Electronic Security Systems and Fire Protection Ltd (ESS):- Privacy Notice
In accordance with the General Data Protection Regulation (GDPR May 2018)
ESS. are a NSI Gold approved Fire and Security Company providing security and fire protection throughout the UK. ESS operates from a central Head Office at 1 Roman Road, Kirkintilloch, G66 1DY.
ESS & FP Ltd are committed to protecting your personal information and respecting your privacy and rights when it comes to information processing. ESS are committed to maintaining compliance with current data protection legislation, any future legislation that comes into force as and when required, and to maintain transparency about how it processes personal data. ESS processes the personal data of both its own employees and its business contacts and works to robust information security policies to ensure this data is kept secure and the risk of data breach is reduced to a minimum. ESS are audited annually by NSI (National Security Inspectorate) to ensure all our policies are to the regulatory bodies required standard.
This Privacy Notice informs you how and why ESS collects your personal information, how ESS processes your personal information, who has access to your personal information, and details your rights as an individual to control how your personal information is processed.
By continuing to use ESS services you give ESS permission to process your personal data for the purpose identified as set out within this Privacy Notice.
This Privacy Notice contains information regarding:
- LAWFUL BASIS FOR PROCESSING YOUR INFORMATION
- COLLECTION OF PERSONAL INFORMATION
- HOW ESS USES YOUR INFORMATION
- VISITORS TO THE ESS WEBSITE
- PEOPLE WHO CONTACT ESS VIA SOCIAL MEDIA
- ESS CLIENT BASE
- PEOPLE WHO USE ESS SERVICES
- RECRUITMENT, STAFF DETAILS AND SECURITY SCREENING
- BOARD AND DIRECTORS
- YOUR RIGHTS
- SUBJECT ACCESS REQUESTS
- CHANGES TO THIS PRIVACY NOTICE
- HOW TO CONTACT US
To comply with the data protection requirements of the General Data Protection Regulation (GDPR), there must be a lawful basis to collect, process and store any personal data that you provide ESS with. For ESS as a data controller, the lawful bases under which personal data is processed include:
- The contractual agreement with each client/customer. Personal information that ESS collects during the contract agreement process.
- Where the processing is necessary for the purposes of legitimate interestspursued by ESS Ltd or by yourself as a third party. For example, ESS may occasionally send out communications using your contact details that are of specific importance, including Circular Letters and Technical Bulletins, or may ask for your input when developing a new service. Where such interests are overridden by your interests or fundamental rights and freedoms, ESS will instead ask for your consent.)
- Any active consentyou may have given ESS Ltd to receive or access particular services where another lawful basis does not apply. You will be asked to demonstrate your consent with an affirmative action, such as ticking a box or filling in your email address.
When you access and browse the ESS website and when you correspond with ESS by phone, post or email, you may give ESS information about yourself. This information can include your name, postal address, email address, landline and/or mobile telephone number and information about your employment (including your job title, responsibilities and employer’s details) as well as other personal information.
This Privacy Notice applies, but is not limited to, personal information that ESS collects from:
- visitors to the ESS website;
- existing clients
- potential clients
- associated third party organisations, stakeholders, suppliers and subcontractors;
- complainants and other individuals in relation to a complaint or enquiry;
- individuals who use ESS services
- job applicants and ESS current and former employees;
- visitors to the ESS Head Office (including passersby).
Where ESS collects personal data (for example your name, postal address or e-mail address) this information is used exclusively by ESS for providing the services you have requested or which are detailed within your service contract, or for controlling access to restricted areas. ESS will only pass your personal data to relevant third party organisations or individuals either as a contractual requirement, with your explicit consent, or if specifically compelled to do so by law or court order or other legitimate reason.
Unfortunately, the transmission of information via the internet is not completely secure. Although ESS does its best to protect your personal data, it cannot guarantee the security of your data transmitted to the ESS site; any transmission is at your own risk. Once ESS has received your information, robust information security measures in place protect it and minimise the risk of unauthorised access.
