GDPR/Data Protection Privacy Notice and Procedure
In accordance with Data protection Act 2016
This Privacy document is effective as of 25th May 2018 (Issue 1)
|Issue Number||Details of previous issue updates/ modifications|
At dBD Communications we recognize the importance of protecting your personal information and are committed to processing it responsibly and in compliance with applicable data protection laws in all countries in which dBD Communications operates.
This Privacy Statement describes dBD Communications general privacy practices that apply to personal information we collect, use and share about consumers and other stakeholders, employees, business partners, suppliers and other organizations with which dBD Communications has or contemplates a business relationship.
dBD Communications is committed to protecting your personal data in line with GDPR; where we suspect a data, breach has occurred a report will be generated via DPF001, considerations and data collected meets the ICO standards. dBD Communications as an organisation will communicate to the data subject without undue delay.
This document relates to all privacy policies and or privacy related procedures within dBD Communications.
2. Why we collect and use your personal information
We may collect your personal information as an individual for various purposes, such as the following:
- To support and track product downloads.
- To facilitate standard business communications and transactions with our prospects and past or current customers.
- To enable us to respond to requests for information about our company, products or services.
- To provide product updates, fixes, technical bulletins, special offers, notification of educational or other events and similar notices to partners and licensed customers.
- To help us tune the content, navigability and performance of our website.
- To help us improve our products and services.
- To satisfy legal requirements.
3. Access and use of websites or other online services
When entering our websites, or using an online service, we will record information necessary to provide you with access, for the operation of the website and for us to comply with security and legal requirements in relation to operating our site, such as passwords, IP address and browser settings. We also collect information about your activities during your visit in order to personalise your website experience, such as recording your preferences and settings, and to collect statistics to help us improve and further develop our websites, products and services responding to your request for information, order, or support
When you contact us (online or offline) in connection with a request for information, to order a product or service, to provide you with support, or to participate in a forum or other social computing tool, we collect information necessary to fulfil your request, to grant you access to the product or service, to provide you with support and to be able to contact you. For instance, we collect your name and contact information, details about your request and your agreement with us and the fulfilment, delivery and invoicing of your order and we may include client satisfaction survey information. We retain such information for administrative purposes, defending our rights, and in connection with our relationship with you.
When you provide your name and contact information to register in connection with such a request, the registration may serve to identify you when you visit our website or when purchasing via third party sites such as, Ebay. For ordering of most services and products we or the third parties may, require you, to have registered as a user. Registration may also allow you to customize and control your privacy settings.
dBD Communications embeds license management software in some versions of its software products. If you download our documents then you may be asked to identify yourself. Such licenses require specific details, such as the registration of a named user, application or machine. These details will be handled as confidential, commercial information.
Your use of dBD Communications Cloud services
We collect information about your use of dBD Communications Cloud services to enable product features to operate, improve your user experience, tailor our interactions with you, inform our clients on the overall use of the services, provide support and improve and develop our products and services.
Some pages within this website contain links to pages on external websites. Similarly, there may be external websites that contain links to pages within the dBD Communications website. dBD Communications is not responsible for the privacy practices or the content of such external websites.
PERSONAL INFORMATION NOTICE AND DISCLOSURE
You may visit most of our website without identifying yourself or revealing any personal information. dBD Communications (or our Internet Service Providers) may collect domain information from your visit to customize and improve your experience on our website and to help us analyse our audience. Some portions of this website may require you to give us information that enables us to identify you, such as your name, telephone number, email or other address. We will attempt to state our intentions before we collect any personally identifiable information from you.
