1.1 In this policy ASSL and our customers.
1.2 We are committed to protect the private data we receive and store from you and respect your rights under the General Data Protection Regulation.
1.3 This policy applies when we receive your data and we are acting as “data controller” and when we process it and we are acting as “data processor”.
1.4 For more information about us and how you can contact us, please see Section 10.
- Origin of our data
We may collect and process the following personal information about you, only directly from yourselves:
2.1 If you make an enquiry with us or request a quotation or other contact from us, we may:
2.1.1 store your name, geographical address and postcode, email address and phone numbers in order to communicate with you;
2.1.2 keep a record of any such correspondence;
2.1.3 store information about your preferences regarding our goods and/or services and whether and by which method you wish to be contacted by us or third parties for marketing purposes.
2.2 If you register to use our site or open an account on our site, we may store:
2.2.1 your name, geographical address and postcode, your email address and contact phone numbers in order to communicate with you;
2.2.2 your user identification code, user name, password and any other memorable information you provide to us in order to remind you of the same or reactivate your account.
2.3 If you order goods and /or services from our site, we may:
2.3.1 store your name, geographical address and postcode, your email address and contact phone numbers in order to communicate with you and inform you of the status and progress of your order;
2.3.2 store any delivery address (where this is different to your geographical address);
2.3.3 store your order details, and delivery status to fulfil our contract with you
2.3.4 or our nominated providers of payment services may, collect your payment details, however we will not store such details.
2.4 We may from time to time store details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
2.5 We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users' browsing actions and patterns and does not identify any individual.
- Processing your data
3.1 In this section we explain how we use your personal data.
3.2 Your data will be use as correspondence data Totalsafes may contact you by e-mailing or calling to give you updates on the service required or to send you a written quote). The legal basis of processing the correspondence data is the legitimate interest to perform a service, requested by you from us.
3.3 Your data will be used as transaction data and it may be used for financial records such as VAT invoices and it will be kept for 6 years. The legal basis of this processing is the “legal obligations” to which ASSL is subject.
3.4 On our site there is an option to sign up to receive our newsletter, and any promotional communications. You may opt out of receiving this communication by following the instructions which is included on the communication by following
3.5 We will not email you in the future unless you have given us consent to. We will give everyone opportunities to opt out of receiving certain types of communication
- Sharing your details
4.1 ASSL T/A Totalsafes do not share, your personally identifiable information with third parties for any unknown or unrelated uses.
4.2 We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
4.3 We may disclose your personal information to third parties in the following circumstances:
4.4 We use outside shipping companies to process the delivery of some orders. These companies do not, share, store or use personal information for any other purposes.
4.5 The Manufacturer often dispatch our item direct from their own warehouses. In these instances, we will provide the manufacturer with your shipping and contact details to allow delivery. Manufacturers do not share, store or use your personal information for any other purposes.
- Storing your data
5.1 This section explains how we store your private data and for how long.
5.2 Your private data may be printed if this is the case they will be secured in our filing cabinets which are under key control. The cabinets are placed in a room that is secured by high level security and a monitored alarm system.
5.3 We store our correspondence/schedule data for one year for the legitimate purpose of keeping a record of the job our company attends.
5.4 Your private data may be stored electronically on our servers that are based in the UK. Our computers are protected by password and anti-virus program, and they can only be accessed by our staff members.
- Deleting your data
6.1 This section explains how we delete/destroy your data once is no longer needed. For more details about the length of time we store your data please see Section 3 (3.3) and 5 (5.2).
6.2 Once your private data is no longer relevant/needed ASSL will permanently delete the electronic files.
6.3 Once your private data is no longer relevant/needed ASSL will hire a secure document shredding company, that complies to the GDPR, to destroy the documents.
- Data breaches
7.1 ASSL has standard procedures to protect your details against data breaches such as passwords for electronic files, that are periodically changed every month, alarms and secure filing cabinets for physical documents. For more details on how we securely store your documents please see section 5.
7.2 We back-up your data by creating an electronic copy of each document that is securely stored on our server based in the UK, that is protected by password and anti-virus program.
7.3 ASSL understands the legal requirement to report a data breach to ICO (Information Commissioner's Office) in maximum 72 hours from the event. We also commit to inform every person that has been affected by the data breach.
8.1 We may update this policy in order to improve our data management.
8.2 We will notify you of any significant changes to this policy.
- Your rights (GDPR rights of the natural person)
9.1 This section explains the rights, you have, as a data subject, in relation to your personal information.
9.2 To be informed about how, why and on what basis that information is processed.
9.3 To obtain confirmation that your information is being processed and to obtain access to it and certain other information, by making a subject access request— your request will be answered in maximum 7 days.
9.4 To have data corrected if it is inaccurate or incomplete.
9.5 To have data erased if it is no longer necessary for the purpose for which it was originally collected/processed, or if there are no overriding legitimate grounds for the processing (the right to be forgotten).
9.6 To restrict the processing of personal information where the accuracy of the information is contested, or the processing is unlawful (but you do not want the data to be erased), or where the employer no longer needs the personal information, but you require the data to establish, exercise or defend a legal claim.
9.7 To restrict the processing of personal information temporarily where you do not think it is accurate (and the employer is verifying whether it is accurate), or where you have objected to the processing (and the employer is considering whether the organisation’s legitimate grounds override your interests).
9.8 If you wish to exercise any of the rights in paragraphs, please contact the data protection officer by email at firstname.lastname@example.org
- ASSL details
10.1 We are registered in the UK under registration number 760 4165 and our registered office is at
25 Addington Street
10.2 You can contact us:
- a) by post to the address of our registered office
- b) by e-mail: email@example.com
- c) by Telephone 0161 819 6888