AES National Ltd – Privacy Notice
Dated: May 2018
We respect the privacy rights of individuals and are committed to handling personal data responsibly and in accordance with applicable law. This notice sets out the personal information that we collect and our processes as a data controller and/or data processor, in addition to the purposes of the processing and the rights connected with it.
What is a Data Controller?
For general data protection regulation purposes, the “data controller” means the person or organisation who decides the purposes for which any personal data is processed, in addition to the way it is processed.
The data controller is:
AES National Ltd
109 Newton Road
What is a Data Processor?
A “data processor” is a person or organisation which processes personal data for the controller.
What is personal data and what data do we collect?
Personal data relates to any information about a natural person that makes you identifiable. The personal data we may collect includes the following:
• Identification data – such as name, address details, etc.
• Contact details – such as home and business address, telephone numbers, email addresses, emergency contact details
• Employment details – such as job title/position, sickness/holiday records, pension information (including any relevant identification numbers), previous employment details, tax codes, and/or any other details required to fulfil payroll processing duties.
• Spouse and dependents information, marital status.
• Financial information – such as banking details, tax information, salary, benefits, expenses, etc.
What is sensitive personal data?
Sensitive personal data refers to the above, but includes genetic data and biometric data. For example:
• Medical conditions
• Religious or philosophical beliefs and political opinions
• Racial or ethnic origin
• Biometric data (e.g. a photo in an electronic passport)
• Qualifications etc.
Generally, we try not to collect or process any sensitive personal data relating to our clients, or our clients’ employees, unless authorised by law, or where necessary to comply with applicable laws.
What is Data Processing?
Data processing is any operation or set of operations performed upon personal data (or sets of it), be it by automated systems or not. Examples of data processing explicitly listed in the text of the GDPR are: collection, recording, organising, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing by transmission, disseminating or making available, aligning or combining, restricting, erasure or destruction.
Why do we collect your personal data?
AES National Ltd is required to hold a certain amount of personal data to enable the company to function from day to day. We only hold what we require, and do not store any unnecessary information. We DO NOT hold or store any customer card details.
You agree that we are entitled to obtain, use and process the information you provide to us to enable us to discharge our services, and for AES to provide its services to you.
We collect information about you when you fill in any of the forms on this website, email us, fill out any of our job system job sheets, sign off orders, phone in to book and arrange work etc.
We retain job sheets for all the work we carry out so we can easily track work completed, progress, addresses, numbers etc. to make it easier for our customers. We provide a personal service to the general public, so we must keep and hold these details, contacts, information etc.
We store the data we collect for as long as required. Our contracts require service works after the completion of the job, so it’s very important and necessary for us to continue to store all information and data that we collect. We therefore do not delete any data unless otherwise instructed.
We collect data from staff, clients, suppliers, landlords, designers, architect, property companies, property owners, tenants, residents, builders, subcontractors, insurance companies etc.
We also collect data provided by third parties, and some data is provided to third parties.
How will we use the information about you and why?
At AES National Ltd we take your privacy seriously, and will only use your personal information to provide the services you have requested from us. We will only use this information subject to your instructions, data protection law, our duty of confidentiality and tasks within AES that require us to use this kind of data.
We will normally collect personal data from you only where we have your consent to do so, where we need the personal information to perform a contract with you, your business or your employer (i.e. provision of services or contractual purposes). We use this personal information when it is necessary for the provision of our services.
Legal obligation – We may use personal information where we consider it necessary for complying with laws and regulations, including collecting and disclosing staff member or individual personal information as required by law (e.g. for tax purposes).
Legitimate interests– We may also collect and use personal information when it is necessary for other legitimate purposes (if we have a genuine reason and we are not harming any of your rights and interests).
We have policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed without authorisation and only accessed or used for specific legal purposes.
Who we share personal information with
We take care to allow access to personal information only to those who require such access to perform their tasks and duties in relation to the provision of our services, and to third parties who have a legitimate interest or purpose for accessing it to support these purposes. Whenever we permit a third party to access personal information, we will implement appropriate measures to ensure the information is used in a manner consistent with this notice and that the security and confidentiality of the information is maintained.
We also store information on the following systems (please check their Privacy Policies):
• Sage Accounts
• Sage ACT
• EP Marketing – external marketing company
We would like to send you useful articles, advice, and information about our services and events, which may be of interest to you. If you have consented to receive marketing, you may opt out at any point as set out below, or by clicking on the ‘unsubscribe’ button on any marketing email.
We may collect information on our website to process your enquiry, deal with your event registration, give advice based on survey data and improve our services. If you agree, we will also use this information to share updates with you about the services we believe may be of interest to you.
You have a right at any time to stop us from contacting you for marketing purposes. To opt out please email: firstname.lastname@example.org
We will not share your information for marketing purposes with companies so they may offer you their products and services.
Your data privacy rights
The following rights are available under applicable data protection law:
• Access, correct, update or request deletion of personal information
• Object to processing of personal information, ask us to restrict processing of personal information, or request portability of personal information
• If we have collected and processed personal information using a person’s consent, then this can be withdrawn at any time. Withdrawing consent will not affect the lawfulness of any processing we conducted prior to withdrawal, nor will it affect processing of personal information conducted in reliance on lawful processing grounds other than consent.
• You have the right to complain to a data protection authority about our collection and use of personal information. For more information, please contact your local data protection authority. In the United Kingdom, the data protection authority is the Information Commissioner’s Office whose website is https://ico.org.uk/.
Please note, our ability to facilitate aspects of any of the above rights will depend on whether we are a Data Processor or a Data Controller in relation to any specific data. Any requests received relating to data processed on behalf of clients should be referred to the Data Controller (the client company).
If you would like any more information, please contact us on one of the following:
AES National Ltd
109 Newton Road