GDPR Statement

Accent Security Ltd. t/a South East Security is a “Data Controller” which provides a service for the installation and maintenance of fire and security systems.  The contracted clients who receive this service are “Data Subjects”.  All Data Subjects should have a specifically nominated contact(s) within their organisation.
 
“Data Protection Law” means the Data Protection Act 1998, the Privacy and Electronic Communications Regulation 2003, and all other applicable laws, enactments, regulations, orders, standards etc., each as may be amended or superseded from time to time (including the General Data Protection Regulation, which shall supersede the Data Protection Act with effect from 25 May 2018, and any legislation which amends, re-enacts or replaces it in England and Wales).
 
1              Awareness of GDPR

 All Staff who are Data Processors have been fully trained on the requirements, importance and company operating policy of GDPR which becomes law with effect from 25 May 2018.  A thorough GDPR audit and review of in-house systems, operating policies and procedures has been carried out and a new procedure created as part of the Company’s ISO 9001 Quality Assurance processes.


South East Security will continue to review our systems and make further improvements based on best practice.

 
Data Protection Officers
          
Company Secretary – Jan Purcell

Director – James Purcell

 

2              Procurement of Data

South East Security will only act upon instructions and data received from the nominated contact(s) of the client to allow the initial installation of a fire or security system, connection to any 3rd party Alarm Receiving Centre and the ongoing maintenance and monitoring service.  This information should be in writing using the forms provided, preferably submitted over email.


3              Information Collected

In order to undertake the installation and servicing of security systems, it will normally be necessary to collect the following data:
              
Commercial and Public Sector Clients

Company name, address, nominated contact(s) telephone number, email address, nominated keyholder contact(s) name, address and telephone number.

Domestic Clients

Client name, address, telephone number, email address, nominated keyholder contact(s) name, address and telephone number.

These requirements may vary from time to time.  South East Security will not modify, amend or alter the contents of such personal data other than as strictly necessary for the purpose of providing the Services.

4              Privacy of Information

South East Security will hold data for the purpose of providing installation and maintenance services on fire and/or security systems in accordance with an agreed contract.

Data is retained as stipulated by our Industry regulator, the National Security Inspectorate (NSI) requirements and as detailed in the Company Quality Procedures. 

Should a client contract be terminated, South East Security will:


·         Archive electronic general contract data in accordance and within the statutory period requirements

·         Remove personal data as instructed by the client

 
5              Data Access

Data that is held electronically is password protected with appropriate firewalls and data encryption.  PC’s are located in a secure premises, protected by a monitored intruder alarm with Police Response, access control to restrict access to all areas and perimeter security fencing and gates.  Hard copy records are held securely in locked filing cabinets and destroyed on site by Shred It Company Ltd. when no longer required.              

Information and data held will be shared with:
 

·         the nominated contact(s) of the Client on written request

·         the nominated Alarm Receiving Centre (Yeoman Monitoring Services) for the purpose of providing a system monitoring service with keyholder notifications

·         the appropriate Police Authority for the purpose of generating a Unique Reference Number to authorise police response to system activations
 
6              Individuals Rights

If South East Security receives any complaint, notice or communication which relates directly or indirectly to the processing of personal data or to compliance by it or the Client with the Data Protection Law (including requests from data subjects for the exercising of their statutory rights), it shall promptly notify the client and shall provide the Client with full co-operation and assistance in relation to any such complaint, notice or communication.

7              Lawful Basis for Processing Personal Data

South East Security will only use and process data for the sole purpose of providing a system installation, Police response  to activations and ongoing monitoring and maintenance support to its clients in accordance with an Installation and rolling Maintenance Contract, and for no other purpose whatsoever.

             Consent

It is the Client’s responsibility to obtain the individual’s (Data Subject’s) consent for South East Security to process and retain their data.

9              Data Breaches

South East Security shall inform the Client within three working days if any personal data is lost, altered or destroyed or becomes damaged, corrupted or unusable and shall (at its own expense) take such steps as the Client may reasonably require to restore the personal data to is original condition.

South East Security shall take reasonable steps to ensure the reliability of all its employees or other representatives who have access to personal data and shall ensure that all such persons are informed of the confidential nature of the personal data before they have access to it, confirming that they have committed themselves to confidentiality obligations or are under an appropriate statutory obligation of confidentiality.  This includes the statutory screening of all staff to BS7858 and Police security clearance.

10           Data Protection By Design

South East Security shall ensure all appropriate technical and organisation measures are taken against unauthorised or unlawful processing of  personal data, against accidental loss, alteration, destruction of or damage to, such personal data, and ensure the security of such data at all times.