Privacy notice

This is the privacy notice of Longwall Security Ltd. It explains how we collect, use and otherwise process your personal data, for example, when you contact us, visit our website, apply for a job, or contract with us to buy and/or sell products and services. We take our privacy responsibilities seriously and are committed to respecting your privacy and protecting your personal data. Please read this privacy notice carefully to understand our views and practices regarding your personal data and how we will treat it. Amendments and updates to this notice may be made from time-to-time. Any revisions will be posted on this page, so you will always be aware of what information we collect and how we use that information. Please review this page regularly so that you are aware of any changes. If you have any comments, questions or concerns about this privacy policy or the ways in which we handle your personal data we encourage you to contact us at [email protected].

Who we are

When we say ‘we’, ‘us’ or ‘our’, we mean Longwall Security Ltd, company registration no: 8690329, registered office: Suite I, Windrush Court, Abingdon Business Park, Abingdon OX14 1SY, United Kingdom.

Data controller versus data processor

For the purpose of data protection legislation, in respect of data we collect from you, we are the ‘data controller’. This means that we determine what personal data is collected, how this data is used and how it is protected.

In respect of data provided to us by a third-party organisation acting on our behalf e.g. a reseller or vendor, we would not act as a data controller; instead, we act as a data processor. Insofar as we act as a data processor rather than a data controller, this policy shall not apply. Our legal obligations as a data processor are instead set out in the contract between us and the relevant data controller. In these circumstances, you should refer to the privacy policy of the third-party.

Personal data

‘Personal data’ refers to information relating to an identified or identifiable living person. For example, this information could be your name, address, telephone number.

The lawful basis for collecting your personal data

Under the UK General Data Protection Regulation (GDPR) we must be able to demonstrate a lawful basis for collecting and using your personal data. We will only use your personal data when the law allows us to; this includes, among other things:

  • where we have your consent;
  • where processing is necessary for the preparation and/or performance of a contract with you;
  • where we need to comply with a legal obligation to which we are subject;
  • where we have a legitimate interest to process your personal data, and where the processing of that data is both necessary and is not overridden by your interests, rights or freedoms.

The collection of personal data

The personal data we collect from you will be for one or more of the following purposes:

  • to provide you with information that you have requested about our products and/or services;
  • to initiate and complete commercial transactions with you, or the entity that you represent, for the purchase and/or sale of products and/or services;
  • to fulfil a contract that we have entered into with you, or the entity that you represent;
  • to manage any communication between you and us;
  • to process a job application or enquiry;
  • to ensure the security and safe operation of our websites and underlying business infrastructure.


The table at the end of this policy details the various categories and types of personal data we collect and the lawful basis for processing this data.

Keeping your personal data up to date

We have a responsibility to keep your personal data accurate and up to date. Please tell us if your details change.

Retaining and deleting your personal data

We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected. In general, your personal data will be retained for as long as you have a relationship with us. Thereafter, for a maximum of six years. Additionally, we may retain your personal data where such retention is necessary to fulfil our statutory obligations. At the end of the data retention period, we will take all necessary actions to ensure that your personal data is deleted or anonymised.

Sharing your personal data

In the course of our commercial activities, business administration and statutory obligations we may need to share your personal data to third parties. We will only share the personal data that is necessary to fulfil its processing, and we will take all reasonable steps to ensure that an adequate level of protection is in place to safeguard your privacy and personal data under the GDPR. We may share your personal data with the following types of third parties:

  • Customers, suppliers, contractors, and other business partners to carry out our commercial activities;
  • Professional advisers such as lawyers and accountants;
  • Insurance providers to obtain insurance coverage and manage risk;
  • Cloud-based software companies which provide us with business solutions such as our customer relationship and financial management systems;
  • Providers which host our servers in their data centres;
  • Providers which help us collate and organise data effectively and securely;
  • Statutory bodies, government agencies, courts or other third parties where it is necessary to comply with laws or regulations, or to exercise, establish or defend our legal rights.


The table at the end of this policy details the various categories and types of personal data we collect and the lawful basis for processing this data.

Data transfers to third countries

It may be necessary to transfer your personal data to countries outside the UK and European Economic Area (EEA), including some that may not provide the same level of privacy regulation. When this happens, we will take all reasonable steps to ensure that an adequate level of protection is in place to safeguard your privacy rights under the GDPR and this privacy policy.

