We are committed to protecting and respecting your privacy.
Everyone has rights with regard to the way in which their personal information is handled. During our activities we will collect, store and process personal information about our customers, suppliers and other third parties, and we recognise that the correct and lawful treatment of this data will maintain confidence in the organisation and will provide for successful business operations.
This policy sets out the basis on which any personal information we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal information and how we will treat it.
Abbey Security Services offers protective services to a wide range of customers in a variety of industries and customer segments. In the framework of its activities, Abbey Security Services sometimes collects, holds, discloses or otherwise processes personal data.
We, at Abbey Security Services, are committed to ensuring the privacy and safety of personal data in compliance with the applicable data protection legislation. This Privacy Notice provides you with general information about how Abbey Security Services manage personal information. The Privacy Notice also describes your rights and how you can exercise those rights in regard to Abbey Security Services.
If you have any other question or request in relation to the processing of your personal data, you may contact us at any time in writing at the address indicated below. You may also contact our Quality Control Manager email@example.com.
For the purpose of UK data protection laws, the data controller is Abbey Security services Limited of 32-33 Eastern Way Porters House Bury St Edmunds Suffolk ip32 7ab.
Data Protection Principles
When processing your information, we must comply with the six enforceable principles of good practice. These provide that your personal information must be:
- processed lawfully, fairly and in a transparent manner,
- processed for specified, explicit and legitimate purposes,
- adequate, relevant and limited to what is necessary,
- accurate and kept up-to-date,
- kept for no longer than is necessary, and
- processed in a manner than ensures appropriate security.
Abbey Security Services highly value and respect the privacy and the security of your personal data. Personal data means any information relating to an identified or identifiable natural person (the ‘data subject’).
In the framework of our activities, Abbey Security Services aims to ensure, at all time, that personal data are:
processed lawfully, fairly and in a transparent manner (‘lawfulness, fairness and transparency’);
collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’);
adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
accurate and, where necessary, rectified or kept up to date (‘accuracy’); kept in a form which permits identification of the data subjects for no longer than is necessary for the purposes for which the personal data is processed (‘storage limitation’);
processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
Processing of your personal data will only be performed for achieving specific legitimate purposes (see title 5 below, ‘Purposes of the processing: Why do we process your personal data’) and when justified on the basis of a valid legal ground (see title 6 below, ‘Legal Basis for the Processing of Your Personal Data’).
Information You Give To Us
We may collect, use, store and transfer different kinds of personal information about you, including:
- Identity Data, such as your name, title and job role.
- contract Identity Data, such as your email address and telephone contact.
- Contact Data, such as your business address, email address and telephone numbers, direct extension.
- Financial Data, such as bank account and payment card details, business use only for invoicing purposes.
- Transaction Data, including details about payments to and from you, and other details of additional services you may purchase from us,
- Technical Data, including IP addresses, browser type and version, time-zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website, or use to correspond with us.
- Profile Data, including services purchased by you, or business requests feedback and survey responses, officer reports.
- Usage Data, including information about how you use our website, correspondence products and services,
- Marketing Data, such as your preferences in receiving marketing from us and your communication preferences.
‘Special Category’ Data for customers and employees
Information relating to your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, criminal convictions, sex life or sexual orientation, or certain types of genetic or biometric data is known as ‘special category’ data.
During the course of dealing with you, we do not expect to collect any ‘special category’ data about you as a customer.
But employees will be subject to some of the above questions for employment.
How We Collect Your Personal Information
We will obtain personal information by directly interacting with you, such as:
- placing orders for services via our website, or email, telephone call.
- commencing a contract of services with Abbey Security Services.
- participating in discussion and meeting feedback forms.
- browsing our website
- providing us with feedback,
- corresponding with us by phone, email, letters or otherwise.
- By site visit and commencing services
- For risk assessments that are site specific
- Full name
- Company name
- Company location
- Position in company
- Billing information
- Telephone number
- Email address
We may obtain personal information via automated technology when you interact with our website by using cookies, server logs and other similar technologies.
We may also collect personal information about you from third parties or publicly-available sources, such as:
- analytics providers (such as Google),
- credit reference and fraud prevention agencies
- providers of technical, payment and delivery services,
- Companies House, LinkedIn and the electoral register.
How We Use Your Personal Information
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
- you have given us consent,
- we need to perform a contract we are about to enter into, or have entered into, with you,
- where it is necessary for our or a third party’s legitimate interests, and your interests and rights do not override those interests, or
- where we need to comply with a legal or regulatory obligation.
We do not use ‘special category’ information.
Purposes for Which We Will Use Your Personal Information
For the purpose of a contractual obligation such as alarm call outs or to emergency services.
