First-Connect Fire & Security Limited Privacy Notice
We are First-Connect Fire & Security Limited (“we”, “us”, “our” or “First-Connect FSL”). Our registered office is at Unit 1D, Wellesley Road, Tharston Industrial Estate, Long Stratton, Norwich. NR15 2PE.
The new EU regulations regarding data protection come into effect on 25 May 2018. Whilst we await information regarding EU law and the BREXIT process, we will follow these regulations until a new data bill is announced as part of UK law. To be compliant with the new regulations we must demonstrate we have consent to use your data. As a First-Connect Fire & Security Limited client, we trust that you are content for your data to be held on our database system. However, you have the right for your data to be removed from our system at any time (but this may affect any current agreements in place with First-Connect FSL). First-Connect FSL is a “Data Controller,” which means that we are responsible for deciding how we hold and use personal information about you. We are required – under data protection legislation – to notify you of the information contained in this privacy notice. Our data protection registration number is ZA354721.
What information do we collect?
We collect your personal data because it is necessary, in relation to taking steps to enter into a contract with you and/or performance of a contract.
The data we hold on our internal system (electronically unless otherwise stated) is as follows:
Organisations: Name, parent organisation (if applicable), contact name, job title, site address, business phone/fax number, business contact mobile number, business email address, agreement number, type of system installed, installation/takeover date, agreement start and expiry dates, number of planned visits per annum (if applicable).
Residential: Name, site address, phone/fax number, mobile number, email address, agreement number, type of system installed, installation/takeover date, agreement start and expiry dates, number of planned visits per annum (if applicable).
SSAIB certification (if applicable): Certificate number, standard system is installed to, issue date, digital copy of certificate.
Administration/Technical data: Correspondence sent to you and received by you, System Design Proposal/As Fitted documentation of installed system, drawings, completion paperwork, jobsheet information for site visits, Risk Assessments, contract number with our monitoring station/keyholding & password information/URN numbers (if applicable).
Financial information: signed Sales & Service Agreement (digital copy), purchase orders (if applicable), annual maintenance and monitoring fees, invoice history, payment card details (temporarily held until payment processed) if payments made by DD bank account details.
• Information we receive from other sources:
We may receive your information when we work with third parties – including (but not limited to); business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers and credit reference agencies, for example.
We do not collect any sensitive personal data about you, such as information about your race, political opinions or religious beliefs – unless we obtain your explicit consent. In addition, we do not knowingly collect personal data from – or direct our content towards – those under the age of 16.
How do we use your personal data?
For information, the data we hold on our internal system (electronically unless otherwise stated) is used as follows:
• To communicate with you via either letter or email
• To contact you to book an appointment i.e. to arrange a service or site visit
• To create jobsheets
• To create invoices
• To schedule your preventative maintenance visits
• To assist with future queries/amendments to systems
You can withdraw your consent to any marketing emails, at any time, simply by emailing [email protected]
Disclosing your personal data to others
Please note we may share your data with our suppliers where necessary, these include The SSAIB (our trade association we are registered with), EMCS (our monitoring station), Sub-Contractors (providing additional services) and equipment suppliers.
Where relevant, we will require that third parties follow our data protection and privacy policies and we will require that such third parties do not use your personal details for their own business purposes, without your prior consent. Where we store your personal data We store all your personal details on a secure server, within the European Economic Area and in physical files in a secure location. We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site/systems. As such, any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to attempt to prevent unauthorised access. How long do we keep your personal data for? We only keep your personal data for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data – and whether we can achieve those purposes through other means – and the applicable legal requirements.
How secure is my data?
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
How do I review my data?