We are committed to ensuring that your information is secure. All data is held on a private UK based server network with single point, firewall protected internet access through our hosting company. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. All our suppliers and contractors meet the standards we require.
Within their terms and conditions of employment all employees will receive briefings on data security and the handling of personal data. A programme of staff awareness and refresher training is underway to ensure that our data is protected. This training will be updated regularly, and checks are made by IT staff to ensure data quality is maintained.
In accordance with GDPR, we will only use your data where it is in our legitimate interest to do so and to comply with our legal and regulatory requirements. We will always explain clearly what data we are collecting about you and why. We will only collect data we need to give you a better experience; to improve and deliver our services to you; and to meet our responsibilities to you.
It is our strict policy not to pass on any personal information to third parties for commercial or sales and marketing purposes. From time to time, we will use your information to send offers and news on products and services, which we think may be of interest or be of benefit to you. In this case you will always be given the choice to opt out of receiving such emails.
To keep pace with the new data protection regulation as it develops, we will continue to review our systems and procedures to ensure that they remain compliant with the regulation and we will keep you informed throughout the process of any changes that we make.
Xpress Group – May 2018
Xpress Group value your data and are committed to ensuring it is handled and stored safely and securely. The purpose of this policy is to explain to you how we control, process, handle and protect your personal information.
We are exempt from registration in the IO Data Protection Register because data is collected solely for legitimate business reasons and to fulfil business contracts.
Types of data we collect
Data is only collected if it has been directly provided by yourself. This is done via email, phone and face to face meetings. Data collected includes:
– Full Name and company name
– Job title and position
– Contact details including email address, business address and phone numbers.
– Company invoicing and bank account details
– Purchase orders and transactional data
How data is used and handled
The data you provide us is used solely for the purpose of our mutual business contract. – In order for us to provide our services to you and communicate with you in relation to your services, invoicing and payments.
– To obtain services from yourselves, communicate with you and to arrange subsequent payments.
– To notify you of any changes to our business, where necessary.
– To comply with any legal obligations including reporting of transactional data.
We do not sell or transfer data to any marketers or third parties nor do we transfer data outside the European Economic Area (EEA).
Data security and protection
We take all necessary steps to ensure that our servers are secure and that security measures are in place to prevent your data from disclosure, once it has reached our servers. We cannot guarantee the security of any information during transmission from yourselves.
All electronic data is stored on secure servers and paper copies are stored in locked cupboards, accessible by authorised staff members only. Once documents are no longer required, they are shredded using a secure destruction service.
Data retention period
We store your data for as long as is required to fulfil the business contract, for the duration of our business relationship and for the purpose of meeting legal requirements. In order to meet certain legal requirements, we store data such as company details, financial and transactional data for 6 years.
Access to your personal information
You have the right to access, amend or delete any of your personal data that we hold. You can make a request to view the data we hold, to make any changes or to remove your data from our systems by emailing firstname.lastname@example.org We will respond to your data subject request within one month.
Changes to this policy
We regularly review this policy and will make changes as and when needed.
Xpress Group – May 2018