GENERAL DATA PROTECTION REGULATION GDPR
This document sets out how Alloy Bodies Ltd uses and protects any personal data that it may hold about you which has been obtained due to your working relationship with the company.
Alloy Bodies Ltd is committed to ensuring that your privacy is protected and therefore all data we hold will only be used in accordance with this privacy statement.
We may change this policy from time to time by updating this page, and you should regularly check to ensure that you are happy with any changes.
This policy is effective from 1st November 2020.
What data we hold
We may collect the following information:
- name and job title
- contact information including email address and phone numbers
- demographic information, such as your postcode
- if you visit our premises you may have your image held for a short period of time on CCTV
Why we hold it
We require this information as a legitimate business interest exists and we can continue or commence a working relationship with you. This may be:
- Existing customer/supplier
- Previous customer or supplier and there is a likelihood of future work
- Potential customers or suppliers where there is a likelihood of future work.
Where it is held
We are committed to ensuring that your data is always secure. To prevent unauthorised access or disclosure we have put in place suitable physical, digital, and managerial procedures to safeguard and secure your data to ensure it is not accessible to unauthorised personnel.
How long we hold it
We hold the data for as long as we believe there is a legitimate business interest. We undertake an annual review of all data held and delete all data belonging to individuals who are no longer considered legitimate business interests.
Consent to hold
All data that we hold has been obtained during your working association with the company and therefore your consent is implied as being obtained as a legitimate business interest.
Subject access requests
You may request details of the personal data that we hold about you by writing to the HR controller at our registered office, or by emailing email@example.com. We will send the requested information at the earliest opportunity and will endeavour to ensure it is sent within five days of receiving the request.
Any request for personal data to be deleted received by the company will be undertaken at the earliest opportunity and we will endeavour to ensure it is deleted within five working days from receipt of request.
Action in the event of a breach
Any breach of this policy will be fully investigated with all affected individuals fully informed of:
- what the breach consisted of
- what action has been taken to correct the breach
- what actions that have been put in place to prevent a recurrence