AED Locator (E.U.) Ltd Trading as HeartSafe® General Data Protection
In compliance with the European
Union General Data Protection Regulations (GDPR) we wish to inform you of the
following information regarding collection, processing and retention of your
personal/business data. This agreement
may be updated frequently as we work to provide the most accurate information
possible to our clients, please check back regularly to ensure you understand
HeartSafe® AED Locator may,
during the course of business, be required to collect personal information
Data collection and processing
for the purposes of Accounting, including but not limited to names, addresses,
contact information, payment information is required to fulfil the legal
obligations of the company and its director.
Data collected for this purpose will be held for as long as is legally
required and then securely destroyed.
HeartSafe® AED Locator may
collect data during the course of business, this may include but is not limited
to such information as names, addresses, email addresses, telephone numbers,
usernames, passwords and other such information. This information is required by HeartSafe®
AED Locator to provide continuous service to our clients including marketing of
potentially beneficial products or services and is classified as “legitimate
interests” under GDPR as HeartSafe® AED Locator require the collection, storage
and processing of this data to provide our services and ongoing recommendations
to our clients. This data may also be
shared with third parties in order to provide services to you or your
HeartSafe® AED Locator may
collect data during the course of business, this data is often provided by
customers for monitoring, diagnostic or consultancy purposes and may include
all and any personal data provided to the client by service users. This information is required for HeartSafe®
AED Locator to provide contractually obligated services to customers and will
be retained for a maximum of 10 years, or until such time as this is no longer
required. This information may be
considered as held for “legitimate interests” under GDPR until such time as the
customer requests removal of such data.
If you have concerns that
HeartSafe® AED Locator may hold personal data shared from clients that no
longer have legitimate interest in holding your data, please in the first
instance contact the client directly whom you provided the information to and
request they contact us, if this course fails, please contact the data
controller with the information below.
HeartSafe® AED Locator may
collect data in regards to support provided, this may include but is not
limited to, support session data, chat logs, connection information, customer
satisfaction surveys, computer and user information, IP addresses, call recordings,
login information, files and folders from your computer. By accepting this agreement, you are
authorising this collection and processing of data by HeartSafe® AED Locator
for the purposes of providing support and on-going services to yourself and your
organisation. This information may at
any time be shared with your organisation or the organisations listed below in
the interests of that organisation. “Your
organisation” is defined as the organisation who contract HeartSafe® AED
Locator to provide IT Support Services on your behalf, this may be your
employer or an external agency providing services that require support under.
HeartSafe® AED Locator may
collect data in regards to your usage of the website. Further information is available within our
data for up to 10 years from a tracked users last access to our services and
deleted it after this time.
This policy may change in future,
at which point we will update this page, please ensure you check back regularly
to ensure you are aware of your rights.
How we protect your information
We adopt appropriate data
collection, storage, processing practices and security measures to protect
against unauthorised access, alteration, disclosure or destruction of both personal
and business information.
Client Data Sharing
HeartSafe® AED Locator may during
the course of business be provided or gain access to personal data held by our
customers regarding their own clients.
Customers of HeartSafe® AED Locator should ensure that their clients are
informed that data may be shared with their IT support provider for business
operations, including but not limited to support and assistance with problems
relating to the files containing data, the software used to access the data or
providing backup services for the data.
Data may be held by HeartSafe® AED Locator as required to provide
assistance to the client. All requests
for data management with regards to customer data should in the first instance
be directed to the customer directly, if this fails the client can contact the
HeartSafe® AED Locator Data Controller.
During the course of business,
clients will be required to provide personal information relating to staff, etc
in order to allow HeartSafe® AED Locator to set up accounts and provide
support. Please ensure your staff, etc
are aware that you are sharing this information and that in turn, HeartSafe®
AED Locator may share that information with service providers in order to
provide you with the services required.
Sharing of Data
HeartSafe® AED Locator may
require, for the accurate and timely fulfilment of Legal Obligations, HR and
Accountancy processes and to provide you with a range of products and services,
to share your data with third p[arties.
These Companies may include, but are not limited to:-
Accountancy and Payroll Management
Hardware / Software Suppliers
Third Party Service Providers who help us
operate our business and/or administer activities on our behalf.
Changes will be updated as
List of Data Categories
HeartSafe® AED Locator stores
data for a number of purposes to enable the day-to-day running of the
company. The purpose of this data
retention may include, but not limited to:-
Accountancy – Customers (customer name &
contact details), Suppliers (supplier name, contact details and banking
HR (employee name, contact details, NI number,
bank details & next of kin)
Sales / Marketing – Quotes, CRM Systems
(customer name, contact details & information relating to the business IT
Engineering – Helpdesk Systems, SOD’s Job Sheets
(customer name, contact details, IT technical information including limited
number of passwords/logon’s)
The company stores encrypted online backups for
our clients. This data is encrypted at
source and remains in this secure format at all times whilst in our
Emails – Sent & received throughout
departments – (name, email address and other areas of possible sensitive data
sent by third party which we are unable to categorise)
Website – Please refer to our Website Privacy
Policy for further information
Telephones – Voicemail / Recordings
CCTV – Camera Footage
HeartSafe® AED Locator abides by
the retention schedule listed below, however, if data is no longer required it
may be deleted in advance of the retention period stated.
Accountancy – All financial data will be
retained for 6 financial years, in line with UK financial requirements. In some cases data will be stored for 10
years to ensure the company is able to defend any potential legal County Court
or High Court claim. In some cases, data
will be stored for 10 years to ensure the company is able to prove safeguarding
measures were adhered to.
