Data Protection Policy
The aim of this policy is to provide you with information about the following:
Vistamatic Ltd needs to gather and use certain information about individuals. These can include customers, suppliers, business contacts, employees and other people the organisation has a relationship with or may need to contact. This policy describes how this personal data must be collected, handled and stored to meet the company’s data protection standards – and to comply with the law.
Why this Policy Exists:
This data protection policy ensures Vistamatic Ltd:
- Complies with data protection law and follows good practice
- Protects the rights of staff, customers, suppliers and partners
- Is open about how it stores information and processes individuals’ data
- Protects itself from the risks of a data breach
Data Protection Law:
The Data Protection Act 1998 describes how organisations – including Vistamatic Ltd must collect, handle and store personal information. These rules apply regardless of whether data is stored electronically, on paper or on other materials. To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully.
The Data Protection Act 1998 is underpinned by eight important principles. These say that personal data must:
- Be processed fairly and lawfully
- Be obtained only for specific and lawful purposes
- Be adequate, relevant and not excessive
- Be accurate and kept up to date
- Not be held for any longer than necessary
- Processed in accordance with the rights of data subjects
- Be protected in appropriate ways
- Not be transferred outside the European Economic Area(EEA), unless that country or territory also ensures an adequate level of protection.
This policy applies to:
- The head office and any branches of Vistamatic Ltd
- All staff, contractors and suppliers or other persons working on behalf of Vistamatic Ltd
This policy applies to all data the company holds relating to identifiable individuals, even if that information technically falls outside the Data Protection Act 1998. This can include: Names and addresses, telephone numbers, email addresses, website information or any other means of contact on individuals, who buy or uses any of the products and services provided by, Vistamatic Ltd.
Data Protection Risks:
This policy helps to protect Vistamatic Ltd from some very real data security risks that exist including the following:
- Breaches of confidentiality. For instance, information being given out inappropriately.
- Failing to offer choice. For instance, all individuals should be free to choose how the company uses data relating to them .
- Reputational damage. For instance, the company could suffer if hackers successfully gained access to sensitive data.
Everyone who works for or with Vistamatic Ltd has some responsibility for ensuring data is collected, stored and handled appropriately. Each team that handles personal data must ensure that it is handled and processed in line with this policy and data protection principles.
However, these people have key areas of responsibility:
- The Directors are ultimately responsible for ensuring that Vistamatic Ltd meet their legal obligations.
The data protection officer is responsible for:
- Keeping the board updated about data protection responsibilities, risks and issues.
- Reviewing all data protection procedures and related policies, in line with an agreed schedule
- Arrange data protection training and advice for people covered by this policy
- Handling data protection questions from staff and anyone else covered by this policy
- Dealing with requests (also called ‘Subject Access Requests’) from individuals to see data Vistamatic Ltd holds about them.
- Checking and approving any contracts or agreements with third parties that may handle the company’s sensitive data.
The IT Manager is responsible for:
- Ensuring all systems, services and equipment used for storing data meet acceptable security standards
- Performing regular checks and scans to ensure security hardware and software is functioning properly
- Evaluating any third-party services the company is considering using to store or process data. (for instance Cloud Computing Services)
The Marketing & Sales Manager is responsible for:
- Approving any data protection statements attached to communications such as emails and letters.
- Addressing any data protection queries from journalists or media outlets like periodicals and newspapers
- Where necessary, working with other staff to ensure marketing initiatives abide by data protection principles.
General Staff Guidelines
- The only people able to access data covered by this policy should be those who need it for their work
- Data should not be shared informally. When access to confidential information is required, employees can request it from their line manager
- Vistamatic Ltd will provide training to all employees to help them understand their responsibilities when handling data
- Employees should keep data secure, by taking sensible precautions and following company guidelines
- In particular, strong passwords must be used and they should never be shared
- Personal data should not be disclosed to unauthorised people, either within the company or externally
- Data should be regularly reviewed and updated if it is found to be out of date. If data is no longer required it should be deleted and disposed of in a secure manner.
- Employees should request help from their line manager or the data protection officer if they are unsure about any aspect of data protection.
We collect information about you when you buy or use any of our services or from other organisations such as credit agencies or other organisations we use to provide services to you. We may share this information with our credit insurers so we can services and manage your account.
Information We Collect
- Information you give us
When you place an order with us for any of our services we will need certain information to process your order. This may be information such as your name, private/business email or postal address, telephone or mobile number, date of birth, financial or credit card information to help us identify you and to provide a service to you. We may ask for other information that relates to the service or product that you are using or ordering.