Most information we collect about you comes from our direct interactions with you. When you register for an event we may collect information (online or offline) in relation to the event organization, during an event and participation in training sessions and survey results. We combine the personal information we collect to develop aggregate analysis and business intelligence for conducting our business and for marketing purposes. You can choose to receive information by email, telephone or postal mail about our products and services, or sign-up for subscriptions. When visiting our websites or using our services we may provide you with personalized information. You can always opt-out from receiving personalised communication by sending an e-mail to PRIVACY@DBDCOMMUNICATIONS.CO.UK
Where we reference that we use your personal information in relation to marketing, improvement or development of our products or services, for reasons of safety and security, or regulatory requirements other than in connection with your agreement or request, we do this on the basis of our or a third party’s legitimate interests, or with your consent. When we collect and use your personal information subject to the EU Privacy Legislation this may have consequences for Your Rights.
dBD Communications does not place banners, pop-ups or paid-for advertisements for third party products or services on our website. However, we do promote our relationships with customers, partners and industry or standards organizations by posting references (links/URLs), articles, logos, white papers and press releases on appropriate website pages.
dBD Communications may selectively make chat rooms, forums, message boards, and/or news groups available to visitors to the website. Remember that any information that is disclosed in such areas essentially becomes public information. Please exercise caution before disclosing any personal or business information via the website.
5. Privacy Statement
Contacting employees of our clients, prospects, partners and suppliers
In our relationship with clients or prospects, partners and suppliers, they also provide us with business contact information (such as name, business contact details, position or title of their employees, contractors, advisors and authorized users) for purposes such as contract management, fulfilment, delivery of products and services, provision of support, invoicing and management of the services or the relationship.
As well as website data discussed in section 2, we may also collect personal information about you from: emails, letters and faxes that you send us; telephone and regular conversations; or from third parties. Such information may already or subsequently be covered by separate agreements (such as Non-Disclosure Agreements) between our companies. By default, your personal information will be handled in the spirit of this Privacy Statement.
PROTECTING YOUR DATA
dBD Communications’ intent is to strictly protect the security of any personal information that you provide us with; honour your choices for its intended use; and carefully protect it from alteration, disclosure, loss, misuse or unauthorized access. We have established appropriate electronic, managerial and physical procedures to safeguard and secure personal information we collect online, including the use of industry standard encryption when collecting or transferring sensitive data (such as credit card information, license numbers and website passwords) within or between devices or systems. These procedures apply to static, mobile, wired and wireless devices.
dBD Communications employees may use Internet resources, personal computers, laptop computers, Personal Digital Assistants, cellular telephones and similar devices to improve the efficiency of our business. If the device or resource that stores any information about you is owned by DBD Communications then employees who leave DBD Communications employment are legally bound to return the device to the Company, or to prove that they have purged or relinquished use of the resource. If the employee or a Third Party owns the device or is a user of such a data storage resource, then that employee is legally bound to prove that they have purged the data satisfactorily.
PASSWORDS, LICENSING AND SERIAL NUMBERS
Please take appropriate steps to protect the security of any passwords, license numbers and serial numbers that we supply to you. DBD Communications employees will not provide passwords or license numbers via email or to a fax number that is not on your company’s letterhead or corporate website. If systems are sold on it is important that we are notified to ensure track and traceability against the allocated serial number. Client information is held against all serial numbers as sold unless otherwise informed.
DATA QUALITY AND ACCESS
dBD Communications will strive to keep our records of your personal information accurate, complete and current. We will promptly take steps to correct any inaccuracies in your personally identifiable information that you make us aware of. You may request a copy of the personal information that we have stored about you by email (see section 14). If you inform us of any inaccuracies in the personal information we have recorded we will promptly add, correct or delete it, according to your instructions. We may contact you from time to time to verify the information we hold.
If you do tell us to delete personal information there must always be at least one identifiable point of contact between dBD Communications and your organization to enable us to fulfil our accounting, legal and security obligations.
Documented information is controlled under our QMS system.
6. Visitor and employee information- CCTV
We register individuals visiting our sites and locations (name, identification and business contact information) and use camera supervision (CCTV, according to the CCTV code of practice) for reasons of security and safety of persons and belongings, as well as for regulatory purposes.
The Company’s CCTV facility records images only. There is no audio recording i.e. conversations are not recorded on CCTV (but see the section on covert recording).
Purposes of CCTV
The purposes of the Company installing and using CCTV systems include:
• To assist in the prevention or detection of crime or equivalent malpractice.
