skip to Main Content

Data Protection and Security Policy

ARC Office Systems Ltd and their employees and workers will follow this guidance in order to protect personal data. This includes personal information that can be used to identify individuals, including names, phone numbers, dates of birth, postal addresses,

Email addresses, any identification number.

 

Collecting Information

  1. ARC Office Systems Ltd will obtain clients, and individual’s specific permission to collect their personal data. Evidence of this consent will be kept.
  2. ARC Office Systems Ltd will require their suppliers to demonstrate that they are GDPR compliant with any personal information that will be passed to ARC Office Systems Ltd.
  3. Any completed forms will be kept securely, if paper there will be a physical safe place for them, if electronic, they will be password protected or encrypted.
  4. Physical forms and information will be kept to a minimum, with information transferred to our database where possible.
  5. ARC Office Systems Ltd will make sure the information they have collected is correct and up to date.
  6. ARC Office Systems will tell you why we need the information we are collecting.
  7. ARC Office Systems Ltd will collect personal information for the purposes of any contracts they have or intend to enter in for the running of their business or for any other legitimate business purpose they have and for necessary compliance with a legal obligation.
  8. ARC Office Systems Ltd will retain a list of those companies and individuals who have unsubscribed from receiving further information.
  9. ARC Office Systems will maintain an accurate list of explicit consents, for receiving personal details for processing or marketing purposes, from companies and individuals.

 

Taking care of Information

  1. ARC Office Systems Ltd will keep a record of the personal data they have collected and process, how they process it and who that information will be shared with. All personal information will remain confidential.
  2. The electronic database will be password protected and only be able to be accessed by as few people as possible.
  3. ARC Office Systems Ltd will make sure all electronic devices, including mobile phones are password protected. These should be 5 or 6 figure security.
  4. ARC Office Systems Ltd will use antivirus software which will be kept up to date.
  5. The servers that ARC Office Systems use are EU compliant for GDPR purposes.
  6. ARC Office Systems Ltd will only print or download the minimum personal information that is needed.
  7. When ARC Office Systems Ltd collect information over the phone they will endeavour to make sure that no one overhears the information.
  8. If ARC Office Systems Ltd need to send personal information by e mail in a document, the password to access that document will not be in the same e mail but will be supplied separately.
  9. If ARC Office Systems Ltd needs to send personal information by post, then the signed for delivery or special delivery option will be used.

 

Retention and removal of Information

  1. Once forms are no longer needed they will be shredded or archived.
  2. ARC Office Systems Ltd will destroy or delete the personal information once it is no longer needed, e.g. once the contract with a client has expired or once the engineer has completed the visit or once legal disputes are ended. Financial information is kept for 7 years.
  3. When ARC Office Systems Ltd wants to remove any computers or electronic devices, then the personal information will be removed from them before disposal.
  4. We will not share any personal information with any other third party without asking the individual and obtaining their permission. This does not preclude ARC Office Systems Ltd sharing that information, however in those circumstances required by law, or due to a regulatory requirement.

 

Actions in event of a Breach

  1. ARC Office Systems Ltd is registered with the Information Commissioner.
  2. If ARC Office supplies Ltd becomes aware of a breach they will inform the Information Commissioner within 72 hours. A detailed report will be sent to the Information Commissioner within 3 weeks.
  3. The individual will be informed of the breach should that breach causes distress to the individual or financial disadvantage.

A personal data breach is a breach of security which results in accidentally or unlawfully losing, altering, disclosing without permission, or the destruction of personal data which has been collected, processed, stored or transmitted.

Back To Top