At Marquee Electronics we take your privacy seriously. It is important that you know exactly what we do with personal information that you and others provide to us, why we gather it and what it means to you. This document is being provided to you in line with our obligations under the General Data Protection Regulation (GDPR) which came into force on 25 May 2018.
Who we are
Throughout this notice ‘we’, ‘us’ and ‘our’ refers to Marquee Electronics Ltd. Your information is held by us and processed by us.
Reasons/purposes for processing information
We process personal information to enable us to provide an electronic design and consultancy service, promote our services, meet our legal obligation for business and tax purposes to maintain our accounts and records to support and manage our staff. We also hold personal information using a CCTV system to maintain the
security of the premises and for preventing and investigating crime.
The information we collect about you
We process information relevant to the above reasons/purposes. This may include:
- Personal details
- Financial details
- Employment and education details
- Goods or services
- Visual images
Who the information is processed about
We process personal information about:
- Our employees
- Customers and clients
- Suppliers and service providers
- Advisers, consultants and other professional experts
- Complainants and enquirers
- Individuals captured by CCTV images
Who the information may be shared with
We sometimes need to share the personal information we process with the individual themselves and also with other organisations. Where this is necessary we are required to comply with all aspects of the Data Protection Act (DPA). What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.
Where necessary or required we share information with:
- Family, associates and representatives of the person whose personal data we are processing
- Employment and recruitment agencies
- Current, past and prospective employers
- Educators and examining bodies
- Central government
- Workplace pension provider
- Credit references agencies
- Suppliers and service providers
- Debt collection and tracing agencies
- Financial organisation
- Police forces
- Security organisations
When sharing information all safeguarding measure will be adhered to as noted with our Data Protection Policy, copy of which is available on request.
How long we keep your data
How long we hold your data for is subject to legislation and regulatory rules we must follow, set by central government. We will not hold data for longer than required.
How to exercise your information rights
From 25 May 2018, you will have several enhanced rights in relation to how we use your information, including the right, without undue delay, to:
Find out if we use your information, access your information and receive copies of your information
Have inaccurate/incomplete information corrected and updated
In certain circumstances, to have information deleted or our use of your data restricted
Exercise the right to data portability (i.e. obtain a transferable copy of your information we hold to transfer to another provider)
If you wish to exercise any of your data rights, you can contact us at firstname.lastname@example.org, by mail to Marquee Electronics, 15B Broad Street, Magherafelt, Co. Derry BT45 5GX
Marquee Electronics GDPR Policy
Marquee Electronics is committed to a policy of protecting the rights and privacy of individuals, in accordance with the General Data Protection Regulation (GDPR).
GDPR contains provisions that the business will need to be aware of as data controllers, including provisions intended to enhance the protection of personal data.
GDPR requires that: Marquee Electronics needs to process certain information about its staff, customer, suppliers, and other individuals with whom it has a relationship for various purposes such as, but not limited to:
- The recruitment and payment of staff
- The day to day purchasing and sales of goods
- The making or receiving of payments as part of day to day trading
- To contact you about a submission or request for information you have made
- In relation to any correspondence we receive from you or any comment or complaint you make about our products or services
- Complying with legal obligations and government including local government. To comply with various legal obligations, including the obligations imposed on it by
GDPR Marquee Electronics must ensure that all this information about individuals is collected and used fairly, stored safely and securely, and not disclosed to any third party unlawfully.
All members of staff are responsible for ensuring that any personal information which they hold is kept securely and not disclosed to any unauthorised third parties. Marquee Electronics will ensure that all personal information is accessible only to those who have a valid reason for using it.
Marquee Electronics will have in place appropriate security measures to protect information physically and electronically. As a matter of best practice, other agencies and individuals working with Marquee Electronics and who have access to personal information, will be expected to read and comply with this policy.
It is expected that departments who are responsible for dealing with external bodies will take the responsibility for ensuring that such bodies sign a contract which among other things will include an agreement to abide by this policy.
Consent as a basis for processing information although not always necessary is the best way to ensure that information is collected and processed in an open and transparent manner. Consent is especially important when Marquee Electronics is processing any sensitive information, as defined by the legislation.
Marquee Electronics understands consent to mean that the individual has been fully informed of the intended processing and has signified their agreement.
This policy will be updated as necessary to reflect best practice in information management, security, and control and to ensure compliance with any changes or amendments to the GDPR and other relevant legislation.