Security measures

We have put in place appropriate technical and organisational measures to secure your personal data and to prevent its loss, misuse or alteration. We have business systems and processes in place to make sure that only those people in our organisation who need to access your data can do so. Our security policies and procedures are reviewed regularly, internally and independently. In accepting this privacy policy, you acknowledge that the transmission of unencrypted (or inadequately encrypted) data over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.

Links to other websites

This privacy policy applies to personal data collected by us. Our website may include hyperlinks to other websites. Please be aware that we have no control over, and are not responsible for, the privacy policies and practices of third parties. We encourage our users to be aware when they leave our site, and to read the privacy policy of other sites that collect personal data.

Your rights

As a data subject whose personal information we hold, you have certain rights. Your rights are as follows:

  • The right to know how your personal data is being processed;
  • The right to access your data through a subject access request;
  • The right to rectification if you believe your personal data is inaccurate;
  • The right to erasure (the right to be forgotten), in certain circumstances;
  • The right to object to some types of data processing, such as direct marketing;
  • The right to restrict processing if the accuracy of the data or the lawful basis is contested; and
  • The right to data portability.


If you wish to exercise any of these rights, please email [email protected]. To process your request, we will ask you to provide two valid forms of identification for verification purposes.  Once verified, your identification will be immediately deleted from our systems.

Data subject access request

You have the right to access any of your personal data held by Longwall Security or its third parties. This process for doing this is called a data subject access request (DSAR). If you wish to review, verify, correct, or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please email [email protected].

The information we collect and how we use it

This section sets out the general categories of personal data that we may process; the source of that data; the purpose for which we may process that data, and the legal basis for processing.

Purpose

Category & type of data collected

Specific purpose

Lawful basis

Shared with

To provide you with information

Information / Client data:

Name; company position; organisation name, postal address, and telephone number; mobile number, business email address

To provide information that has been requested about our services

Consent

Internally and any third-party partners with whom we contract in order to fulfil these requirements

To follow up on information requested and identify further requirements

Legitimate Interest

To carry out a transaction

Transaction / General business data:

Name, company position, organisation’s name, postal address, telephone number; mobile number, business email address, organisation’s bank details

To initiate and complete commercial transactions for the purchase and/or sale of products and/or services

Contractual

Internally and any third-party partners with whom we contract in order to fulfil these requirements

For accounting and taxation purposes

Statutory Obligation

Internally and, as necessary, with professional advisers

For documentation should any contractual legal claim arise

Legitimate Interest

To fulfil a contract

Contractual data:

Name; company position; organisation’s name, postal address, telephone number; mobile number, business email address

To fulfil a contract that we have entered into, in physical or digital form

Contractual

Internally and any third-party partners with whom we contract in order to fulfil these requirements

To manage correspondence

Correspondence data:

Name; company position; organisation’s name, postal address, telephone number; mobile number, business email address

To correspond about any issue that that might be raised with Longwall or which follows from an interaction between us

Legitimate Interest

Internally and, as necessary, with professional advisers

Employment data

HR records:

Name; contact details, bank details, P46 Starter Checklist data, emergency contact details, proof of identity – passport, driving licence, visa information, proof of qualifications, DBS certificate, car details

 

Contractual

Internally

To process a job application

Job application data:

Name, title, address; telephone number; date of birth, email address; CV and or covering letter; employment references; assessment data; interview notes, qualifications; previous experience; education

To process a job application or enquiry; to consider a application and suitability for employment

Legitimate Interest

Internally and, following acceptance of an offer of employment, with selected vetting partners

Website security

Website data:

Your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use

To ensure the security and safe operation of our websites and underlying business infrastructure; to protect our websites and infrastructure from cyber-attack or other threats and to report and deal with any illegal acts

Consent

Internally and other organisations with which we might contract for this purpose

Amendments to this policy

We reserve the right to amend or vary this privacy policy at any time and the revised policy will apply from the date posted on the website. You are encouraged to check this page periodically.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at [email protected]. You may also complain to the Information Commissioner’s Office (ICO): Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Helpline number 0303 123 1113; https://www.ico.org.uk, or via: Data protection and personal information complaints tool | ICO