When you contact us to discuss service or product, we may ask for certain information to be able to confirm your identity, check our records and answer your questions quickly and accurately.
- If you complete any survey or enter any competitions we may ask for information about you, which we will make clear to you at the time and for the purpose we will be using this information.
- Information we receive from other sources.
We may receive company or personal information about you or your company from third parties, such as companies contracted by us to provide services to us, marketing organisations, and credit reference agencies (CRAs) or fraud prevention agencies (FPAs)
We will only share your information with organisations outside Vistamatic Ltd:
- involved in the running or managing of your accounts or providing services to you for us (e.g. customer support, or a courier or freight company if you have asked us to send something to you);
- to help us improve the services we are providing;
- as part of current or future legal proceedings;
- in response to properly made requests from law enforcement agencies for the prevention and detection of a crime, for the purpose of safeguarding national security or when the law requires us to, such as in response to a court order or other lawful demand or powers contained in legislation; or
- in response to properly made requests from regulatory bodies.
- Where we share your information with third parties who help us provide the services they are required to follow our express instructions in respect of the use of your personal information and they must comply with the requirements of the Data Protection Act 1998 or any other relevant legislation to protect your information and keep it secure.
From time to time these other people and organisations may be outside the European Economic Area in countries that do not always have the same standard of data protection laws as the UK. However, we will have a contract in place to ensure that your information is adequately protected and we will remain bound by our obligations under the Data Protection Act 1998 even when your personal information is processed outside the European Economic Area.
How Long Do We Hold Your Information
The time period for which we keep information varies according to what the information is used for. Unless there is a specific legal requirement for us to keep information, we will keep your information for as long as it is relevant and useful for the purpose for which it was collected and which you agreed to.
For example, when you contact us we may monitor and record your communications with us to use this information for training and quality purposes, and to meet our legal and regulatory requirements. Where we record calls, these call recordings are only held for a limited period of time before we delete them permanently.
We will continue to hold information about you if you do not become our customer. We will only hold such information for such periods as is necessary for the purpose of dealing with enquiries, offering Vistamatic Ltd products and services that you may be interested in and complying with any legal obligation.
The law requires us to keep certain accounting information for 6 years. This information may be used by certain law enforcement agencies to prevent and detect crime and to protect national security. We will only disclose this information to them when we are legally required to.
Accessing Your Information
The Data Protection Act 1998 entitles you find out what information we hold about you. If you want to find out what information we hold you will need to submit a request in writing to c/o The Data Controller, 51-55 Fowler Road, Hainault Business Park, Hainault, Essex. IG6 3XE together with a cheque for £10 (to cover our costs of processing the information) made payable to: Vistamatic Ltd. The data controller will aim to provide individuals the relevant data within 14 days.
We may ask you to provide us with proof of your identity to make sure we are giving your information to the right person.
To help us process your request you will need to provide the following information:
- account number
- telephone number
- date and time (if requesting a call recording).
If any of your information is incorrect or your details have changed you can notify us in writing, and we will update your details on our system.
Sensitive Personal Data
You may want to make us aware of certain special information about your company. We need your consent to hold this data about your company and to use it for your services with us. Consent to use this data can be given whenever you speak to us.
Where you have agreed to us contacting you either when you contacted us for details on our product lines or for technical information to be sent we may contact you with details of products, services and special offers that we believe you may be interested in. If you change your mind and do not want to us to send you marketing messages and materials you can do this in a number of ways:
- writing to us at the contact details set out in the Contact Us section below;
- calling our customer services on the phone number set out in the Contact Us section below; or
- changing your cookie settings –see Cookies section below.
If you notify us in any of the above ways we will stop sending you the marketing messages that you don’t want, but we will still may need to send you related messages including changes to services or terms and conditions.
Protecting Your Information
We take protecting your data seriously, and will do our utmost to employ appropriate organisational and technical security measures to protect your against unauthorised disclosure or processing. Unfortunately we cannot guarantee the security of transmitting information via the internet. We have tried to create a secure and reliable website for our users. However, we have no responsibility or liability for the security of personal information transmitted via the internet.
Please note that this policy will be reviewed and may change from time to time. The revised policy will be posted to this page so that you are always aware of the information we collect, how we use it and under what circumstances we disclose it.
If you feel we have breached your privacy, want us to update your marketing preferences, or amend your information, please contact us either:
In writing at:
Vistamatic Ltd. 51-55 Fowler Road, Hainault Business Park,
Hainault, Essex. IG6 3XE
Telephone 020 8500 2200