Public Website Areas
You can visit the ESS website without revealing who you are or giving any information about yourself, except where you voluntarily choose to give ESS your personal details via e-mail or by enquiring about any of ESS’s services.
Secure Website Areas
If you register to use the password protected areas of the website, you will be asked to provide ESS with certain data about yourself, such as your email address. This data is used to help control access to these protected areas, managed securely by ESS.
In order to access certain services on the ESS website you may be required to fill in a web form which includes completing your personal details. When you submit a web form, this information is sent directly to ESS only, and is then processed as appropriate.
Users choose their own passwords for logging into the e-Quote Portal of the ESS website. ESS does not have access to these passwords. ESS recommends that passwords are changed every 90 days to prevent data breaches, and that they conform to the format set out in the login area. If a user forgets their password, they are able to reset their password themselves within the login area.
Cookies are small pieces of information that are stored by your browser on your computer’s hard drive. ESS may occasionally place a cookie on the visitor’s hard drive in order to provide more user-friendly browsing or useful features to the web site visitor. Most browsers are initially set to automatically accept cookies. If you prefer, you can reconfigure your browser to reject cookies, but you may not be able to take full advantage of our website if you do so.
ESS occasionally monitors the IP addresses of visitors to assess the usage of the site and, for example, identify which pages are most popular. ESS does not link these IP addresses to personal data such as a visitor’s name and/or e-mail address etc. The data collected in this way is completely anonymous.
With regard to each of your visits to ESS’s website, ESS may also collect the following information:
- technical information, including the Internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating systems and platforms; and
- information about your visit, including the full Uniform Resource Locators (URL) click-streams to, through and from ESS’s websites, information you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-over’s), methods used to browse away from that page and any phone number used to call us.
People who email ESS
ESS may monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
You can contact ESS via Facebook, Twitter, Linked In, or by direct message if you wish to enquire about ESS services or wish to comment on ESS services. These communications are managed by ESS’s Marketing department and are only ever shared internally at ESS, either for the purpose of providing you with the information you have requested. Should ESS wish to quote your comment with your name and company within ESS marketing literature or on the ESS website, you will be first contacted by the ESS Sales/Marketing department to ask for your explicit consent to do so.
ESS receives enquiries through the website and by telephone, post and email. Enquiries will typically require the person to enter some form of contact details to allow ESS to follow them up.
For general enquiries, a record of the enquiry is retained by ESS until the enquiry has been dealt with and no further follow up is needed.
If a potential client makes an enquiry, but does not wish to progress the enquiry at that time, the details are held on ESS’s internal system for a maximum of 18 months. This is because ESS may be contacted in future with view to proceeding with the original enquiry. ESS may ask for a suggested time to regain contact with them in the future, and will keep the details on record until then for that purpose.
ESS retains all information regarding clients throughout the life of the contract duration and then for 7 years should that contract cease. This includes audit records, contact details, and any other information collected by ESS as part of the contract process.
All client information provided to ESS is treated as Confidential. This information is stored securely on ESS’s internal CRM database and is only used for purposes related to the relevant contract. Any financial details given have access limited to the relevant ESS departments only.
All information collected throughout the contract, including audit reports and evidence, is also treated as Confidential and is stored securely on ESS’s internal CRM database. Evidence collected during contract duration may contain samples of personnel files, which could in turn contain personal data. ESS collects this information as evidence for the contract process in order to deliver services, and will only ever take a record of personal data where necessary for the purpose of the contract.
Certification Approval information is only shared with a third party with a legitimate interest in the approval, for example the NSI or BAFE, when necessary. ESS may also share information with the Police if there is a lawful basis for doing so, or with the United Kingdom Accreditation Service (UKAS) as part of ESS’s continued accreditation as a NSI Certified Company.
As part of ESS client base, Circular Letters from ESS which contain either general information or information relevant to the approvals they hold. These may include important technical updates about standards, Technical Bulletins, or marketing information on new services offered by ESS. You do have the option to opt out of receiving Circular Letters at any time, but please bear in mind this may mean that you miss out on important updates.
ESS’s Sales/Marketing department may, from time to time, send clients and potential clients marketing emails or invitations to participate in surveys or certain activities in the company’s interest. You may unsubscribe from these emails if you wish using the link at the bottom of the email.
Client Contracts and Certificates of Compliance (see T&Cs on certificates)
ESS retains a full record of each Certificate of Compliance issued, including name and address details of the end user. This allows a revised or copy certificate to be issued on the request of the Issuing Company. The names of domestic end users are deleted from the certificate record after 7 years for data protection purposes.
A record of the certificate is held securely on the ESS database as well as the NSI database with access limited to the ESS and NSI only. Any personal data referenced will not be shared or processed otherwise by ESS or NSI.
RECRUITMENT, STAFF DETAILS AND SECURITY SCREENING
Applicants for roles at ESS are asked to provide their personal information for the application process, including their current Curriculum Vitae and a Covering Letter, either directly or through a Recruitment Agency. This information is used solely by ESS management for the purpose of assessing the applicant’s suitability for the role, leading to a possible invitation to interview.
Personal details of unsuccessful applicants are held by the ESS Office Manager for a period of 12 months after the decision, for the legitimate interest of assessing eligibility for any other roles that may be more suitable. ESS does not share this information with any other party within this time. Applicants do have the right to contact the Office Manager and withdraw their details at any time during the recruitment process, and the Office Manager will then update the records accordingly.
ESS requires successful applicants to provide proof of identity, such as a passport or a birth certificate, to ensure the applicant is eligible to work in the UK, which is a legal requirement. ESS also requires the applicant’s full name, contact details, home address, bank details and name and contact details of their next of kin. ESS may also ask about any medical conditions, details of which remain strictly private and confidential for the attention of the NSI Office Manager only. A contract of employment is agreed and signed by the new employee. ESS collects personal data using a specific form for the purpose of setting up the employee on the payroll system, the pension scheme (where agreed) and to facilitate the security screening background checks. ESS will only share the employee’s details with the third parties providing these services to allow the service provision.
The contract of employment forms ESS’s lawful basis to process employees’ personal data in order to fulfil its contractual obligations, plus any specific consent given by the employee for additional services or benefits. Information disclosed remains strictly private and confidential and under the control of the ESS Office Manager, and only accessible by the General Manager and Office Manager. Should an employee wish to enquire about the personal information ESS holds about them, they can make an official written request to the Office Manager.
Successful applicants to ESS are required to complete a security screening check before commencing employment with ESS. This process is carried out by our Office Manager in accordance with BS7858:2012 . ESS collect personal data for the purpose of carrying out background screening of all ESS employees. Applicants are asked to provide their current passport or a birth certificate, a driving license and a utility bill or bank statement with their current home address stated. These forms are checked and counter signed by the ESS Office Manager. ESS will ask the applicant about their previous work experience, education, referee details, and for answers to the questions relevant to the role they have applied for. ESS will only share the applicant’s name, date of birth and address history with third parties (where applicable) where it is necessary to fulfil their contractual obligations to the applicant, and where obliged to do so by law.
Once the preliminary screening is successful, the applicant can then commence their employment with ESS. The ESS Office Manager compiles a separate file relating to their employment containing the documentation listed above. The information contained in this is kept in a secure location and is protected by the Office Manager and only used for purposes directly relevant to that person’s employment.
If the employment is terminated or an employee resigns, ESS retains both the security screening and HR file for each individual file for 7 years before destruction. ESS will inform any third parties processing the data to remove it subject to data protection requirements.
BOARD AND DIRECTORS
ESS Board members and Directors are subject to the same screening process as ESS employees. Each individual is asked to sign a contractual agreement and complete the required documentation before they commence their relationship with ESS. Personal data requested will be limited to what is appropriate for the role and kept Confidential at all times. Records are kept by ESS for 7 years after cessation of the contract with ESS.
