STATEMENT OF GDPR COMPLIANCE
When processing personal data, Ultra AV has adopted the following principles, as laid down in the EU GDPR Regulation:
Personal Data shall be processed lawfully, fairly and in a transparent way.
Personal Data shall be collected for specified, explicit and legitimate purposes only.
Personal Data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
Personal Data shall be accurate and kept up to date.
Personal Data shall be kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the Personal Data is processed.
The integrity and confidentiality of Personal Data is maintained at all times through appropriate technical and organisational measures, including protection against unauthorised or unlawful Processing, and against accidental loss, destruction or damage.
DATA SUBJECT RIGHTS
GDPR is intended to give individuals, such as our clients, customers, staff and crews more power over how we manage their personal data. In-line with the GDPR we have reviewed and enhanced our procedures to enable such data to be located and anonymised or erased, in order to respond to requests to delete, rectify, transfer, access or restrict the processing of data. This will enable us to facilitate the following enhanced rights:
Handling Data Subject Access Requests
Handling data portability and rectification requests
The application of retention periods and the secure erasure of personal data
In the unlikely event that a data breach should occur, we will implement a procedure for rectification, reporting to the ICO and, where required, to the data subject in accordance with the regulation.
WHAT DATA DO WE COLLECT?
We may collect or record basic personal information which you voluntarily provide through placing orders, completing forms on our website, through electronic mail you send to us, or through other means of communication between you and us.
We may collect part or all of the following personal data (this may vary according to your relationship with us
Business Email address;
Business Telephone number;
Social Media Profiles;
CV and qualifications (staff , crew and freelance technicians only)
Date of birth (staff , crew and freelance technicians only)
Passport numbers (staff , crew and freelance technicians only)
We do not generally seek to collect sensitive personal information (e.g. racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership; health or sex life, sexual orientation; genetic or biometric information) and if we do, we will ask for your explicit consent to our proposed use of that information at the time of collection. This information will be collected, stored, accessed and processed in a secure manner.
HOW WE USE YOUR DATA
We use personal information held about you in the following ways:
to update and enhance our service records
to compile information relating to your use of our equipment and services and make recommendations about AV technology that may interest you
to ensure the content from the Website is presented in the most effective manner for you and your computer / mobile device.
to carry out our obligations arising from any contracts entered into between you and us to provide you with the equipment and services that you request from us
to contact you by electronic means only if you have consented to this. You can opt-in/out of such notifications by following the instructions on the relevant forms set out on this Website (or elsewhere as applicable) or at any time after providing your information
we may analyse your data to create a profile of your interests and preferences so that we can contact you in the most appropriate way and with the most relevant information;
DISCLOSURE OF YOUR DATA
Note: In order to provide Audio Visual products and services to you or to fulfil contractual arrangements that we have with you, we may need to appoint other organisations to carry out some of the data processing activities on our behalf. These include, for example, payment processing organisations, delivery organisations, fraud prevention, and credit risk management companies.
We will never sell your data to third parties for the purposes of marketing.
When someone visits our web site we use Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of hits to the various AV equipment pages of the web site.
This information is processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. For more information you can read Google Analytics’ GDPR compliance notice.
WHERE WE STORE YOUR DATA
Any payment transactions will be encrypted using SSL technology.
SECURITY OF YOUR PERSONAL DATA
The security of your personal information is important to us. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it.
We use appropriate measures to safeguard personally identifiable information. Measures are appropriate to the type of information maintained, and follow applicable laws regarding the safeguarding of any such information under our control. In addition, in some areas of our website, we may use encryption technology to enhance information privacy and help prevent loss, misuse, or alteration of the information under our control. We also employ industry-standard measures and processes for detecting and responding to inappropriate attempts to breach our systems.
Note: No method of transmission over the Internet, or method of electronic storage, can be 100% secure. Therefore, we cannot guarantee the absolute security of your information. The Internet by its nature is a public forum, and we encourage you to use caution when disclosing information online. Often, you are in the best situation to protect yourself online. You are responsible for protecting your username and password from third party access, and for selecting passwords that are secure.
HOW LONG WILL WE KEEP YOUR DATA?
Your information may be retained for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirement.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us at the address detailed below.
WHAT ARE YOUR RIGHTS?
Under GDPR your rights include:
Request access to your personal data – (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. Note that we may refuse to comply with a request for access if the request is manifestly unfounded or excessive, or repetitive in nature.
Request correction of your personal data – this enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. Note that we may refuse to comply with a request for correction if the request is manifestly unfounded or excessive, or repetitive in nature.
Request erasure of your personal data – this enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note that we may refuse a request for erasure, for example, where the processing is necessary to comply with a legal obligation or necessary for the establishment, exercise or defence of legal claims.
Request restriction of processing your personal data – this enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. Note that we may refuse to comply with a request for restriction if the request is manifestly unfounded or excessive, or repetitive in nature.
Request transfer of your personal data – we will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies where your personal data is processed by us with your consent or for the performance of a contract and when processing is carried out by automated means.
Right to withdraw consent – you can withdraw your consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
ACCESS TO YOUR INFORMATION
You have the right to request a copy of the information we hold about you. This is known as a “subject access request”.
If you would like a copy of your personal information, please email email@example.com or write to us at the address below.
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within 30 days of receiving it.
We want to make sure that your personal information is accurate and up to date. You have the right to ask us to correct or remove information you think is inaccurate.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or remembers when you visit a particular page. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from our systems.
Cookies help us provide you with a better website experience, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website functionality.
Please note that for your safety and security, CCTV is in operation at all of our premises.
HOW TO CONTACT US
To contact us regarding your personal data and GDPR, including to make a subject access request, please email us at firstname.lastname@example.org or write to us at Ultra AV, Unit G3 – 102 Kirkstall Road, Leeds, LS3 1JA.