This Privacy Notice explains the types of personal data we may collect about you when you interact with us. It also explains how as a business we store and handle that data, and keep it safe. EDT Services Limited aims to make good progress towards overall compliance, with the mandatory requirements of the GDPR.
It’s likely that we’ll need to update this Privacy Notice from time to time. We’ll notify you of any significant changes.
- The Legal Bases we rely on
In specific situations, we will collect and process your data with your consent. When collecting your personal data, we will always make clear to you which data is necessary to in connection with a particular service.
In some situations, EDT require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
For example: We will retain information in relation to properties for warranty works, retention and defects periods.
We will collect your information for the purpose of the contractural necessity. Personal data may be processed on the basis that such processing is necessary in order to enter into or perform a contract with the data subject.
- When we collect your personal data
- When you do business with us we create an account and hold your information for accounting purposes and our CRM (Customer Relationship Management) database.
- When you engage with us on social media.
- When you contact us by any means with enquiries, queries, complaints etc.
- When you book any kind of appointment with us or book us to attend a site visit.
- When you comment on our services on Social Media or by email.
- When you park at EDT Services Office which has CCTV system operated for the security of both our office and visitors. Our CCTV system may record your image during your visit.
- How and why do we use your personal data?
- EDT want to give the best possible customer service. One way to achieve that is to combine the data we have about you and your property.
- The data privacy law allows this as part of our legitimate interest in understanding our customers and providing the highest levels of service.
- To respond to your enquiries, refund requests and complaints. Handling the information you send to us enables us to respond. We may also keep a record of these communications, to ensure that we are fully informed in any future communication with you and to demonstrate how we historically have communicated with you throughout previously. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service.
- If we discover any criminal activity or alleged criminal activity through our use of CCTV, we will process this data for the purposes of preventing or detecting unlawful acts. To comply with our contractural or legal obligations we will share this data with law enforcement.
- How long will we keep your personal data?
- Whenever we collect your personal data, EDT we’ll only keep it for as long as is necessary for the purpose it was collected. This may in some cases be for a 20 year period if a product warranty was used on your premises, in which a guarantee has been provided.
- We understand that you have the right to be ‘forgotten’ and EDT will protect that right and dispose of any personal data held about you in accordance with current legislation and statutory obligations.
- Who will it be shared with?
- EDT Services Limited will never share your information with any Third Parties without your expressed permission to do so, unless it is for assisted services or products in relation to your property requirements, for example obtaining best value quotations i.e. for a new kitchen, or mechanical and electrical services as part of our specified works.
- Our CRM database advises that it supports the latest recommended secure cipher suites and protocols to encrypt data in transit. Customer data is also encrypted at rest.
- EDT’s CRM data package is hosted on Amazon Web Services (AWS), a global leader in Infrastructure as a Service (IaaS). Amazon take physical and network security seriously. Their data centres are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff, video surveillance, intrusion detection systems, and other electronic means. Access to their data centre floors requires two-factor authentication a minimum of two times.
- Amazon maintain multiple certifications for its data centres, including ISO 27001 compliance, PCI Certification, and SOC reports. Their reports can be found on the AWS Compliance website and you can read more about the specifics of their approach at https://aws.amazon.com/security/.
- What are your rights over your data?
- You have the right to access the personal data we hold about you, free of charge in most cases.
- The correction of your personal data when incorrect, out of date or incomplete.
- You have the right to make a complaint
You have the right to make a complaint about how we process your personal data to the Information Commissioner:
Information Commissioner's Office
Tel: 0303 123 1113