Here at NW Security Group, data privacy and protection are at the heart of all our processes. Our privacy notice aims to communicate these processes which will honour your right to be informed. We intend that the document be informative with direction and guidance with clarity. Our privacy notice aims to inform you of your data protection rights governed by the European Union General Data Protection Regulation (EU GDPR), and how we process your Personally Identifiable Information (PII). The privacy notice will also set out how you can exercise these rights and, of course, how we intend to honour them.
Your enhanced rights relating to your personally identifiable information (PII)
Your right to be informed
You have the right to be informed about the collection and use of your personal data. This is a key transparency requirement under the GDPR
We must provide individuals with information including: your purposes for processing their personal data, your retention periods for that personal data, and who it will be shared with. We call this ‘privacy information’
We must provide privacy information to individuals at the time we collect their personal data from them
If we obtain personal data from other sources, you must provide individuals with privacy information within a reasonable period of obtaining the data and no later than one month
There are a few circumstances when we do not need to provide you with privacy information, such as if an individual already has the information or if it would involve a disproportionate effort to provide it to them
The information we provide to people must be concise, transparent, intelligible, easily accessible, and it must use clear and plain language
We may provide privacy information to people using a combination of different techniques including layering, dashboards, and just-in-time notices
We will regularly review, and where necessary, update your privacy information. We will bring any new uses of an individual's personal data to their attention before we start the processing
Your right to access
Individuals usually have the right to access their personal data
This is commonly referred to as subject access request (SAR), if you would like to exercise this right, please get in touch and we can send you the correct form and offer advice
Generally, this request comes free of charge, this will depend on the nature and excessiveness of the request. We will however discuss and agree any charges with you should this be the case
We will aim to present your information no later than one month from your request. If we need more time, we will discuss this with you
Your right to rectification
The GDPR includes a right for individuals to have inaccurate personal data rectified or completed if it is incomplete
An individual can make a request for rectification verbally or in writing. We may ask you for proof of ID should you require to rectify sensitive data
We aim to respond no later than one calendar month to a request
In certain circumstances we can refuse a request for rectification, we will give advice and guidance should this be the case
Your right to erasure
The GDPR introduces a right for individuals to have personal data erased
The right to erasure is also known as ‘the right to be forgotten’
Individuals can make a request for erasure verbally or in writing
We aim to respond no later than one calendar month to a request
The right is not absolute and only applies in certain circumstances
Your right to restrict processing
Individuals have the right to request the restriction or suppression of their personal data
This is not an absolute right and only applies in certain circumstances
When processing is restricted, we are permitted to store the personal data, but not use it
An individual can make a request for restriction verbally or in writing
Again, we aim to honour this request in one month
We understand that things change and we will aim to follow your instructions in most cases
Your right to data portability
Your right to data portability allows you to obtain and reuse personal data for your own purposes across different services
It allows us to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability
The right only applies to information an individual has provided to a controller
Your right to object
The GDPR gives you the right to object to the processing of personal data in certain circumstances
You have an absolute right to stop data being used for direct marketing
In other cases where the right to object applies we may be able to continue processing if we can show that we have a compelling reason for doing so
Please get in touch to make an objection verbally or in writing
We have one calendar month to respond to an objection
Your rights relating to automating decision-making, including profiling
The GDPR has provisions on:
automated individual decision-making (making a decision solely by automated means without any human involvement); and
profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process.
At present, none of our processing activities include automated decision making but if things change you can be sure we will let you know
You may have signed up to our email or blog services. By consenting to these we may send you other emails regarding your preferences, but we will always communicate our intentions first
What personal information do we collect?
When we collect your personal information, we only collect exactly what is required to provide you with the service you have requested.
We will always notify prior to or at the time of us collecting your data.
If you have placed an order through our e-commerce service, we will only require information to fulfil your request and ensure your goods are shipped to the correct location. This may include your name, personal address or a business address relating to you. We will obviously have to collect financial data to fulfil your order requirements but these details are not retained and are not stored or transmitted through our servers.
In some cases, we may collect contact information like emails and phone numbers. This information will only be used to aid communication and in relation to the service you have requested.
Of course, we may want to send you information regarding our other services and products. We will always ask for your consent first.