We may use your personal information for a number of different purposes. For each purpose, we are required to confirm the ‘legal basis’ that allows us to use your information, as follows:
Purposes for which we will use the information you give to us
To register you as a new customer It will be necessary for the performance of the contract between you and us
To process your services and, to deliver the service to you (including managing payments, fees and charges) It will be necessary for the performance of the contract between you and us
To manage your queries or complaints It will be necessary for the performance of the contract between you and us
To collect and recover money owed to us It will be necessary for our legitimate business interests, namely to ensure we receive payment for services that you have ordered from us
To administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes, to allow you to participate in interactive features of our service, when you choose to do so, to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you and to make suggestions and recommendations to you and other users of our website about services that may interest you or them It will be necessary for our legitimate business interests to ensure you receive the best experience possible when accessing and using our website, dealing with management.
for our legitimate business interests, namely to study how customers use our services, to develop them and help grow our business.
To create customer profile types that are used to help identify new customers from other sources. These profiles DO NOT contain personal data. This will be done after you give your consent for us to do.
Your consent can be withdrawn by changing your preferences through a contract adjustment or by email to the company.
To maintain contact to adjust or amend any contractual agreement that suits the customer.
In all other cases, we will only do this if you give us your consent
To prevent customers from trading with Abbey Security who have been abusive or who have abused services that we supply. It will be necessary for our legitimate business interests, namely to prevent the misuse of our services.
To prevent customers from trading with Abbey Security who have been fraudulent and to pass their details on the relevant legal/regulatory organisation. It will be necessary in the public interest to help prevent fraudulent or dishonest behavior.
namely to ensure we provide the quality of service you expect from us
To have a contractual relation with you to supply goods and/or service. It will be necessary for our legitimate business interests, in order to fulfil our contractual obligations.
To contact you to undertake customer satisfaction surveys, invite you to provide service reviews. It will be necessary for our legitimate business interests, namely to develop services, and designs that attract and retain customers, improving customer interaction with our sites and management.
We will only use your personal information for the purpose(s) for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
What If You Cannot Or Will Not Provide Us With Your Personal Information
It is a contractual requirement for you to provide us with certain information, namely your name, business address, phone number and email address. During the contract process you will be required to provide invoice information to the contract. We will hold any of your business bank card details. If you do not provide with payment detail information, we may be unable to enter into a contract and process the contract and deliver the services to you.
Disclosure Of Your Information
We may share your personal data with trusted third parties. For example, to delivery your service, to handle complaints, for theft management, to help us personalize our services to you, emergency services, engineers, the prevention of crime and so on.
This is the policy we apply to those organizations to keep your data safe and protect your privacy:
- We provide only the information they need to perform their specific services.
- We require all third parties to respect the security of your personal information and to treat it in accordance with the law.
- We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.
- We work closely with them to ensure that your privacy is respected and protected at all times.
- If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
Third parties we work with are:
Data Insight Behavioural analysis that allows us to personalise your experience and the information we provide to you. We use 3it logo soft and kallkwik.
Email Services How we manage our electronic communication with you. This is done through either IBM, Red Eye and Fresh Relevance word document excel outlook Microsoft.
Emergency Services and Crime Management We may use a combination of Experian, DWP, Citizens Advice Bureau and the Police when fulfilling our ‘public interest’ and legal responsibilities to prevent criminal and dishonest behaviour. We may share information about criminal or potentially criminal activity in your or our premises or systems. This may include sharing data about individuals with law enforcement bodies.
We use a number of partners to support our website and other business systems but only share your information with our trusted provider.
When necessary we will enlist solicitors for resolution of legal matters.
Addressing of printed material will be provided by Microsoft and then delivered by Royal Mail.
During the payment process you will be directed to finance manager through sage.
Market Research Services
Should you wish to comment on our service you will be able to do so via our website or email as your service provider.
We may be required to disclose your personal data to the police or other enforcement, regulatory or Government body, in your country of origin or elsewhere, upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our customers into consideration.
When appropriate your personal information may be shared with HM Revenue & Customs, the UK Information Commissioner’s Office, regulators and other authorities who require reporting of processing activities in certain circumstances.
If a change happens to our business, i.e. bought out then the new owners may use your personal information in the same way as set out in this policy.
Where We Store Your Personal Information
All information you provide to us is stored on our secure servers in the United Kingdom.
We will take all steps reasonably necessary to ensure that your data is treated securely, including a formal review of the security provisions of 3rd party Data Controllers we use, including taking the following safeguards:
- Network security. We deploy security and monitoring tools that restrict access and alert us to any unauthorised behaviour on our network and systems.
- Data Transfers. All data transfers are carried out using multi-layered security measures to ensure data integrity and privacy.
- Firewalls and encryption. We apply industry-standard firewall protection and use up to date, not compromised, encryption technology.
- Auditing and Testing. We carry out regular penetration testing and employ ethical hackers to ensure our infrastructure is secure and any intrusion would be quickly detected.
- Building entry controls. Our premises and those of the 3rd parties we use are access controlled and monitored always, with on-site security and CCTV traceability.
- Secure lockable desks and cupboards. Desks and cupboards are kept locked when not in use if they hold confidential information of any kind.
