We are committed to complying with the requirements of the General Data Protection Regulation and the Data Protection Act 2018 and take our Data Protection duties seriously. Should we ask you to provide information by which you can be identified, then you can be assured that it will only be used in accordance with this Policy.
Gordon Burns, Service Director, is ultimately responsible for ensuring compliance with relevant Data Protection legislation, with Rachel Doherty, Marketing and OD Manager, responsible for the implementation of Company Policies and Procedures.
What Personal Data Do We Process?
Typically, we may process the following information:
This list is not exhaustive, and we may need to collect additional data for the purposes set out in this Policy.
When processing Personal Data, we endeavour to comply with the Data Protection Principles, to ensure it is:
Data Protection legislation is not intended to prevent the processing of Personal Data, but to ensure that it is processed fairly and without adversely affecting the rights of the individual.
In accordance with Data Protection legislation, we will only process Personal Data where there is a legitimate business interest to do so, and where such processing is compliant with legislation, such as: where the individual has given their consent; where the processing is necessary to fulfil a contract; for compliance with a legal obligation; or, for the legitimate interest of the business. Where Sensitive Personal Data is being processed, additional conditions must be met.
What Do We Do With Personal Data?
We require this information for our legitimate business interests, to understand our customer needs, and to provide customers with our products and services, and in particular for the following reasons:
We may collect and process Personal Data that we receive directly from you, such as when you complete our contact form on our website or communicate with us directly by email, as well as Personal Data that we receive from other sources, such as our business partners and suppliers in technical, payment, and delivery services.
Personal Data is made available to PAC Group employees on the “need to know” principle based on their job role. This is reviewed regularly to ensure compliance and the security of Personal Data forms part of our Disciplinary Procedures.
Where a business partner or supplier has access to our systems, for example web developers, maintenance engineers, or accountancy partners, we will ensure an appropriate Data Processor Agreement is in place and assure ourselves of their compliance with relevant legislation.
Some of the recipients of Personal Data may be located outside of the UK. However, we only transfer Personal Data to countries where the EU Commission has determined that they have an adequate level of data protection.
Personal Data is stored or retained for as long as is necessary for our business purposes, in line with our legitimate business interests, and will be securely erased and/or destroyed when the legitimate business interest is no longer applicable.
Visitors To Our Website
Our website is securely hosted by XXXX, and our server is located within the EU. Our website is PCI compliant and has an SSL security certificate. When someone visits www.pac-ni.co.uk, we collect standard and anonymous internet log information, such as user activity and page visits, to monitor the effectiveness of our website and help us improve it. We cannot identify website users from the information collected, and we do not attempt to discover the identities of the individuals.
Our website uses Google Analytics (https://www.google.com/analytics/terms/us.html) to monitor user behaviour. This information is stored by Google on servers in the United States. This information is associated to your IP address, and not to you as an individual. Google do not associate your IP address with any other data stored by Google.
Should you use our Contact Form on our website, the information provided will be stored in our Customer Relationship Management software to enable us to respond to your request effectively, and to build an on-going relationship with you as a customer.
Cookies do not enable us to identify you as an individual, and in no way do cookies give us access to your computer. You can choose to accept or decline cookies. However, most web browsers accept cookies. You can usually modify your settings to decline cookies, if you prefer, though this may prevent you from taking full advantage of our website.
We use a third-party provider, MailChimp, to deliver our e-newsletters. We gather statistics about email performance to help us monitor and improve our e-newsletter. Current customers may receive our e-newsletter via “soft opt-in”. This means we may contact customers with information that may interest them based on the products/services they have purchased from us, or enquired about, in the past.
Anyone who wishes to receive our e-newsletter can provide explicit consent to opt-in. This can be in the form of an email to email@example.com asking to be subscribed to our e-newsletter, or by completing our newsletter sign-up form. You can elect to be removed from our e-newsletter by clicking “unsubscribe” in any of our emails, or by sending your request to be removed to the email address provided above.
Links To Other Websites
We have official social media profiles on Facebook, Twitter, YouTube, and LinkedIn. If you send us a private message via social media the message will be stored, but it will not be shared with any other parties. Activity on these websites is controlled by Facebook, Twitter, YouTube, and LinkedIn respectively.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access, accidental or unlawful destruction, damage, loss, alteration, or unauthorised disclosure, we have put in place suitable physical, electronic, technical, and managerial procedures to safeguard and secure the information we collect both on and off-line. We maintain data security by protecting the confidentiality, integrity, and availability of the personal data, defined as follows:
Our security measures include password protected hardware and software, suitable anti-virus software, malware, adware, and firewalls, encryption where possible, secure and lockable desks, cupboards, and rooms, data minimisation, secure methods of disposal with hard copy documents being shredded and digital storage devices destroyed, and users logging off from their laptop or PC when it is left unattended.
In the case of applications for employment, the application form requires the minimum amount of information necessary to process your application, as well as the information necessary for the short-listing process and to arrange interviews. If you are unsuccessful, you may be asked if we are permitted to retain your information on file for a set period so we may contact you in the event of future vacancies becoming available. We are required by the Equality Commission to collect Equal Opportunities Forms as part of our application process. These are not stored by PAC Group.
Under Data Protection legislation, you have rights as an individual, which you can exercise in relation to the information we hold about you. For example, you may be able to: limit our use of your Personal Data; find out how long your Personal Data will be held for; check to ensure the Personal Data we hold on you is accurate and ask for it to be rectified where it is found to be inaccurate; ask for your Personal Data to be erased, destroyed, or restricted (dependent upon our legal basis for processing it); withdraw consent regarding the processing of Personal Data (where consent is our legal basis) without affecting the lawfulness of the processing before the consent was withdrawn; lodge a complaint with the Information Commissioner’s Office.
Complaints Or Queries
We try to meet the highest standards when processing personal information. For this reason, we take any complaints we receive very seriously. We encourage people to bring it to our attention if they think that our processing of information is unfair, misleading, or inappropriate.
How To Contact Us
Changes To This Policy