This policy applies to all staff of Marquee Electronics. Any breach of this policy or of the Regulation itself will be considered an offence and the companies’ disciplinary procedures may be invoked.
Responsibilities under GDPR
Marquee Electronics will be the ‘data controller’ under the terms of the legislation. This means it is ultimately responsible for controlling the use and processing of personal data.
Marquee Electronics has appointed a Data Protection Officer (DPO) who is available to address any concerns regarding the data held by the company and how it is processed, held, and used.
The Senior Management Team is responsible for all day-to-day data protection matters and will be responsible for ensuring that all members of staff and relevant individuals abide by this policy, and for developing and encouraging good information handling within the company.
The Senior Management Team is also responsible for ensuring that the Companies policy is kept up to date.
To comply with its obligations, Marquee Electronics undertakes to adhere to the eight principles:
- Process personal data fairly and lawfully (the right to be informed). Marquee Electronics will make all reasonable efforts to ensure that individuals who are the focus of personal Identifying information (PII) are informed of the identity of the data controller, the purposes of the processing, any disclosures to third parties that are envisaged; given an indication of the period for which the data will be kept, and any other information which may be relevant. The Company will ensure that the data is adequate, relevant, and not excessive in relation to the purpose for which it is processed. Marquee Electronics will not seek to collect any personal data which is not strictly necessary for the purpose for which it was obtained. The Company will process the data for the specific and lawful purpose for which it was collected and not further process the data in a manner incompatible with this purpose. The Company will ensure that the reason for which it collected the data originally is the only reason for which it processes that data, unless the individual consents to any additional processing before it takes place.Marquee Electronics undertakes not to disclose personal data to unauthorised third parties. Legitimate disclosures may occur in the following instances:
a. Where the individual has given their consent to the disclosure.
b. The disclosure is required for the performance of a contract.
- Subject Access Rights (SARs) (the right of access) Individuals have a right to access any personal data relating to them which is held by Marquee Electronics. We will use reasonable efforts consistent with our legal duty to supply, correct or delete personal information about you on our files. Any individual wishing to exercise this right should apply in writing to the Data Protection Officer. Any member of staff receiving a SAR should forward this to the Data Protection Officer. To ensure security we require you to prove your identity with 2 pieces of approved
identification before any SARs request can be released.
- Keep personal data accurate (the right to rectification). It is the responsibility of the individuals giving their personal data to ensure that this is accurate, and each individual should notify the Company if a change in circumstances mean that the data needs to be updated. It is the responsibility of the Company to ensure that
any notification regarding the change is noted and acted on.
- Only keep personal data for as long as is necessary (the right to erasure). Marquee Electronics undertakes not to retain personal data for longer than is necessary to ensure compliance with GDPR legislation, and other statutory requirements. This means Marquee Electronics will undertake a periodic review of the information held and implement a purge process as required. Marquee Electronics will dispose of any personal data in a way that protects the rights and privacy of the individual concerned.
- Restrict the process of personal information. Individuals have the right to prevent processing of information while that information is subject to corrective action. At any time a person can request to know what information is stored and request action to rectify, block, erase or destroy inaccurate information while that process is underway
- Ensure that no personal data is transferred to a country or a territory outside the European Economic Area (EEA) unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. Marquee Electronics will not transfer data to such territories without the explicit consent of the individual. This also applies to publishing information on the Internet - because transfer of data can include placing data on a website that can be accessed from outside the EEA - so Marquee Electronics will always seek the consent of individuals before placing any personal data (including photographs) on its website. If Marquee Electronics collects personal data in any form via its website, it will provide a clear and detailed privacy statement prominently on the website, and wherever else personal data is collected.
- The right to object allows an individual to prevent processing for purposes of:• Processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling).
• direct marketing (including profiling).
• processing for purposes of scientific/historical research and statistics.
- Rights in relation to automated decision making and profiling.
• automated individual decision-making (making a decision solely by automated means without any human involvement)
• profiling (automated processing of personal data to evaluate certain things about an individual).
GDPR introduces a duty to report certain types of personal data breach to the relevant supervisory authority. Where feasible Marquee Electronics will do this within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, Marquee Electronics will also inform those individuals without undue delay. This policy will be updated to reflect the General Data Protection Regulation (GDPR)