- Methods of disposal. Paper documents are disposed of by shredding in a manner that ensures confidentiality.
- Access and control. We maintain strictly controlled access to systems and data based on the authorised roles of staff. These staff are subject to vetting law British standard.
- Training. We ensure our employees are trained in the importance of data security.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
this should a keyholder need to be called this will be done through our control room staff. We will only share any content of customer request and consent.
How Long We Will Store Your Personal Information
The length of time that we will store your data will depend on the ‘legal basis’ for why we are using that data, or contractual obligation to you as follows:
Length of time
Where we use/store your data because it is necessary for the performance of the contract between you and us We will use/store your data for as long as it is necessary for the performance of the contract between you and us
Where we use/store your data because it is necessary for us to comply with a legal obligation to which we are subject We will use/store your data for as long as it is necessary for us to comply with our legal obligations
Where we use/store your data because it is in the public interest We will use/store your data for as long as it remains a matter of public interest for us to do so. The law sets out what matters are considered to be in the public interest, and we will use/store your data in accordance with those requirements
Where we use/store your data because it is necessary for our legitimate business interests We will use/store your data until you ask us to stop. However, if we can demonstrate the reason why we are using/storing your data overrides your interests, rights and freedoms, then we will continue to use and store your data for as long as it is necessary for the performance of the contract between you and us (or, if earlier, we no longer have a legitimate interest in using/storing your data)
Where we use/store your data because you have given us your specific, informed and unambiguous consent We will use/store your data until you ask us to stop
To determine the appropriate retention period for personal information, we consider the amount, nature and sensitive of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal req Your Rights
You have various legal rights in relation to the information you give us, or which we collect about you, as follows:
- You have a right to access the information we hold about you free-of-charge, together with various information about why and how we are using your information, to whom we may have disclosed that information, from where we originally obtained the information and for how long we will use your information.
- You have the right to ask us to rectify any information we hold about you that is inaccurate or incomplete.
- You have the right to ask us to erase the information we hold about you (the ‘right to be forgotten’). Please note that this right can only be exercised in certain circumstances and, if you ask us to erase your information and we are unable to do so, we will explain why not.
- You have the right to ask us to stop using your information where: (i) the information we hold about you is inaccurate; (ii) we are unlawfully using your information; (iii) we no longer need to use the information; or (iv) we do not have a legitimate reason to use the information. Please note that we may continue to store your information, or use your information for the purpose of legal proceedings or for protecting the rights of any other person.
- You have the right to ask us to transmit the information we hold about you to another person or company in a structured, commonly-used and machine-readable format. Please note that this right can only be exercised in certain circumstances and, if you ask us to transmit your information and we are unable to do so, we will explain why not.
- Where we use/store your information because it is necessary for our legitimate business interests, you have the right to object to us using/storing your information. We will stop using/storing your information unless we can demonstrate why we believe we have a legitimate business interest which overrides your interests, rights and freedoms.
- Where we use/store your data because you have given us your specific, informed and unambiguous consent, you have the right to withdraw your consent at any time.
If you wish to exercise any of your legal rights, please contact our Quality control Manager by writing to the address at the top of this policy, or by emailing him at firstname.lastname@example.org
You also have the right, at any time, to lodge a complaint with the UK Information Commissioner’s Office if you believe we are not complying with the laws and regulations relating to the use/storage of the information you give us, or that we collect about you.
Changes To Our Policy
Any changes we make to our policy in the future will be posted on our website and, where appropriate, notified to you by email. Please check our website frequently to see any updates or changes to our policy.
Questions, comments and requests regarding this policy are welcomed and should be addressed to our Quality Control Manager by writing to the address at the top of this policy, or by emailing him at email@example.com
We take your security very seriously, and we’ve invested in a totally secure and safe website and systems to run the company. Once the contract is entered into with Abbey Security Services, we encrypt all your details using our chosen service provider and systems.
We, at Abbey Security Services, take all the necessary administrative, technical and organisational measures to ensure the security and confidentiality of your personal data and to protect your personal data against unauthorised or accidental access, loss, misuse, disclosure, alteration or destruction.
11.2. Prior to disclosing your personal data to a third-party / data processor, we will always ensure that this third-party / data processor offers an adequate level of security.
We encourage you to review and check our website regularly for any updates to this Privacy Notice. If you would like a copy of this Privacy Notice, please contact our Quality Control Manager at firstname.lastname@example.org
Data Subjects covered by the GDPR are afforded additional rights including:
- The Right to be Forgotten: you have the right to request the erasure of the personal data submitted to Abbey Security Services; this means you can request Abbey Security Services restrict your data from any further processing, and have your data deleted if possible.
- Complaints may also be submitted to the applicable supervisory authority in the European Economic Area, which includes the data protection authority in your locality (for example, in the U.K., the supervisory authority would be the Information Commissioner’s Office).
Revised on 10th May 2018.
1st July 2018