Here at NW Security Group, data privacy and protection are at the heart of all our processes. Our privacy notice aims to communicate these processes which will honour your right to be informed. We intend that the document be informative with direction and guidance with clarity. Our privacy notice aims to inform you of your data protection rights governed by the European Union General Data Protection Regulation (EU GDPR), and how we process your Personally Identifiable Information (PII). The privacy notice will also set out how you can exercise these rights and, of course, how we intend to honour them.
Your enhanced rights relating to your personally identifiable information (PII)
Your right to be informed
- You have the right to be informed about the collection and use of your personal data. This is a key transparency requirement under the GDPR
- We must provide individuals with information including: your purposes for processing their personal data, your retention periods for that personal data, and who it will be shared with. We call this ‘privacy information’
- We must provide privacy information to individuals at the time we collect their personal data from them
- If we obtain personal data from other sources, you must provide individuals with privacy information within a reasonable period of obtaining the data and no later than one month
- There are a few circumstances when we do not need to provide you with privacy information, such as if an individual already has the information or if it would involve a disproportionate effort to provide it to them
- The information we provide to people must be concise, transparent, intelligible, easily accessible, and it must use clear and plain language
- We may provide privacy information to people using a combination of different techniques including layering, dashboards, and just-in-time notices
- We will regularly review, and where necessary, update your privacy information. We will bring any new uses of an individual’s personal data to their attention before we start the processing
Your right to access
- Individuals usually have the right to access their personal data
- This is commonly referred to as subject access request (SAR), if you would like to exercise this right, please get in touch and we can send you the correct form and offer advice
- Generally, this request comes free of charge, this will depend on the nature and excessiveness of the request. We will however discuss and agree any charges with you should this be the case
- We will aim to present your information no later than one month from your request. If we need more time, we will discuss this with you
Your right to rectification
- The GDPR includes a right for individuals to have inaccurate personal data rectified or completed if it is incomplete
- An individual can make a request for rectification verbally or in writing. We may ask you for proof of ID should you require to rectify sensitive data
- We aim to respond no later than one calendar month to a request
- In certain circumstances we can refuse a request for rectification, we will give advice and guidance should this be the case
Your right to erasure
- The GDPR introduces a right for individuals to have personal data erased
- The right to erasure is also known as ‘the right to be forgotten’
- Individuals can make a request for erasure verbally or in writing
- We aim to respond no later than one calendar month to a request
- The right is not absolute and only applies in certain circumstances
Your right to restrict processing
- Individuals have the right to request the restriction or suppression of their personal data
- This is not an absolute right and only applies in certain circumstances
- When processing is restricted, we are permitted to store the personal data, but not use it
- An individual can make a request for restriction verbally or in writing
- Again, we aim to honour this request in one month
- We understand that things change and we will aim to follow your instructions in most cases
Your right to data portability
- Your right to data portability allows you to obtain and reuse personal data for your own purposes across different services
- It allows us to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability
- The right only applies to information an individual has provided to a controller
Your right to object
- The GDPR gives you the right to object to the processing of personal data in certain circumstances
- You have an absolute right to stop data being used for direct marketing
- In other cases where the right to object applies we may be able to continue processing if we can show that we have a compelling reason for doing so
- Please get in touch to make an objection verbally or in writing
- We have one calendar month to respond to an objection
Your rights relating to automating decision-making, including profiling
The GDPR has provisions on:
- automated individual decision-making (making a decision solely by automated means without any human involvement); and
- profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process.
- At present, none of our processing activities include automated decision making but if things change you can be sure we will let you know
- You may have signed up to our email or blog services. By consenting to these we may send you other emails regarding your preferences, but we will always communicate our intentions first
What personal information do we collect?
When we collect your personal information, we only collect exactly what is required to provide you with the service you have requested.
We will always notify prior to or at the time of us collecting your data.
If you have placed an order through our e-commerce service, we will only require information to fulfil your request and ensure your goods are shipped to the correct location. This may include your name, personal address or a business address relating to you. We will obviously have to collect financial data to fulfil your order requirements but these details are not retained and are not stored or transmitted through our servers.
In some cases, we may collect contact information like emails and phone numbers. This information will only be used to aid communication and in relation to the service you have requested.