• To assist in the identification and prosecution of offenders.
• To monitor the security of the Company’s business premises.
• To ensure that Health and Safety rules and Company procedures are being complied with.
• To assist with the identification of unauthorised actions or unsafe working practices that might result in disciplinary proceedings being instituted against employees and to assist in providing relevant evidence.
• To promote productivity and efficiency.
Location of cameras
Cameras are located at strategic points throughout the Company’s business premises, principally at the entrance and exit points. The Company has positioned the cameras so that they only cover communal or public areas on the Company’s business premises and they have been sited so that they provide clear images. No camera focuses, or will focus on toilets, staff kitchen areas, staff break rooms or private offices.
All cameras (with the exception of any that may be temporarily set up for covert recording) are also clearly visible.
Appropriate signs are prominently displayed so that employees, clients, customers and other visitors are aware they are entering an area covered by CCTV.
The Human Resources Officer will first determine whether disclosure of your images will reveal third party information as you have no right to access CCTV images relating to other people. In this case, the images of third parties may need to be obscured if it would otherwise involve an unfair intrusion into their privacy.
If the Company is unable to comply with your request because access could prejudice the prevention or detection of crime or the apprehension or prosecution of offenders, you will be advised accordingly.
The Company will only undertake covert recording with the written authorisation of the Managing Director (or another senior personnel acting in their absence) where there is good cause to suspect that criminal activity or equivalent malpractice is taking, or is about to take, place and informing the individuals concerned that the recording is taking place would seriously prejudice its prevention or detection.
Covert monitoring may include both video and audio recording.
Covert monitoring will only take place for a limited and reasonable amount of time consistent with the objective of assisting in the prevention and detection of particular suspected criminal activity or equivalent malpractice. Once the specific investigation has been completed, covert monitoring will cease.
Information obtained through covert monitoring will only be used for the prevention or detection of criminal activity or equivalent malpractice. All other information collected in the course of covert monitoring will be deleted or destroyed unless it reveals information which the Company cannot reasonably be expected to ignore.
7. Sharing of Personal Information
As a global organization offering a wide range of products and services, with business processes, management structures and technical systems that cross borders, dBD Communications has implemented global policies, along with standards and procedures, for consistent protection of personal information. As a global company, we may share information about you with our supply chain world-wide and transfer it to countries in the world where we do business in accordance with this Privacy Statement. dBD Communications does not accept responsibility for the privacy practices of third parties however, dBD Communications’ does ask via its terms and conditions T & C’s the supply to comply with GDPR regulations.
dBD Communications only grants access to personal information on a need-to-know basis, necessary for the purposes for which such access is granted. In some cases, dBD Communications uses suppliers located in various countries to collect, use, analyse, and otherwise process personal information on its behalf.
Where appropriate, dBD Communications may also share your personal information with selected partners to help us provide you, or the company you work for, products or services, or to fulfil your requests, or with your consent.
If dBD Communications decides to sell, buy, merge or otherwise reorganise businesses, such a transaction may involve the disclosure of personal information to prospective or actual purchasers, or the receipt of such information from sellers. It is dBD Communications practice to require appropriate protection for personal information in these types of transactions.
Please be aware that in certain circumstances, personal information may be subject to disclosure to government agencies pursuant to judicial proceeding, court order, or legal process. We may also share your personal information to protect the rights or property of dBD Communications, our business partners, suppliers or clients, and others when we have reasonable grounds to believe that such rights or property have been or could be affected.
The international footprint of dBD Communications could involve transfer of personal information between different stakeholders, as well as to third parties located in the countries where we do business. Some countries have implemented transfer restrictions for personal information, in connection with which dBD Communications takes various measures, including: end user statements and licencing requirements.
Where required, dBD Communications implements Standard Contractual Clauses approved by the EU Commission, or similar contractual clauses in other jurisdictions. This includes transfers to suppliers or other third parties.