Sales / Marketing data will be removed within a
12 month period of the data no longer having a valid use in the case of
prospective information. Customer
information (including previous and existing customer) may be retained for up
to 10 years to ensure the company is able to defend any potential County Court
or High Court claim.
Engineering data will be removed within a 12
month period of the data no longer having a valid use, customer information (including previous and
existing customer) may be retained for up to 10 years to ensure the company is
able to defend any potential County Court or High Court claim.
Retention Period upon Termination
When an encrypted online backup ceases, all data
will be removed at the end of the retention period. Encrypted online backups are retained for a
period of between 28 to 90 days in accordance with the customers contracted
retention period. Customers should
assume this period of retention is 28 days, unless otherwise stated.
Email will be available for 18 months before
being automatically archived for up to 8.5years. Data may be retained for up to 10 years to
ensure the company is able to defend any potential County Court or High Court claim
and to ensure that HeartSafe® AED Locator is able to comply with the Companies
Act of 2006 which requires a 10 year retention period for information relating
to shareholder meetings, decisions, resolutions and members.
Websites data is held for up to 10 years from a
tracked users last access to our services and deleted. Website data is categorised according to the
nature of the information as either, Accountancy, Sales / Marketing or
Recorded telephone conversations can be held for
up to 10 years. Telephone recording data
is categorised according to the nature of the information as either,
Accountancy, Sales / Marketing or Engineering.
CCTV footage may be retained for up to 10 years
for security and safeguarding measures and to ensure the company is able to
defend any potential County Court or High Court claim.
Electronic information stored on
redundant media / systems will be securely destroyed by a third party WEEE
recycling and data destruction specialist.
This method of destruction allows HeartSafe® AED Locator to obtain a
certificate of data destruction ensuring total data security whilst ensuring
ethical disposal of media and electronic equipment.
Documented data containing
sensitive information is securely destroyed by a third party document
destruction company. This method of
destruction allows HeartSafe® AED Locator to obtain a certificate of document
The above destruction methods
ensure HeartSafe® AED Locator complies with legislative requirements, whilst
ensuring client, employee and confidential business information is kept secure
at all times.
Technical / Business Security Measures
The information provided within
this section has been summarised to ensure greater level of security and to
remove potential security risk.
HeartSafe® AED Locator takes the
security of data very seriously and takes the steps to ensure data is kept
Our premises are securely locked, alarmed and
monitored. Visitors to our offices are
accompanied / monitored at all times.
Documentation is securely managed within the
business via the use of lockable rooms, storage / filing cabinets and locked
documentation destruction cabinets.
A business class firewall provides secure
protection from unauthorised access to and from our local and internet based
networks, whilst also providing a secures VPN connection for staff when using
potentially unsecure public WiFi.
All business devices, where applicable /
possible are encrypted. This includes,
but not limited to: USB memory sticks, USB hard drives, mobile phones
(iPhones), tablets (iPads), SD cards, smart watches, laptops, computers,
network attached storage devices and servers.
Staff are not permitted to use personal devices
to access or use company data unless the device is encrypted and HeartSafe® AED
Locator, where possible has the permission of the individual to remotely delete
the device in the event of the device being lost or stolen. This ensures data remains within our control,
is securely managed and protected at all times.
As an added level of security, email accounts
and historic email information can be securely removed from devices that may be
lost or stolen.
Our day-to-day business applications in some
instances require us to store our data online.,
HeartSafe® AED Locator will only use secure online business applications
from reputable organisations who themselves comply with GDPR. These organisations may include but not
limited to Microsoft, Quickbooks ...…
HeartSafe® AED Locator where possible, will
always ensure that applications and/or operating systems are running the very
latest secure versions of the software and will where possible, ensure the
latest security updates and patches are applied where it is safe to do so.
All staff must adhere to this GDPR policy.
List of Your Rights
GDPR includes the following
rights for individuals:
The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
The right not to be subject to automated
decision making including profiling
HeartSafe® AED Locator, will
where possible, conform in full and to completion to these rights within 30
days of notification. This period of
compliance may be extended by a further two months where requests are complex
or numerous. In this case the individual
will be notified within 30 days of receipt.
To ensure data security,
HeartSafe® AED Locator will need to verify the identity of the person making
the request, using “reasonable means”.
In some instances HeartSafe® AED Locator will
be unable to conform to the individual’s rights. In these instances HeartSafe® AED Locator
will partially conform to the individual’s rights and where possible notify the
individual as to why the company was unable to fully comply.
Information will be provided free
of charge. A reasonable fee may apply
when a request is manifestly unfounded or excessive, particularly if it is
repetitive or for requests for further copies of the same information.
Where a particular situation
becomes unclear or the individual disagrees, advice and guidance will be sought
from the ICO.
If you would like to exercise the
right, please write to the Data Protection Officer below.
How to contact the Data Protection Officer
Please use the contact
information below to writ to the Data Protection Officer. In order for us to fully comply with your
rights under the act, all requests being made should clearly mention “General
Data Protection Regulations” and include your full name, address and relevant
contact information for a response.
Requests submitted by any other means than written letter may not be
Data Protection Officer
Name: Mr Clive Setter
Position: Company Director
Address: East Barn, Whitecross Farm, Bristol Road, West
Harptree, BS40 6HQ
In the unlikely even to fa
serious Data Breach, HeartSafe® AED Locator will contact you via the last known
contact details we hold on file for you or your organisation. You will be informed as far as is technically
possible of the data that has been potentially compromised and where you can
seek further advice about your rights.