Of course, we may want to send you information regarding our other services and products. We will always ask for your consent first.
We will have to collect your information when you are conducting any training with us. We may have to use this information to prove your attendance and your identity. We may also use this information to provide you with qualifications and certifications.
When recruiting our future security professionals and supporting staff, we may of course process your personal information to help us process your journey to future employment. Of course, if you become a team member then other PII will have to be collected including payroll and emergency contact information.
Whatever the reason for processing your data, we will only retain it if we have to and only to meet operational retention needs.
Who do we share your information with?
As with most organisations, we may have to share your data with third party processors. This will only be the case to fulfil a service requirement. An example of this may be passing shipping information to our trusted couriers. Some of our training will be conducted and certified under a particular governing body, again we may have to share your data in order to certificate and for training records.
We can inform you of all our third-party processors should you require this information. What we can assure, is that all our third-party processors will be adhering to the EU GDPR and are setting technical and organisational security measures no less stringent than our own.
They will only process your data for reasons we have originally stipulated. Full communication from them to both us and you will always be the case should they want to process in any other manner.
Our third-party processors understand what they can and cannot do with your data. They fully understand their obligations and the importance of the security of your personal data.
Data security forms part of our service offering. It is therefore of upmost priority that our own technical and organisational security measures are of the highest standard.
We are very proud to boast a Cyber Essentials Plus accreditation. These means that our technical security measures have been examined and have been proven fit for purpose by an external agency. This will continue on an annual basis to ensure our high levels are maintained.
Our organisational security procedures are overseen by our very own expert security and risk management consultants. All our staff are trained in GDPR and Cyber security awareness and we boast a high internal security appetite.
When we supply you with a security system like CCTV, Access control or another similar system, we will advise you regarding end user obligations under GDPR. Generally, this is where full responsibility of PII protection lands with you as the controller.
We may of course offer you a Service Level Agreement (SLA) where processing activities may take place. We will only conduct processing activities where you have directed. We may come in to contact with personally identifiable information in video format or legacy access control data, this may be part of our service support during a system fault or during a maintenance check. Again, this will only be conducted with your consent and with full confidentiality.
Our legal basis for processing
All or your personally identifiable information (PII) has been collated in a data mapping exercise. This exercise has identified how your data flows throughout our business including third-party processors. We have mapped the data flow from the time of collection until the data has been stored or destroyed.
We have identified what our legal basis is for processing, we are more than happy to share this information on request.
We periodically assess whether retained data is still of any use, and so therefore destroy data that which we can no longer process with justification.
Most of our legal basis for processing is in the form of your consent, we periodically assess our consent mechanisms to ensure continuous validity and to ensure they are still pursuant to the original reason for processing.
Our CCTV System
We employ CCTV on our premises in order to prevent, deter and detect crime whilst at the same time for industry product development. Our data may at times capture PII and therefore you can exercise your right to access this data by submitting a Subject Access Request. Please get in touch and we can advise you with this if required. Our video data is not retained after the retention period has elapsed.
Cookies help us to do the following
- Making our shopping basket and checkout work for you
- Remember your settings during and between visits
- Improve the speed/security of the site
- Allow you to share pages with social networks like Twitter (the privacy implications of this will vary between the social networks and will be dependent on the privacy settings you have chosen on these networks)
- Make our marketing more efficient (ultimately helping us to offer the service we do, at the prices we do)
Certain 3rd-party services in use on our websites such as TrustPilot (the service reviews system we use) and AffiliateFuture (the service we use to attract online sales via other websites) may place cookies in your browser as you browse our websites. Please consult their cookie policies for further information on this.
Cookies collected by Google Analytics may be used by Google to serve appropriate ads to you when you visit other websites which allow this. This is known as ‘remarketing’.
- Track the identity of visitors to our websites or profile them in any way
- Serve adverts directly to you
- Personalise our website
- Collect any personally identifiable information (without your express permission)
- Collect any sensitive information (without your express permission)
- Pass personally identifiable data to third parties
Granting NW Security Group permission to place cookies
How to contact us
We would be delighted to help with your data privacy enquiries.
Please contact our data protection and privacy experts should you need further information.
Please write to us or give us a call:
NW Security Group Limited
Claddagh Business Centre
New Hall Lane
0151 633 2111