Simer Environmental Services Ltd delivers efficient, environmental solutions to industrial and commercial businesses across the South of England.
This Privacy Notice sets out the steps we follow when personal data is collected, such as our identity and how we intend to use the information, the lawful basis for processing the data, our data retention periods and that individuals have a right to complain to the ICO if they think there is a problem with the way we are handling their data.
Simer Environmental Services Ltd
15 Arnside Rd, Waterlooville PO7 7UP
The majority of the information we collect and hold that can be classed as ‘personal data’ is name, address and other contact details such as email address and telephone number of our existing customers, suppliers and other stakeholders, to enable us to provide our services. Additionally, we will hold the information required for collection and payment of invoices.
We also collect and hold information on staff necessary to manage and support our employees.
Should we undertake marketing activities, for new prospects we would use names, addresses and other details such as email addresses and telephone numbers, to contact individuals and organisations to gain consent to use their data for marketing purposes in order to generate new business. We would only hold this information once we have obtained consent to retain their data and explained the purposes of doing so.
Personal data is collected when we are asked to complete tenders or provide costing for a project, answer enquiries on our services, or to engage the services of a supplier. This will be done by a member of our team, for example, an administrator, project manager etc.
New prospect data may be collected in a number of ways such as from a prospect organisations web site, meetings at exhibitions or business networking events. Staff data is collected from the employee directly upon application to the company, then on an ongoing basis for the purposes of their employment. We have a separate Employee Privacy Notice which is issued to employees and explains in detail how we collect and manage their data.
We may use Google Analytics and Cookies on our web site to record quantitative data such as visitor numbers, pages viewed etc. but we do not track individuals online e.g., using Lead Forensics, or use inferred information through algorithms, or profile people by analysing data derived from combining other data sets. Our Cookies policy can be seen at the beginning of this document.
We have specific retention times for each category of data which are set out in our management system and kept under review to meet industry and regulatory requirements.
Data will only be shared with external third parties when there is a specific business need, for example we might share data would be if we were to outsource an aspect of work, or employee data will be shared with the pension provider. We do not share or transfer data internationally outside of the EEA.
To cover this sharing of data, we have contracts in place with all the suppliers that may come into contact with any of the data we hold, to ensure the supplier is compliant with GDPR, and recognise their responsibilities when processing our data.
All reasonable steps are being taken to ensure data security both organisationally and technologically. As part of our data security measures, staff can only access our computer systems through password protected systems. We utilise brand-named back up solutions, which in turn means we are ‘sharing’ data with back up providers. They use strict security policies, strong industry-standard encryption, and world-class data centres to ensure information we share with them is protected. We utilize internal and external support to ensure data security, for example by keeping our virus protection software and firewall protection current, utilising encryption tools, and utilising IT security options available to us.
There should be no impact on the individual as a result of our processing. We aim to always be fair, transparent and ensure that people know how their information will be used. Data security is a key consideration and we do everything we can to protect the data we hold utilising . This applies whether the personal data was obtained directly from the data subjects or from other sources.
Our use of data will not have any unjustified adverse effects on individuals. We are only using information in a way which they would expect.
There are no adverse consequences of not providing information to us – for example, non-receipt of a benefit.
The lawful bases for our data processing activity are a combination of Legitimate Interest and Contractual for activities relating to staff, suppliers, existing customers and other stakeholders, and Consent for any marketing communications purposes to new prospects.
In general terms the purpose of processing information is to enable us to provide our services to customers, to support and manage our employees, promote our services, and maintain our own accounts and records.
We will explain our lawful basis for processing personal data when we answer a ‘subject access’ request.
We have identified that it is not necessary for us to appoint a Data Protection Officer (DPO), however a Director has been nominated with overall responsibility for the control of data collected and held by us, who also monitors and maintains GDPR compliance.
Individuals have the right to request access to the data we hold on them by submitting a request to do so addressed to Director, who will provide details on any information retained by us and we will follow processes as outlined in our GDPR Manual.
We aim to adopt a privacy by design approach and will carry out a Privacy Impact Assessment (PIA), also referred to as ‘Data Protection Impact Assessments’ (DPIA), as part of our GDPR compliance system in situations where data processing is likely to result in high risk to individuals, for example:
If a DPIA indicates that the data processing is high risk, and we cannot sufficiently address those risks, we will consult the ICO to seek its opinion as to whether the processing operation complies with the GDPR.
We always seek to treat an individual’s data fairly, however, individuals have the right to complain to us and we will investigate and respond accordingly within one month. Complaints should be sent addressed to:
Director, Simer Environmental Services Ltd
15 Arnside Rd, Waterlooville PO7 7UP
Or via email: firstname.lastname@example.org
Should the response not be resolved to the satisfaction of the complainant, the individual can also take up their issue with the Information Commissioner’s Office (the ICO) at the following address:
The Information Commissioner’s Office,
Wycliffe House, Water Ln, Wilmslow SK9 5AF
Or via E-mail: https://ico.org.uk/global/contact-us/email/