Privacy Notice for Customers
In accordance with the General Data Protection Regulation (GDPR), we have implemented this privacy notice to inform customers and prospective customers of the types of data we process. We also include within this notice the reasons for processing your data, the lawful basis that permits us to process it, how long we keep your data for and your rights regarding your data.
This notice applies to customers.
1. Data Protection Principles
Under GDPR, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:
- Processing is fair, lawful and transparent.
- Data is collected for specific, explicit and legitimate purposes.
- Data collected is adequate, relevant and limited to what is necessary for processing.
- Data is kept accurate and up to date. Inaccurate data will be rectified or erased without delay.
- Data is not kept for longer than necessary.
- Data is processed securely and protected against unauthorised or unlawful processing, accidental loss, destruction or damage.
- We comply with GDPR requirements relating to international transfers of personal data.
2. Types of Data Held
Scan-X Security only holds business data on prospects and customers that is required for our legitimate business interests.
For Customers and Prospects
- Basic business details such as name, address, telephone numbers and email address.
For Customers Only
- Site contact details where required.
- Accounts payable contact information.
- Method statements for performing the tasks you require of us.
- Risk assessments for performing the tasks you require of us.
- Details of equipment supplied by us to support service activities.
- Contract renewal dates where required.
- Dates and times of service visits where required.
3. Collecting Your Data
Customers and prospects provide the above information directly to us.
In some cases, we collect data from credit reference agencies where this is required to provide credit terms.
We may contact you to keep you informed of relevant products or services that may be of interest.
Data is stored on-site on a secure server and is not shared with third parties except as described within this notice.
4. Lawful Basis for Processing
Data protection law allows us to process your data only for certain reasons. In most cases, we process your data to comply with legal obligations or to effectively manage the contract we have with you.
| Activity Requiring Your Data | Lawful Basis |
|---|---|
| Installing security screening equipment | Performance of a contract |
| Servicing security screening equipment | Performance of a contract |
| Renting security screening equipment | Performance of a contract |
| Carrying out credit checks | Performance of a contract |
| Communicating by email | Performance of a contract / Legitimate business interests |
| Communicating by telephone | Performance of a contract / Legitimate business interests |
| Assessing training needs | Legitimate interests |
| Business planning and restructuring | Legitimate interests |
| Managing legal claims | Legitimate interests |
| Preventing fraud | Legitimate interests |
| Maintaining secure IT and administrative systems | Legitimate interests |
5. Special Categories of Data
Special category data includes information relating to:
- Health
- Sex life
- Sexual orientation
- Race
- Ethnic origin
- Political opinions
- Religious beliefs
- Trade union membership
- Genetic and biometric data
We do not process any special category data.
6. Failure to Provide Data
Failure to provide the required data may prevent us from entering into or fulfilling a contract with you.
7. Who We Share Your Data With
Data may be accessed by employees responsible for client and prospect contact, including staff involved in client services, marketing, sales, service and engineering. All such employees have received GDPR training.
Data may be shared with third parties for the following reasons:
- To perform credit checks and arrange leasing facilities.
- As part of a company sale, restructure, or to comply with a legal obligation.
Appropriate data processing agreements are in place to ensure the protection of your data. Third parties are required to implement suitable technical and organisational security measures.
We will not share your data with any other company without your consent and will never sell your data.
We do use a third-party email marketing provider to communicate information about products or services that may be of interest to you.
8. Protecting Your Data
We have implemented appropriate technical and organisational measures to protect your data against accidental loss, disclosure, destruction, misuse or unauthorised access.
9. Retention Periods
We only retain personal data for as long as necessary. This will normally be for the duration of our contractual relationship and, where appropriate, for a period afterwards in line with legal and business requirements.
10. Automated Decision Making
No decisions with a significant impact on you will be made solely through automated decision making without human involvement.
11. Your Rights
You have the following rights regarding your personal data:
- The right to be informed.
- The right of access.
- The right to rectification.
- The right to erasure.
- The right to restrict processing.
- The right to data portability.
- The right to object.
- The right to regulate automated decision-making and profiling.
12. Consent
Where processing is based on your consent, you have the right to withdraw that consent at any time. Once withdrawn, we will stop processing your data for that purpose.
To stop receiving information from us, please email: accounts@scanxsecurity.com.
13. Making a Complaint
If you believe your data protection rights have been breached, you may raise a complaint with:
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113 (local rate)
Telephone: 01625 545 745
14. Data Protection Compliance
Our appointed compliance officer is: