GDPR Guidelines

Saunders

At Saunders, we are committed to protecting the personal data of our clients, employees, and suppliers in compliance with the General Data Protection Regulation (GDPR) and the guidance provided by the Information Commissioner’s Office (ICO). This document outlines how we collect, store, use, and protect personal data in the context of our electrical, gas, and catering services.

1. Introduction to GDPR

The GDPR is a regulatory framework designed to protect personal data within the European Union (EU) and the UK. It ensures that organisations handle personal data lawfully, transparently, and securely while respecting individuals’ rights.

As a data controller, Saunders is responsible for determining the purposes and means of processing personal data.

2. What is Personal Data?

Personal data refers to any information relating to an identified or identifiable individual. Examples include:

  • Name
  • Address
  • Email address
  • Telephone number
  • Financial details (e.g., payment information)
  • IP addresses

Sensitive personal data, such as health information or criminal records, requires additional protections under GDPR.

3. Lawful Basis for Processing Personal Data

Under GDPR, Saunders processes personal data based on one or more of the following lawful bases:

3.1 Contractual Obligations

  • Processing necessary to deliver our services, such as installations, repairs, and maintenance.

3.2 Consent

  • When required, we obtain explicit consent from individuals before processing their data.

3.3 Legal Obligations

  • Compliance with applicable law, such as HRMC reporting and health and safety regulations.

3.4 Legitimate Interests

  • Processing necessary for the operation of our business, such as maintaining customer records or improving our services, provided it does not override individual rights.

4. Collection of Personal Data

We collect personal data directly from individuals and through third parties (e.g., subcontractors or suppliers). Common methods include:

  • Online enquiries via our website or email.
  • Phone calls or in-person consultations.
  • Contracts or forms completed by clients or employees.
  • Supplier or vendor agreements.

We collect only the data necessary to fulfill the specific purpose for which it is intended.

5. Use of Personal Data

Saunders processes personal data for the following purposes:

5.1 Service Delivery

  • Managing appointments and schedules.
  • Communicating project updates and outcomes.
  • Issuing invoices and processing payments.

5.2 Compliance with Legal and Regulatory Requirements

  • Maintaining records for HMRC purposes.
  • Submitting required reports to regulatory bodies.

5.3 Customer Relationship Management

  • Responding to enquiries and complaints.
  • Sending updates about new services or offers.

5.4 Internal Operations

  • Managing employee payroll and records.
  • Ensuring workplace safety.

6. Data Sharing

Saunders does not sell personal data. However, we may share data with:

6.1 Service Providers

  • Subcontractors and partners engaged in delivering services.

6.2 Regulatory Bodies

  • When legally required, such as gas safety notifications to Gas Safe.

6.3 Third-Party Payment Processors

  • To facilitate secure payments.

6.4 The Police or Government Authorities

  • When required by law or in response to a lawful request.

We ensure that third parties receiving personal data comply with GDPR and maintain adequate safeguards.

7. Data Security

We take appropriate technical and organisational measures to secure personal data and prevent unauthorised access, alteration, disclosure, or destruction.

7.1 Physical Security

  • Secure storage of paper-based records in locked cabinets.

7.2 Digital Security

  • Use of password-protected systems and encrypted databases.
  • Regular updates to software and antivirus programs.

7.3 Employee Training

  • All staff are trained on GDPR principles and the importance of data protection.

7.4 Incident Response

  • Procedures to detect, investigate, and respond to data breaches promptly.

8. Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected or to meet legal and regulatory obligations.

  • Customer records: Retained for 7 years for HMRC purposes.
  • Employee records: Retained for the duration of employment plus 7 years.
  • Supplier records: Retained for 7 years following the end of the business relationship.

After the retention period, data is securely deleted or anonymised.

9. Individual Rights

Under GDPR, individuals have the following rights regarding their personal data:

9.1 Right to Access

  • You can request a copy of the personal data we hold about you.

9.2 Right to Rectification

  • You can ask us to correct inaccuracies in your data.

9.3 Right to Erasure (Right to Be Forgotten)

  • You can request the deletion of your data, subject to legal obligations.

9.4 Right to Restriction

  • You can ask us to restrict processing of your data under certain conditions.

9.5 Right to Data Portability

  • You can request your data in a structured, commonly used format to transfer to another service provider.

9.6 Right to Object

  • You can object to the processing of your data for direct marketing or legitimate interests.

9.7 Right to Withdraw Consent

  • You can withdraw your consent to data processing at any time.

9.8 Right to Lodge a Complaint

  • If you believe your rights have been violated, you can lodge a complaint with the ICO.

10. Exercising Your Rights

To exercise any of your GDPR rights, please contact us at:

Saunders
Phone: Contact: 0117 961 4330
Email: enquiries@saunderssolutions.co.uk
Address: Unit 8 Trubody’s Business Park, 121 London Road, Bridgeyate, Bristol, BS30 5NA

We will respond to your request in accordance with GDPR.

11. Data Breach Notification

If a data breach occurs that poses a risk to your rights and freedoms, we will notify you and the ICO within 72 hours of becoming aware of the breach.

12. Children’s Data

Saunders does not knowingly collect personal data from children under 16. If we become aware that such data has been collected, it will be deleted immediately.

13. Cookies and Online Tracking

Our website uses cookies to enhance user experience and analyse traffic. You can manage your cookie preferences through your browser settings.

14. Updates to this Policy

Saunders reserves the right to update this GDPR policy as necessary to reflect changes in the law or our operations. Clients will be notified of significant changes.

15. Contact Information for ICO

If you have concerns about how your data is handled, you may contact the ICO:

Information Commissioner’s Office (ICO)
Website: https://ico.org.uk
Phone: 0303 123 1113

By engaging Saunders, you acknowledge that you have read and understood this GDPR policy and agree to the processing of your personal data in accordance with these guidelines.