Privacy Notice – Customers
Carter Group is committed to safeguarding your privacy. This policy explains how we collect, use and protect information about you. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
Covered under this policy:
- Who we are
- What information do we collect?
- How do we use your personal data?
- Marketing
- Disclosing your personal data to others
- Where we store your personal data
- How long do we keep your personal data for?
- How secure is my data
- Your rights
- Your right to complain
- Changes to our privacy policy
1. Who we are
Carter Group is our brand name and we have two separate trading companies Carter Security Limited and Carter Services Group Limited. Carter Security Limited is a Security & Fire Systems provider registered in England & Wales (Company Number 07474907) (“we”, “us”, “our” or “CARTER SECURITY”) with registered office at Unit 14 Saffron Court, Southfields Business Park, Basildon, Essex
SS15 6SS. Carter Services Group Limited is an Electrical Contractor registered in England & Wales (Company Number 11489438) (“we”, “us”, “our” or “CARTER SERVICES GROUP”) with registered office at Unit 15 Saffron Court, Southfields Business Park, Basildon, Essex SS15 6SS.
Under the UK GDPR Regulations we are not required to appoint a Data Protection Officer, however management can be contacted at: admin@carter-group.co.uk.
CARTER SECURITY AND CARTER SERVICES GROUP is defined as a “Data Controller,” which means that we are responsible for deciding how we hold and use personal information about you. We are required – under data protection legislation – to notify you of the information contained in this privacy notice.
We are registered with Information Commissioner’s Office under registration references: ZA229840 and ZA521266.
2. What information do we collect
Under the UK’s General Data Protection Regulation (UK GDPR) personal data is defined as:
“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
We collect your personal data because it is necessary for us to be able to provide you with the services that we offer, whether this be; an enquiry of products and services, a site survey to discuss your requirements and/or our recommendations, quotation/system design proposals, installation, maintenance and/or monitoring contract duties and reminders notices of contract renewals.
We do not collect any sensitive personal data about you, such as information about your race, political opinions or religious beliefs – unless we obtain your explicit consent. In addition, we do not knowingly collect personal data from – or direct our content towards – those under the age of 16.
3. How do we use your personal data
Personal data provided to us will be used for the purposes of:
- carrying out our obligations arising from any contracts entered into between you and us (or businesses acquired by us) and to provide you with the information, products and services that you request from us;
- providing you with information about other goods and services that we offer, which are similar to those that you have already enquired about or have installed;
- sending statements and invoices to you and collecting payments from you;
- complying with our statutory and regulatory obligations;
- dealing with enquiries and complaints made by you or about you relating to the services that we provide; and/or
- we may also use your information to send important notices, such as communications about renewals, warranty expiry or changes to our terms & conditions and company policies.
If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
4. Marketing
From time to time, we may use your information to contact you with details about our products and services which we feel may be of interest to you or technology changes that may impact you.
You can withdraw your consent to any marketing emails, at any time, simply by emailing admin@carter-group.co.uk.
5. Disclosing your personal data to others
We will not share your personal data with others, unless:
- we are under a duty to disclose or share your personal details in order to comply with any legal obligation, or in order to enforce or apply our rules.
- our business enters into a joint venture with, or is sold to or merged with another business.
We may then share your personal details with our new business partners or owners.
- we use third parties to carry out business activities and they require your personal details to do so. In these circumstances any third parties that we share your data with are obliged to keep your details secure, (for example, contractors, delivery services and website hosts where relevant) and to use them only to fulfil the service they provide you on our behalf.
Where relevant, we will require that third parties follow our data details for their own business purposes, without your prior consent.
6. Where we store your personal data
We store all of your personal details on a secure server within the United Kingdom and/or European Economic Area.
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.
Any payment transactions taken over the telephone will be processed through our third party Worldpay, our telephones are not recorded when taking payments to ensure the security of payment details. We also have a preferred third party Direct Debit provider whom is authorised by the UK Financial Conduct Authority under the Payment Services Regulations 2017.
Unfortunately, the transmission of information via the internet is not completely secure and cybercrime is becoming an everyday threat. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website. As such, any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
7. How long do we keep your personal data for
We keep your personal data for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data – and whether we can achieve those purposes through other means – and the applicable legal requirements.
8. How secure is my data
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
In addition, we limit access to your personal information to those employees, contractors, debt recovery solicitors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
9. Your rights
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
- Right to judicial review: in the event that we refuse your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined below.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please write to us at Carter Group, Unit 14 Saffron Court, Southfields Business Park, Basildon Essex SS15 6SS or email us at admin@carter-group.co.uk. Identification may need to be verified which leaves no doubt that you are the data owner prior to commencement of any requests.
You will not have to pay a fee to access your personal information
(or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
10. Your right to complain
If you have any problems with the way that we are handling your personal data, you should contact the Information Commissioner’s Officer (ICO).
The ICO can be contacted by telephone on 0303 123 113 – Monday to Friday, between 9am and 5pm – or by email at casework@ico.org.uk . You can also visit the ICO’s website by following this link: https://ico.org.uk/ .
11. Changes to our privacy policy
We keep our privacy policy under regular review.
If you have any questions about this Policy or how we handle your personal information, please contact us at admin@carter-group.co.uk.
Issue Record
Version No | Review | Date |
V1 | Original issue | 22/05/2018 |
V1 | Reviewed | 30/01/2019 |
V2 | Carter Group. | 03/02/2020 |
V2 | Reviewed. | 03/02/2021 |
V3 | UK GDPR implementation and review. | 24/01/2022 |
V3 | Reviewed. | 31/01/2023 |
V3 | Reviewed. | 21/02/2024 |
Signed:
Danny Cosker, Managing Director
Date:
21st February 2024