal data concerning him/her which they have provided to a controller
- Right to Object – on grounds relating to his/her situation
- where the lawful basis is legitimate interests.
- applies to direct marketing purposes.
Changes to Our Privacy Policy
We may change this Privacy Policy as we may deem necessary from time to time, or as may be required by law. Any changes will be immediately posted on our website & within our terms of engagement documentation and you will be deemed to have accepted the terms of the Privacy Policy on your first use of our services following the alterations.
This policy is © TDRC & Rupert’s Mobile Phones (Southport) Ltd. Unauthorised reproduction is not permitted. Creation Date: 26th September 2018