We at Radbournes Limited are committed to maintaining the trust and confidence of our customers, suppliers and employees by treating all data provided by them in a confidential and safe manner.
All data received is used by us exclusively for the purposes of enablement of trade between ourselves and our customer/supplier base, or in the case of our employees, as a means of meeting our statutory requirements as governed by employment laws, health and safety requirements and the like.
Radbournes Limited do not sell, rent or exchange information with other companies. The one exception to this is where we are asked for trade references, and in these situations, we will seek approval from the selected referees before proceeding.
WHAT DATA DO WE COLLECT?
Business (customer/supplier) data collected and stored is mainly that already in the public domain. This is typically: – Company Names
Company Telephone & Fax Numbers
Company Email Address
Company Contact Names
Company Bank Details
Other data that is in the public domain, such as company registration no’s, VAT numbers, website addresses, etc may also be collected and stored within our business system.
Employee data stored is typically:
Telephone Numbers & Email Addresses
Next of Kin & Emergency Contact Details
Other data may be added, if required by employment and health and safety legislation.
WHERE DO WE STORE THE DATA?
Most data is stored on our main accounts system on a secure server, using the latest Microsoft server technologies at the time of writing (Windows 2016), in a locked and alarmed room. E-mail information is stored in the cloud on Microsoft’s secure servers and all data passing between our PCs and e-mail servers is encrypted by default. An offline copy of e-mail data is stored on the individual PCs (Outlook 2016) which are also password protected using domain-level security and utilised by programmes such as Microsoft Office 365 for emailing and general communication purposes.
Paper documentation, such as sales/purchase orders, invoices, etc are securely stored in the main administrative office before being moved after 12 months either to a secure storage or securely shredded.
Employee data is computerised on Sage payroll, we also have a paper format which is locked in secure cabinets.
HOW DO WE PROTECT THE DATA?
All IT equipment and paper documentation are kept on the one site which is protected by a maintained NACOSS Gold alarm system.
The individual PC’s are used by authorised and trained personnel with all access being password protected.
Employee data is stored on Sage and in locked cabinets accessible by company directors and our accounts manager only. The only other employee data that is not kept in a secure environment is the staff details form which is kept in the office in stores, this only holds contact details and next of kin for staff emergencies.
HOW LONG IS THE DATA STORED FOR?
Financial records are kept for the statutory period of 7 years and then destroyed.
Employee records are kept for three years following date of termination and payroll records for three years.
All other data is kept, excluding the above and any other statutory requirements, for as long as it is necessary in conducting business with our customer/supplier base. Monitoring of contact details is continuous with names and extension numbers being deleted if no longer relevant.
DO WE HAVE A FUNCTION/REASON FOR EVERY PIECE OF DATA COLLECTED?
As previously stated the data collected is exclusively for the use of Radbournes Limited in enabling the trading of our product range between ourselves and our suppliers/customers.
In general, no personal login, passwords, security or financial data is held other than that already identified and associated with our employees.
The only time we would divulge information to outside parties without prior consent is if we were legally requested to do so e.g. in the case of a criminal investigation.
WHAT IS THE PROCESS IF DATA REMOVAL IS REQUESTED?
We are happy to provide copies of information held on receipt of a “subject access request” under the Data Protection Act 1998. We will not disclose your personal information without consent unless under legal direction.
Individual contact details can be removed upon request although general company information may have to remain for the minimum statutory requirement periods. All removal requests will be treated on their merits and if necessary advice sort from the ICO.
The destruction of paper documents is carried out by an approved external company, a member of The British Security Industry Association (BSIA) Whose quality of shredding adheres to the strict guidelines set out by the European Standard on Information Destruction EN15713. All drivers and shredding operatives are DBS checked and vetted to BS7858 regulations.
Computerised data is removed by authorised and trained personnel.
We undertake to log your complaint thoroughly, to investigate it and respond. We will take action as considered appropriate and proportionate.
In the unlikely event of a data breach, procedures are in place to notify impacted parties within the 72 hours stipulated by GDPR legislation.
Any questions or concerns relating to this policy statement can be addressed by contacting The Data Controller – Chris Radbourne of Radbournes Limited by telephone 01432 279623 or email firstname.lastname@example.org