CCTV AND VISITORS
ESS has a Networked CCTV camera System installed around the Head Office in for the purposes of crime prevention and public safety. ESS staff, visitors to ESS or passersby may be recorded on these cameras. The footage is stored by ESS for a limited time before it is overwritten. ESS may monitor the footage in the event of a security breach. The General Manager has remote access to Footage via a Password Protected Mobile app. ESS will only ever share the footage with the local Police force in the event of a criminal investigation. The contact number for CCTV enquiries is stated on signage around the building.
Visitors to ESS are asked to sign in using the Visitors Book in the Administration Office. Information requested includes name, company and vehicle registration. In the unlikely event of a fire, this information is used to perform a roll call if required and ensure all visitors have evacuated the building. The ESS car park is private property and is available for use by ESS staff and visitors only, and by providing your registration number ESS is able to identify your vehicle. This information remains at NSI Head Office and is not shared with any other party.
If required, a complaint to ESS can be lodged via telephone, post or email.
Details about complaints made and the parties involved are stored securely on ESS’s internal CRM database. It may be necessary to share the contact details of the complainant with the parties involved or with other relevant bodies in order to progress the complaint. ESS will gain authorisation from the complainant before passing any Confidential information or personal data to other parties
ESS takes any complaints received about collection and use of personal data very seriously and encourages people to bring to its attention any collection or use of information they think is unfair, misleading or inappropriate.
Complaint details are retained for 7 years before destruction in case of any further proceedings.
Under the General Data Protection Regulation (GDPR) and the Data Protection Act 1998 (DPA), ESS recognises and respects that you have rights as an individual providing personal data:
- You have the right to know exactly how your personal data will be processed by ESS. ESS commits to processing your data fairly, lawfully and transparently, details of which are set out in this Privacy Notice.
- You have the right to request access to the personal data that ESS holds about you.
- You have the right to request changes to the data held about you if the data is incorrect or requires additional information.
- You have the right to request erasure of your data or the right to be forgotten completely, where there is no legitimate reason for your data to continue to be processed.
- You have the right to request that processing of your data is restricted so that the data remains stored but is not further processed by ESS.
- You have the right to request a copy of your data in a portable format.
- You have the right to object to your data being processed, if the processing is for a legitimate interest without compelling grounds, or for direct marketing.
You may notify ESS of any request to change how your personal data is processed or to update your records by telephone, email or post.
ESS retains the right to continue processing personal data if there are compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the individual, or the processing is for the establishment, exercise or defence of legal claims.
Please note: should you choose to erase your data or restrict how your data is processed, this may affect your awareness of important information and updates.
SUBJECT ACCESS REQUESTS
If you wish to make a free Subject Access Request to access a copy of the personal data ESS stores about you, or understand how it is processed and why, please follow the instructions below:
- Contact ESS Head Office contact (email preferred).
- Include details of your request – which information about you do you wish to have access to?
- Provide sufficient evidence about yourself for ESS to verify your identity. (ESS may have to contact you otherwise.)
ESS will deal with your request without undue delay, within 1 month of the receipt of your request. ESS will notify you if it is unable to provide the information within 1 month, detailing the likely timescale. If ESS is unable to grant you access to your data for a specific reason you will be notified immediately. In certain circumstances, such as where a large amount of data is requested which may require extensive time or resource to gather and collate the data, ESS reserves the right to charge a fee to account for this activity.
CHANGES TO THIS PRIVACY NOTICE
This Privacy Notice is regularly reviewed and may change from time to time. This Privacy Notice was last updated on the 14th of May 2018.
HOW TO CONTACT US
If you wish to contact ESS for further information about this Privacy Notice, you can call, e-mail us or write to us at:
Electronic Security Systems and Fire Protection Ltd.
1 Roman Road,
E: firstname.lastname@example.org T: 0141 776 0999
This Privacy Notice does not provide exhaustive detail of all aspects of ESS’s collection and use of personal information. However, ESS is happy to provide any additional information or explanation needed when requested.
ESS makes every effort to ensure that the information provided on its website or through Social Media is accurate and current. However, it cannot guarantee this and cannot accept responsibility for any errors, omissions, misstatements or mistakes on the website or Social Media. Anyone becoming aware of such matters is requested to notify ESS in writing or by e-mail.