Privacy Policy
Mrs Catherine Madden (028 3834 8450) is the company’s Data Controller.
The purpose of the processing and the lawful basis for the processing of personal data is listed below for each source of data. The legitimate interests of the controller are given together with details of recipients of the personal data. Data is retained for as long as required during the time you are an employee, customer or supplier.
Data subjects have the right to obtain details of any personal information the company may hold about them within one month of their request. This information will be provided free of charge. Individuals have the right to have personal data rectified if it is inaccurate or incomplete. The company will regularly review the information it processes or stores to identify when it needs to do things like correct inaccurate records.
If consent has been given to the company to obtain the information then there is a right to withdraw consent at any time, where relevant. The data subject also has the right to lodge a complaint with a supervisory authority.
There is no existence of automated decision making, including profiling and information about how decisions are made.
Individuals have the right to be forgotten and can request the erasure of personal data when it is no longer necessary in relation to the purpose for which it was originally collected/processed or the individual withdraws consent.
Individuals have a right to block or restrict the processing of personal data, but the company is permitted to store the personal data, but not further process it.
The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. When this is requested the company will provide the personal data in a structured, commonly used and machine-readable format
When a new employee starts with the company we process certain information including:
Name
Address
Date of Birth
National Insurance Number
P45 Details
Bank Details
This information is passed on to the external accountants who process the company payroll.
Bank details are put into the Danske Bank regular payments template for weekly processing by the bank.
This process is carried out because the company has a legal obligation to obtain this information in order to confirm employment status with HMRC. We have checked that the processing is necessary for the relevant purpose, and are satisfied that there is no other reasonable way to achieve that purpose.
When we collect data from customers when they start renting equipment including:
Name of Business
Customer Name
Business Address
Home Address
Business Telephone Number
Home Telephone Number
Email Address
Model & Serial Number
Amount
Landlord Details
Customer Signature
Customer Bank Details on Direct Debit Mandate
These are entered onto a Rental Agreement form and filed in a lever arch file with an internal reference number for easy access. The details are entered onto company databases to monitor payments received and generate monthly vat invoices, which are emailed to customers.
The Direct Debit Mandate is posted via Royal Mail to the customer’s bank in order that their authority is lodged when we collect payment via Direct Debit, processed through our bank (Danske Bank).
The customer receives a copy of the Rental agreement, along with a copy of the Direct Debit Mandate, and a covering letter from the company stating when the monthly payments will be collected.
This process is carried out because the company has a contractual obligation to obtain this information in order to initiate a Rental agreement with the customer. We have checked that the processing is necessary for the relevant purpose, and are satisfied that there is no other reasonable way to achieve that purpose.
When we collect data from suppliers from their invoices including:
Name of Business
Business Address
Business Telephone Number
Business Email Address
Bank Details
These are filed in a lever arch file in date order after processing on the company’s financial system.
Bank details are put into the Danske Bank payments template for processing by the bank when payments fall due.
This process is carried out because the company has obtained the supplier’s details through a contractual obligation in order to be paid for goods and/or services and issuing an invoice for those goods and/or services. We have checked that the processing is necessary for the relevant purpose, and are satisfied that there is no other reasonable way to achieve that purpose.
When we collect payment from customers via debit/credit card we obtain the following information:
Name of Business
Invoice Number
Amount of Debt
Credit Card Details
Some customers pay for consumables by way of debit/credit card. This can be either over the telephone or in person. Payments in person require the customer to input a PIN number to verify the payment, whilst those paying over the telephone have to orally give us this information. The card machine generates two receipts, one for the customer and one for us the merchant. The company files its copy in a lever arch file in date order after processing on the company’s financial system that the debt has been cleared.
This process is carried out because the customer has a contractual obligation to pay for goods and/or services received in order that the customer may discharge its legal obligation to pay for goods and/or services received from the company. We have checked that the processing is necessary for the relevant purpose, and are satisfied that there is no other reasonable way to achieve that purpose.
We use CCTV to record images in and around our premises to prevent and detect crime:
This information may be shared with Craigavon Industrial Development Organisation (CIDO), the owners of the site where the company’s premises are located, and the Police Service of Northern Ireland (PSNI), for security reasons.
This process is carried out to safeguard the building, employees, and members of the public in the vicinity of our premises. We have checked that the processing is necessary for the relevant purpose and are satisfied that there is no other reasonable way to achieve that purpose.
Accessing customer systems remotely:
We will sometimes need to remotely access a customer’s EPOS system to upload program changes or fix problems with the operation of the equipment. This is done in a strictly professional manner and we do not attempt to gain access to customer data or that held for customer loyalty systems. The security of such data is entirely the responsibility of our customer. Some of this data is kept on the EPOS equipment and some on a Cloud Server located within the EEA.
This process is carried out to ensure the smooth running of our customer’s EPOS systems. We have checked that the processing is necessary for the relevant purpose and are satisfied that there is no other reasonable way to achieve that purpose.
Sharing of information:
We will sometimes arrange for service providers or agents to provide services and process your information on our behalf. We will make sure that these service providers or agents have a duty to keep your information confidential and secure, and that they only process your information as set out in a written contract.
This process is carried out to ensure the efficient running of this company by using specialist service providers for tasks they are better able to carry out. We have checked that the processing is necessary for the relevant purpose and are satisfied that there is no other reasonable way to achieve that purpose.
If you are unhappy with how we have handled your personal information, you have the right to complain to the Information Commissioner’s Office. It has enforcement powers and can investigate compliance with data protection law. You can contact them by writing to:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113