Privacy notice
Who we are
When we say ‘we’, ‘us’ or ‘our’, we mean Longwall Security Ltd, company registration no: 8690329, registered office: Suite I, Windrush Court, Abingdon Business Park, Abingdon OX14 1SY, United Kingdom.
Data controller versus data processor
For the purpose of data protection legislation, in respect of data we collect from you, we are the ‘data controller’. This means that we determine what personal data is collected, how this data is used and how it is protected.
In respect of data provided to us by a third-party organisation acting on our behalf e.g. a reseller or vendor, we would not act as a data controller; instead, we act as a data processor. Insofar as we act as a data processor rather than a data controller, this policy shall not apply. Our legal obligations as a data processor are instead set out in the contract between us and the relevant data controller. In these circumstances, you should refer to the privacy policy of the third-party.
Personal data
‘Personal data’ refers to information relating to an identified or identifiable living person. For example, this information could be your name, address, telephone number.
The lawful basis for collecting your personal data
Under the UK General Data Protection Regulation (GDPR) we must be able to demonstrate a lawful basis for collecting and using your personal data. We will only use your personal data when the law allows us to; this includes, among other things:
- where we have your consent;
- where processing is necessary for the preparation and/or performance of a contract with you;
- where we need to comply with a legal obligation to which we are subject;
- where we have a legitimate interest to process your personal data, and where the processing of that data is both necessary and is not overridden by your interests, rights or freedoms.
The collection of personal data
The personal data we collect from you will be for one or more of the following purposes:
- to provide you with information that you have requested about our products and/or services;
- to initiate and complete commercial transactions with you, or the entity that you represent, for the purchase and/or sale of products and/or services;
- to fulfil a contract that we have entered into with you, or the entity that you represent;
- to manage any communication between you and us;
- to process a job application or enquiry;
- to ensure the security and safe operation of our websites and underlying business infrastructure.
The table at the end of this policy details the various categories and types of personal data we collect and the lawful basis for processing this data.
Keeping your personal data up to date
We have a responsibility to keep your personal data accurate and up to date. Please tell us if your details change.
Retaining and deleting your personal data
We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected. In general, your personal data will be retained for as long as you have a relationship with us. Thereafter, for a maximum of six years. Additionally, we may retain your personal data where such retention is necessary to fulfil our statutory obligations. At the end of the data retention period, we will take all necessary actions to ensure that your personal data is deleted or anonymised.
Sharing your personal data
In the course of our commercial activities, business administration and statutory obligations we may need to share your personal data to third parties. We will only share the personal data that is necessary to fulfil its processing, and we will take all reasonable steps to ensure that an adequate level of protection is in place to safeguard your privacy and personal data under the GDPR. We may share your personal data with the following types of third parties:
- Customers, suppliers, contractors, and other business partners to carry out our commercial activities;
- Professional advisers such as lawyers and accountants;
- Insurance providers to obtain insurance coverage and manage risk;
- Cloud-based software companies which provide us with business solutions such as our customer relationship and financial management systems;
- Providers which host our servers in their data centres;
- Providers which help us collate and organise data effectively and securely;
- Statutory bodies, government agencies, courts or other third parties where it is necessary to comply with laws or regulations, or to exercise, establish or defend our legal rights.
The table at the end of this policy details the various categories and types of personal data we collect and the lawful basis for processing this data.
Data transfers to third countries
It may be necessary to transfer your personal data to countries outside the UK and European Economic Area (EEA), including some that may not provide the same level of privacy regulation. When this happens, we will take all reasonable steps to ensure that an adequate level of protection is in place to safeguard your privacy rights under the GDPR and this privacy policy.
Security measures
We have put in place appropriate technical and organisational measures to secure your personal data and to prevent its loss, misuse or alteration. We have business systems and processes in place to make sure that only those people in our organisation who need to access your data can do so. Our security policies and procedures are reviewed regularly, internally and independently. In accepting this privacy policy, you acknowledge that the transmission of unencrypted (or inadequately encrypted) data over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
Links to other websites
This privacy policy applies to personal data collected by us. Our website may include hyperlinks to other websites. Please be aware that we have no control over, and are not responsible for, the privacy policies and practices of third parties. We encourage our users to be aware when they leave our site, and to read the privacy policy of other sites that collect personal data.
Your rights
As a data subject whose personal information we hold, you have certain rights. Your rights are as follows:
- The right to know how your personal data is being processed;
- The right to access your data through a subject access request;
- The right to rectification if you believe your personal data is inaccurate;
- The right to erasure (the right to be forgotten), in certain circumstances;
- The right to object to some types of data processing, such as direct marketing;
- The right to restrict processing if the accuracy of the data or the lawful basis is contested; and
- The right to data portability.
If you wish to exercise any of these rights, please email [email protected]. To process your request, we will ask you to provide two valid forms of identification for verification purposes. Once verified, your identification will be immediately deleted from our systems.
Data subject access request
The information we collect and how we use it
This section sets out the general categories of personal data that we may process; the source of that data; the purpose for which we may process that data, and the legal basis for processing.
|
Purpose |
Category & type of data collected |
Specific purpose |
Lawful basis |
Shared with |
|
To provide you with information |
Information / Client data: Name; company position; organisation name, postal address, and telephone number; mobile number, business email address |
To provide information that has been requested about our services |
Consent |
Internally and any third-party partners with whom we contract in order to fulfil these requirements |
|
To follow up on information requested and identify further requirements |
Legitimate Interest |
|||
|
To carry out a transaction |
Transaction / General business data: Name, company position, organisation’s name, postal address, telephone number; mobile number, business email address, organisation’s bank details |
To initiate and complete commercial transactions for the purchase and/or sale of products and/or services |
Contractual |
Internally and any third-party partners with whom we contract in order to fulfil these requirements |
|
For accounting and taxation purposes |
Statutory Obligation |
Internally and, as necessary, with professional advisers |
||
|
For documentation should any contractual legal claim arise |
Legitimate Interest |
|||
|
To fulfil a contract |
Contractual data: Name; company position; organisation’s name, postal address, telephone number; mobile number, business email address |
To fulfil a contract that we have entered into, in physical or digital form |
Contractual |
Internally and any third-party partners with whom we contract in order to fulfil these requirements |
|
To manage correspondence |
Correspondence data: Name; company position; organisation’s name, postal address, telephone number; mobile number, business email address |
To correspond about any issue that that might be raised with Longwall or which follows from an interaction between us |
Legitimate Interest |
Internally and, as necessary, with professional advisers |
|
Employment data |
HR records: Name; contact details, bank details, P46 Starter Checklist data, emergency contact details, proof of identity – passport, driving licence, visa information, proof of qualifications, DBS certificate, car details |
Contractual |
Internally |
|
|
To process a job application |
Job application data: Name, title, address; telephone number; date of birth, email address; CV and or covering letter; employment references; assessment data; interview notes, qualifications; previous experience; education |
To process a job application or enquiry; to consider a application and suitability for employment |
Legitimate Interest |
Internally and, following acceptance of an offer of employment, with selected vetting partners |
|
Website security |
Website data: Your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use |
To ensure the security and safe operation of our websites and underlying business infrastructure; to protect our websites and infrastructure from cyber-attack or other threats and to report and deal with any illegal acts |
Consent |
Internally and other organisations with which we might contract for this purpose |
Amendments to this policy
We reserve the right to amend or vary this privacy policy at any time and the revised policy will apply from the date posted on the website. You are encouraged to check this page periodically.