We will have to collect your information when you are conducting any training with us. We may have to use this information to prove your attendance and your identity. We may also use this information to provide you with qualifications and certifications.
When recruiting our future security professionals and supporting staff, we may of course process your personal information to help us process your journey to future employment. Of course, if you become a team member then other PII will have to be collected including payroll and emergency contact information.
Whatever the reason for processing your data, we will only retain it if we have to and only to meet operational retention needs.
Who do we share your information with?
As with most organisations, we may have to share your data with third party processors. This will only be the case to fulfil a service requirement. An example of this may be passing shipping information to our trusted couriers. Some of our training will be conducted and certified under a particular governing body, again we may have to share your data in order to certificate and for training records.
We can inform you of all our third-party processors should you require this information. What we can assure, is that all our third-party processors will be adhering to the EU GDPR and are setting technical and organisational security measures no less stringent than our own.
They will only process your data for reasons we have originally stipulated. Full communication from them to both us and you will always be the case should they want to process in any other manner.
Our third-party processors understand what they can and cannot do with your data. They fully understand their obligations and the importance of the security of your personal data.
Here at NW Security Group, data security forms part of our service offering. It is therefore of upmost priority that our own technical and organisational security measures are of the highest standard.
We are very proud to boast a Cyber Essentials Plus accreditation. These means that our technical security measures have been examined and have been proven fit for purpose by an external agency. This will continue on an annual basis to ensure our high levels are maintained.
Our organisational security procedures are overseen by our very own expert security and risk management consultants. All our staff are trained in GDPR and Cyber security awareness and we boast a high internal security appetite.
When we supply you with a security system like CCTV, Access control or another similar system, we will advise you regarding end user obligations under GDPR. Generally, this is where full responsibility of PII protection lands with you as the controller.
We may of course offer you a Service Level Agreement (SLA) where processing activities may take place. We will only conduct processing activities where you have directed. We may come in to contact with personally identifiable information in video format or legacy access control data, this may be part of our service support during a system fault or during a maintenance check. Again, this will only be conducted with your consent and with full confidentiality.
Our legal basis for processing
All or your personally identifiable information (PII) has been collated in a data mapping exercise. This exercise has identified how your data flows throughout our business including third-party processors. We have mapped the data flow from the time of collection until the data has been stored or destroyed.
We have identified what our legal basis is for processing, we are more than happy to share this information on request.
We periodically assess whether retained data is still of any use, and so therefore destroy data that which we can no longer process with justification.
Most of our legal basis for processing is in the form of \"your consent\", we periodically assess our consent mechanisms to ensure continuous validity and to ensure they are still pursuant to the original reason for processing.
Our CCTV System
We employ CCTV on our premises in order to prevent, deter and detect crime whilst at the same time for industry product development. Our data may at times capture PII and therefore you can exercise your right to access this data by submitting a Subject Access Request. Please get in touch and we can advise you with this if required. Our video data is not retained after the retention period has elapsed.
Cookies help us to do the following
Making our shopping basket and checkout work for you
Remember your settings during and between visits
Improve the speed/security of the site
Allow you to share pages with social networks like Twitter (the privacy implications of this will vary between the social networks and will be dependent on the privacy settings you have chosen on these networks)
Make our marketing more efficient (ultimately helping us to offer the service we do, at the prices we do)
Certain 3rd parties' services in use on our websites such as TrustPilot (the service reviews system we use) and AffiliateFuture (the service we use to attract online sales via other websites) may place cookies in your browser as you browse our websites. Please consult their cookie policies for further information on this.
Cookies collected by Google Analytics may be used by Google to serve appropriate ads to you when you visit other websites which allow this. This is known as 'remarketing'.
Track the identity of visitors to our websites or profile them in any way
Serve adverts directly to you
Personalise our website
Collect any personally identifiable information (without your express permission)
Collect any sensitive information (without your express permission)
Pass personally identifiable data to third parties
Granting NW permission to place cookies
How to contact us
We would be delighted to help with your data privacy enquiries.
Please contact our data protection and privacy experts should you need further information.
Please write to us or give us a call:
NW Security Group
Claddagh Business Centre
New Hall Lane
0151 633 2111