The rules around how personal data is protected are changing. As a result of the introduction of the General Data Protection Regulations (GDPR) which take effect from the 25th May, 2018. FS Drainage Services will use your personal data for the purposes of providing our services. Your data will not be shared with any other third parties (unless specifically requested/agreed by yourselves) and the principles of the Data Protection Act 1988 and the forthcoming GDPR will be adhered to. Data will be processed strictly in accordance with the current Data Protection Act in the legitimate interests of completing the work required.
The information we collect from our customers is done so for the sole purpose of enabling us to carry out our core activities as a company; drainage works. As a guide, this will only require us collecting contact information such name, telephone number, email and address, along with the actual problems being experienced on site that require our attendance plus any specific information required in order to make a successful visit, such as access procedures or passes.
This information is collected and processed by FS Drainage Services to create an account for the customer and effectively allow us to log the works requested and the steps we have taken in carrying out those works.
Payment details for the works we undertake may also be taken for billing purposes only, against the works we carry out. This may be invoice details and/or card details for a one-off payment to be made following works that are agreed upon and instructed by the client directly. This information is only kept on file for charges to be made based upon the works we have been instructed to carry out and destroyed immediately after.
We do not foresee any reasonable reason why our works would require the collection or processing of sensitive information from our clients and as such, if we ever receive any such information, we will destroy it immediately.
As per the rights set out in the GDPR, the Data subject has rights regarding the information we hold, however, as the information is directly required in order for us to provide our services, any restriction or erasure of this data may leave us unable to fulfil our part of the contract and any future requests will require collection and processing of the data once again. To request this, data subjects may contact FS Drainage Services by phone or email to enable this.
Data subjects can ask administrators at FS Drainage Services for access to the data we hold that is related to them.
Information can be provided in the form of a csv file upon request.
Data subjects can request the information held is rectified with administrators at FS Drainage Services.
Details of Automated decision making
Data subjects can ask administrators at FS Drainage Services to have their data erased/forgotten from our records. Administrators can then manually delete the information as per their request. This will essentially close the account created for the data subject, preventing us from carrying out any works for them again until a new account is created. It should be noted however, that some information, such as name and address, may still remain on the original Invoices produced following any works we undertaken, within our own financial records.
Normally, the information we collect comes directly from our customers for the explicit purpose of carrying out works or providing them with a quotation to carry out works. Given this setup, we use the lawful basis of contract, concerning our collection and processing of information. The information is only gathered from customers in order to provide a direct service, without which, that service would be impossible to undertake.
As a drainage contractor, we also provide our services to management agencies such as housing associations or their contractors that require us to attend to carry out works on their behalf. In these cases, our direct customer (e.g. the managing agency) will provide us with the information we collect. In this case, we act as ‘Processor’ to the data and use it to carry out our core services. In this instance, as processor, our client is the data controller and should establish the lawful basis for processing from the data subject prior to supplying us with that information.
The information we collect is strictly only used to enable us to carry out our main services. Under no circumstances is this information collected or processed with the intention of marketing our services.
The contact information we collect is used to create an account for the data subject, including a name, contact information and address. The further information we collect, regarding the works the data subject requires of us, is used to enable us to carry out the services we provide and/or provide a quotation for said works.
The email contact provided for each individual job or ‘call’ we raise based on this information is also used by us to send automatic email updates on the works being carried out. If the data subject requiring the works is the one who has requested works with us directly, the email address they provide will be used, however, if it is a company that has instructed us to carry out our works, the email will be sent to their designated email address instead of the end user. In any case, these automatic emails are solely created from the information provided to us by the client and from our engineers once works have been carried out, as well as pictures taken on site showing what was done. The emails themselves are updates on the requested works only and once the updates have been issued no further emails relating to the works carried out will follow from this.
The same system is used to send out quotations prepared by the company to clients. These quotations are
prepared in only two instances:
- The client has requested the quotation be prepared for them
- The quotation has been recommended by one of our engineer, following works being carried out as requested by the client.
Once prepared, these quotations are sent via email to the designated contact to the call (the contact from the previous works we carried out or the contact who has requested the quotation). After this, we have three reminder emails that are used to remind the contact of the quotation, in the event it is forgotten or lost. These reminders are set to send out 10 days, 20 days and 60 days after the initial quotation has been sent, after which no more emails will be sent out regarding this quotation.
These processes for emails do not carry out any kind of profiling and the only automation being used is the sending of the above described emails and possibly the invoices generated following completion of any requested works. All contacts can request these are stopped at any time, in which case, we will use an internal email address so the reports and quotations can still be generated but the email contact will not receive them.
We strictly do not share any information we are provided with any third parties, unless specifically required to enable us to carry out our services, such as providing address, contact details and details of the works required to a sub-contractor carrying out works on our behalf. In any such case, only the absolutely necessary information they require to carry out works is provided.
Internally, the information will be available to those who are required to process the information in order to arrange for a ‘Call’ to be raised and works carried out. When works are being carried out, the information will be shared with our remote engineers via their PDA devices to enable them to carry out works. Once the works are complete, however, this information is removed from their device. How we store and secure information.
Generally, we keep the information we hold indefinitely with the exception of payment details which are destroyed as soon any required payments are made. The information is kept in the form of customer accounts and works history in our office on internal servers accessible through secure logins only. This is generally kept on an indefinite basis to form our works history and allow us to arrange for further works if the client makes a request of us. If the client chooses to not use our services again, this information remains only as a record on our system and is not processed again in any other way.
If the information we have is provided to us via email, this information remains on our email exchange and acts as proof of the request for works being made. This email exchange is password protected and access to certain mailboxes limited to relevant administrators only. Any information stored on our servers, whether in the form of the data subject accounts or in the form of contract relate documents, is once again password protected with firewall/anti-virus software in place to prevent any unauthorised access. The information contained on our internal servers are then further restricted in access to designated personnel only, as necessary to enable them to carry out their function within the company in order for us to provide the core services we provide.
FS Drainage Services will always operate with the aim of fulfilling our requirements of the GDPR and those of the data subjects for who we hold information about. This policy will be supported and enforced from the Director level, through all levels of the company.
The policy is to be routinely reviewed at least annually and revised when necessary, particularly when significant changes in the scale and nature of our operations arise & when changes in legislation occur. Copies of this policy will be provided at induction to all employees & sub-contractors working under our direct control. Copies will always be made available for reference at the company office.
