1.1 In this policy, “we”, “us”, “our” and “Metrolocks” refer to 1st Metropolitan Locksmiths Ltd, and “you” and “your” refer to our customers.
1.2 We are committed to protect the private data we receive and store from you and respect your rights under the General Data Protection Regulation.
1.3 This policy applies when we receive your data and we are acting as “data controller” and when we process it and we are acting as “data processor”.
1.4 For more information about us and how you can contact us, please see Section 10.
1.5 Credit: This document was created adapting a template from the Master Locksmiths Association that is made available to members only.
2. Origin of our data
2.1 We collect data through various channels, though not all of it is personal data:
— Names, telephone numbers and email addresses, as well as other pieces of information, are collected through contact and enquiry forms on our website. This data may also be collected during telephone conversations or email exchanges.
2.2 Some personal data, such as personal telephone numbers, are given to us by our clients, so that we can get in touch with a site contact, a landlord or other parties who are relevant to our business transaction.
2.3 We do not purchase personal information from any third parties.
3. Processing your data
3.1 Your data will be used as “correspondence data” (Metrolocks may contact you by emailing or calling to give you updates on the service required or to send you a written quote). The lawful basis of processing the correspondence data is the legitimate interest to perform a service, requested by you from us.
3.2 Your data will be used as “transaction data” and it may be used for financial records such as VAT invoices. The lawful basis of this processing is the legal obligations to which Metrolocks is subject.
4. Sharing your details
4.1 Metrolocks does not share your private data with any third party, notwithstanding the following exceptions:
— We sometimes have to pass names and other details on to suppliers of security keys and other products to verify that a customer is authorised to obtain the items they have requested.
— If you are a registered signatory for a Metrolocks security key or master suite, and somebody expresses interest in purchasing one of these keys, we will share your name and/or the name of any other registered persons. If the interested party is aware of who you are, then they will be able to get in touch. We do not divulge contact details of signatories.
— On occasion we subcontract work, and may, for the purposes of such work, share your private data with those involved in the work.
5. Storing your data
5.1 Your private data may be printed out and secured in our office. The office is secured by high-security locks and physical access to the private data is granted only to Metrolocks employees.
5.2 Data is also stored in our offline database, and some records are kept on metrolocks.co.uk, secured by a strong password, and hosted on servers in the United Kingdom. Our electronic records, whether the database or website back-end, can only be accessed by staff members.
6. Deleting your data
6.1 Once your private data is no longer relevant/needed for the conduct of business at Metrolocks, we will delete the electronic files.
6.2 Physical files are shredded in-house approximately six years after a transaction has taken place, unless the records must be kept until further notice (we keep key registration documents indefinitely, for example, until they are superseded or until the registered person or persons have requested for the file to be removed).
7. Data breaches
7.1 Metrolocks has standard procedures to protect your details against data breaches such as passwords that are periodically changed for electronic files, and a secure office with limited access for physical files. For more details on how we securely store your documents please see section 5.
7.2 We create backups of electronic files that are stored securely on our UK-based web server, as well as offline on our office computers.
7.3 Metrolocks understands the legal requirement to report a data breach to ICO (Information Commissioner’s Office) within 72 hours from the event. We also commit to inform every person that has been affected by the data breach.
8.1 We may update this policy in order to improve our data management.
9. Your rights (GDPR rights of the natural person)
9.1 Here are the rights you have, as a data subject, in relation to your personal information:
— To be informed about how, why and on what basis that information is processed.
— To obtain confirmation that your information is being processed and to obtain access to it and certain other information, by making a subject access request – your request will be answered in maximum 7 days.
— To have data corrected if it is inaccurate or incomplete.
— To have data erased if it is no longer necessary for the purpose for which it was originally collected/processed, or if there are no overriding legitimate grounds for the processing (i.e. the right to be forgotten).
— To restrict the processing of personal information where the accuracy of the information is contested, or the processing is unlawful (but you do not want the data to be erased), or where the employer no longer needs the personal information, but you require the data to establish, exercise or defend a legal claim.
— To restrict the processing of personal information temporarily where you do not think it is accurate (and the employer is verifying whether it is accurate), or where you have objected to the processing (and the employer is considering whether the organisation’s legitimate grounds override your interests).
9.2 If you wish to exercise any of the rights in paragraphs, please contact the data protection officer on email@example.com.
10. Metrolocks contact details
10.1 We are registered in England and Wales under company registration number 02602617.
10.2 For our registered address and up-to-date contact details, please click here.