Privacy at Ambush Security Systems Ltd
At Ambush Security System Ltd we are aware of our responsibilities to handle your personal data with care, to keep it secure and comply with applicable privacy and data protection laws.
How this Policy Works
The purpose of this Policy is to provide a clear explanation of when, why and how we collect and use information which may relate to you. Do read this Policy with care. It provides important information about how we use personal data and explains your statutory rights.
Who is responsible for looking after your personal data?
All personal data collected is stored securely - physically and electronically.
You should be aware that although we are principally responsible for looking after your personal data, information may be held on other databases such as an Alarm Receiving Centre, police authorities where URN’s have been applied for and with the NSI (National Security Inspectorate), our governing body.
Any secondary contractors will only be given the basic personal information that is required to enable them to carry out their services. This will be shared under client instruction only and with their full authority. Ambush Security has confirmed they have their own GDPR Policy in place which can obtained by request, direct to the subcontractor.
What personal data do we collect?
The level and type of personal data we collect and use varies depending on the type of security system that is installed and may include information on other relevant individuals. When you initially contact us we will take your name, address and contact information to arrange a survey and provide a quotation. This information will be stored in our database indefinitely unless you request for it to be deleted.
Once a quote turns into an order it may be necessary to record further information about yourself and additional occupiers of the premises. If you have a monitored system installed we will be required to take details from you for key-holders to your premises. This is a police regulation and these details would be shared with the monitoring station to enable the process to work as expected. You should take steps to inform the third party that you have provided their details and disclosure of this information is necessary. We will process their personal data in accordance with this Policy.
What do we use your personal data for?
We will collect information from you directly when you call to arrange a survey or ask for a quote. Information about you may also be provided to us by a builder/project manager or other third party including your employer or family member.
If we have provided you with a service agreement we will use your personal data to administer your contract, deal with your queries, arrange visits and manage the annual renewal process. We will also need to use your personal data for regulatory purposes associated with our governing body, NSI, and in line with the NPCC (National Chief Police Council).
PLEASE NOTE: If you provide your consent and permit us to process your Personal Data, you may withdraw your consent to such processing at any time. However, you should be aware that if you choose to do this we may be unable to continue to provide services to you. This may mean that your contract needs to be cancelled. If you choose to withdraw your consent we will tell you more about the possible consequences, including the effects of cancellation, as well as any fees associated with cancellation.
Protecting your privacy
We will make sure that we only use your personal data for the purposes set out in Section 3 and where we are satisfied that you have provided your consent for us to use the data in that way.
Our use of your personal data is necessary to fulfil a contract or take steps to enter into an agreement with you (e.g. to manage your service and/or monitoring contract). In addition to being necessary to comply with a relevant legal or regulatory obligation that we have (e.g. to comply with NSI or NPCC requirements).
Who do we share your personal data with?
We work with a few third parties, to help manage our business and deliver services. These third parties may from time to time need to have access to your personal data.
These third parties may include:
Our Alarm Receiving Centre
Service Providers, who help manage our IT and back office systems
Our governing body, NSI
If we were to sell Ambush Security System Ltd we would need to transfer your personal data to the purchaser.
How long do we keep your personal data?
We will retain your personal data for as long as is reasonably necessary for the purposes listed in Section 3 of this Policy. We may also retain your personal data for longer periods of time so that we have an accurate record of your dealings with us in the event of any further assistance required, complaints or challenges.
Where your personal data is no longer required we will ensure it is either securely deleted/destroyed or stored in a way which means it will no longer be used by the business.
What are your rights?
You may request access to your data, correction of any mistakes in our files, erasure of records where no longer required, restriction on the processing of your data and objection to the processing of your data. You may also exercise a right to complain to ICO should you feel your details are being processed unlawfully. More information about each of these rights can be found below.
If you have a complaint or concern about how we use your personal data, please contact us in the first instance and we will attempt to resolve the issue as soon as possible. You also have a right to lodge a complaint with your national data protection supervisory authority at any time.
Right to Access: You can ask us to
confirm whether we are processing your personal data
give you a copy of that data
provide you with other information about your personal data such as what data we have, what we use it for, who we disclose it to, how we protect it, how long we keep it for, what rights you have, how you can make a complaint and where we got your data from to the extent that information has not already been provided to you in this Policy.
You can ask us to rectify inaccurate personal data. We may seek to verify the accuracy of the data before rectifying it.
You can ask us to erase your personal data, but only where:
It is no longer needed for the purposes for which it was collected
Following a successful right to object (see 'Objection' below)
It has been processed unlawfully
We are not required to comply with your request to erase your personal data if the processing of your personal data is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims.
There are certain other circumstances in which we are not required to comply with your erasure request, although these two are the most likely circumstances in which we would deny that request.
You can ask us to restrict (i.e. keep but not use) your personal data, but only where:
it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims
You have exercised the right to object, and verification of overriding grounds is pending.
We can continue to use your personal data following a request for restriction, where:
we have your consent
to establish, exercise or defend legal claims
You have a right to lodge a complaint with your local supervisory authority about our processing of your personal data. In the UK, the supervisory authority for data protection is the ICO (https://ico.org.uk/).
We ask that you please attempt to resolve any issues with us first although you have a right to contact your supervisory authority at any time.
We take the confidentiality of all records containing personal data seriously, and reserve the right to ask you for proof of your identity if you make a request in respect of such records.
We will not ask for a fee to exercise any of your rights in relation to your personal data unless your request for access to information is tenuous, respective or excessive, in which case we will charge a reasonable amount in the circumstances. We will let you know of any charges before completing your request.
We aim to respond to any valid requests within one month unless it is particularly complicated or you have made several requests in which case we aim to respond within three months. We will let you know if we are going to take longer than one month. We might ask you if you can tell us what exactly you want to receive or are concerned about. This will help us to action your request more quickly.
Third Party Rights:
We do not have to comply with a request where it would adversely affect the rights and freedoms of other data subjects.
12. Contact and complaints
The primary point of contact for all issues arising from this Policy, including requests to exercise data subject rights, is our Data Protection Officer- Georgia Riley. She can be contacted in the following ways:
Data Protection Officer,
Ambush Security Systems Ltd
Breakspear Road South
Updated April 2018