General Data Protection Regulation Policy Statement
At Peter Roberts Caravans and Motorhomes we do all we can to respect your right to privacy and the protection of your personal information. We look after our customers and team members plus we look after their information. 8th January 2019 Version 4.
Purpose
To ensure compliance with the General Data Protection Regulation, taking effect as from 25th May. To establish the following :
Who is the Data Controller?
What data do we receive?
What data is stored?
Where data is stored?
Who has access?
For what purpose is data stored?
How is consent to use data obtained?
How is data deleted?
What control measures are in place?
What is the procedure to report a potential breach?
The document is deemed correct at the date of production and will be reviewed when changes in legislation, procedures, and/or suppliers may so require. For the purpose of accuracy, the document will only be considered implemented when clearly marked as such.
Who is the Data Controller Officer (DCO)?
The DCO is responsible for the day to management of Data Protection, ensuring compliance to this document. The MD is ultimately responsible for ensuring that the Company is compliant with legislation as appropriate.
The DCO is: Peter Roberts peter@peterrobertscaravans.co.uk
The Ultimate Responsible: Peter Roberts peter@peterrobertscaravans.co.uk
What Data do we Receive?
Customers
Name
Address
Email
Telephone number
Banking details
Driving licence details
Copy of V5 log book
National Insurance number (hire customers only)
2 forms of ID eg passport/utility bill (hire customers only)
PRC Team Members
Name
Address
Email
Telephone number
Passport details
Driving licence details
Bank details
Next of Kin name
Next of Kin telephone number
What Data is Stored?
Customers
Name
Address
Email
Banking
Telephone number
Copy of V5 log book
National Insurance number (hire customers only)
PRC Team Members
Name
Address
Email
Telephone number
Passport details
Driving licence details
Bank details
Next of Kin name
Next of Kin telephone number
Where is Data Stored?
Customers
Database/Management System Secured filing cabinet in main office Sage 50
PRC Team Members
Personal details in secured file in Accounts Dept & also at Michael Bell & Co Next of kin forms in secured filing cabinet in PR office Bank details in secured file within Account Dept Driving licence details in secured filing cabinet in PR office Who has access?
Customers
Current authorised employees of Peter Roberts Caravans and Motorhomes. Regulators, auditors, lawyers & other business professionals.
PRC Team Members
Current authorised employees of Peter Roberts Caravans and Motorhomes Michael Bell & Co.
For What Purpose is Data stored?
Customers (Caravans and Motorhomes)
To ensure correct VIN/CRIS documents Warranty administration for future Delivery & collection Making up number plates Payment & payment ID Marketing purposes.
Customers (Motorhome Hire)
DVLA driver checks – create DVLA code, although customer can request own code Identity checks Insurance purposes Payment and payment ID Marketing purposes.
PRC Team Members
To ensure compliance with legislation To ensure payments can be made to employees To enable driving of company vehicles.
For How Long is Data Stored?
Customers (Caravans and Motorhomes)
Indefinite, until such date a client requests to remove their details, unless in contradiction with legislation. We are required under UK tax law to keep basic personal data (name, address, contact details) for a minimum of 6 years after which time it will be destroyed. Information we use for marketing purposes will be kept with us until notified customer no longer wishes to receive this information.
Customers (Motorhome Hire)
All information will be stored securely before and during hire period. Name, address, telephone number and email address will be stored post hire period. All other personal information will be destroyed within one month. We are required under UK tax law to keep basic personal data (name, address, contact details) for a minimum of 6 years after which time it will be destroyed. Information we use for marketing purposes will be kept with us until notified customer no longer wishes to receive this information.
PRC Team Members
During employment application process During term of employment and in line with current UK employment law.
How is Consent to Use Data Obtained?
All Customers
Via agreement to sales order, purchase or motorhome hire – using approved forms – can be in person or over the telephone with a trained Peter Roberts team member. Enquires made via telephone, email and internet in line with our privacy statement.
PRC Team Members
Through application process for employment with Peter Roberts Caravans Ltd. Stored on new starter documentation.
How is Request for Information Handled?
All requests for information are addressed to the DCO
Only requests provided in writing will be considered
All requests will be responded to within the relevant timeframe, as stipulated by legislations in force at the time of request
In the unlikely event that the DCO is not available to respond within the timeframe as stipulated by current legislation, the MD will appoint a suitable interim DCO.
Request for data will only be accepted by the person whom the data will relate to, unless specifically instructed by a responsible authority, supported by legally binding instructions in writing.
How is Data Deleted?
Data is deleted by the DCS, who will have full access to all databases stored at premises controlled by Peter Roberts Caravans Ltd. All requests for data deletion will happen within a reasonable timeframe, and it is endeavoured that this time frame will not exceed 30 days from request. However, should the request to have data deleted contradict legislation of England and Wales, or instructions by responsible authorities, data will remain on file until instructed by aforementioned.
What Control Measures Are in Place?
All data access is controlled by the following tangible measures;
Data access is restricted to positions, as defined in this document
On-site servers are kept in access-controlled areas
Remote access to servers is restricted to appointed IT consultants only
All on-site storage of data is kept on the servers and not on individual work stations
Ability to copy database files is restricted to DCO only
User passwords are programmed to change every 90 days
All 3rd party business partners who keep data of customers are requested to provide GDPR Policies and confirmation of GDPR Compliance prior to engagement. This data is reviewed regularly, or when legislative changes so require.
What is the Procedure to Report Potential Breach?
If a suspected breach takes place, all individuals whom have been identified to may have been affected by a breach, will be contacted within 24 hours by Peter Roberts Caravans Ltd and/or 3rd party business partner will be made aware that potential breach.
This communication will be done via email as far a reasonably possible, Peter Roberts Caravans Ltd reserves the right to issue a formal statement using other channels, should the Company deem that being a better or swifter option.
Business Partners
Details listed below were correct when this document was created. Any changes will be recorded on this document, but will not stipulate the requirement of a revision to be issued.
Lunar
Elddis
Coachman
Swift
Bailey
Truma
Thetford
Rollerteam/Trigano
BlackHorse Finance
CaravanGuard Insurance
Cris/HPi/NCC
Mailchimp
Advertising Management
Sage
HSBC
Autoprotect
MyOffice
Review of this Document & Amendments
This document will take effect as from 22nd May 2018 and will be reviewed annually, or when legislation so requires. Responsible person to undertake reviews is the DCO, or suitably appointed person and/or organisation. The ownership of this document is restricted to Peter Roberts Caravans Ltd.
Version 1 - Emma Holmes, Data Controller Officer (DC) - 14th May 2018
Version 2 - Emma Holmes, Data Controller Officer (DC) - 15th May 2018
Version 3 - Emma Holmes, Data Controller Officer (DC) - 15th May 2018
Version 4 - Emma Holmes, Data Controller Officer (DC) - 8th January 2019