As part of any recruitment process, dBD Communications collects and processes personal data relating to job applicants. The organisation is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
What information do we collect?
dBD Communications collects a range of information about you. This includes:
- your name, address and contact details, including email address and telephone number;
- details of your qualifications, skills, experience and employment history;
- information about your current level of remuneration, including benefit entitlements;
- whether or not you have a disability for which the organisation needs to make reasonable adjustments during the recruitment process; and
- information about your entitlement to work in the UK
- Need to know medical information.
- Driving status and license information.
dBD Communications may collect this information in a variety of ways. For example, data might be contained in application forms, CVs or resumes, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment.
We may also collect personal data about you from third parties, such as references supplied by former employers. We will seek information from third parties only once a job offer to you has been made and will inform you that we are doing so.
Data will be stored in a range of different places, including on your application record, in HR management systems and on other IT systems (including email).
Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate's suitability for employment and decide to whom to offer a job.
We may also need to process data from job applicants to respond to and defend against legal claims.
dBD Communications may process special categories of data, such as information about ethnic origin, sexual orientation or religion or belief, to monitor recruitment statistics. We may also collect information about whether or not applicants are disabled to make reasonable adjustments for candidates who have a disability. We process such information to carry out its obligations and exercise specific rights in relation to employment.
If your application is unsuccessful, dBD Communications may keep your personal data on file in case there are future employment opportunities for which you may be suited. We will ask for your consent before we keep your data for this purpose and you are free to withdraw your consent at any time.
Who has access to data?
Your information may be shared internally for the purposes of the recruitment exercise. This includes members of the HR and recruitment team, interviewers involved in the recruitment process, managers in the business area with a vacancy and IT staff if access to the data is necessary for the performance of their roles.
We will not share your data with third parties, unless your application for employment is successful and we make you an offer of employment. We will then share your data with former employers to obtain references for you, employment background check providers to obtain necessary background checks.
9. Information Security and Accuracy
We intend to protect your personal information and to maintain its accuracy. dBD Communications implements reasonable physical, administrative and technical safeguards to help us protect your personal information from unauthorised access, use and disclosure. For example, we encrypt certain sensitive personal information such as credit card information when we transmit such information over the Internet.
- User specific access rights
- Password protection
- Restricted areas and secure cabinets
More details are available in our Security Policy and Procedure.
10. Retention Period
We will not retain personal information longer than necessary to fulfil the purposes for which it is processed, including the security of our processing complying with legal and regulatory obligations (e.g. audit, accounting and statutory retention terms), handling disputes, and for the establishment, exercise or defence of legal claims in the countries where we do business. Because the circumstances may vary depending on the context and the services, the information provided within our QMS, HR and data protection documented controls may provide more detailed information on applicable retention periods.
11. Your Rights
You can request to access, update or correct your personal information. You also have the right to object to direct marketing.
You may have additional rights pursuant to your local law applicable to the processing. For example, if the processing of your personal information is subject to the EU General Data Protection Regulation ("GDPR"), and your personal information is processed based on legitimate interests, you have the right to object to the processing on grounds relating to your specific situation. Under GDPR you may also have the right to request to have your personal information deleted or restricted and ask for portability of your personal information.
Right to Lodge a Complaint
In the event you consider our processing of your personal information not to be compliant with the applicable data protection laws, you can lodge a complaint:
12. Changes to our Privacy Statements
From time to time we may update this Privacy document, as well as any other specific privacy documents. When making changes to this Privacy document, we will add a new date at the top of this document.
The HR/ Data Protection Officer is responsible for the implementation of and compliance with this policy along with the Security and Employee Privacy Policies and procedures.
14. How to contact us
If you have a question related to this Privacy document, please contact us by emailing PRIVACY@DBDCOMMUNICATIONS.CO.UK , your message will be forwarded to the appropriate member of dBD Communications Data Privacy personnel.
HR/HR Templates/GDPR/Data Protection Privacy Notice DPPN001
Security Policy DPSP001
Documented Information procedure DBDP4
Stakeholder T & C’s