Life Environmental Services Ltd (We) are committed to ensuring your privacy and protecting your private information. This policy explains what personal information we collect, store and use when you use our website.
We are registered with the Information Commissioner’s Office under registration number ZA012192. We will not disclose your details to any third parties unless we have a legal obligation to do so, and on these occasions, this will be in compliance with The General Data Protection Regulations (GDPR) which came into effect on May 25 2018.
We are both the ‘Data Controller’ and ‘Data Processor’ (as per definitions section) of your personal information that you provide us. This information will be securely stored on our computer systems and/ or in paper files. We have been awarded the Cyber Essentials Accreditation which demonstrates our commitment to ensuring our computer systems are robust and protect your personal information.
We have appointed a Data Protection Officer who can be contacted by emailing firstname.lastname@example.org.
Data is information which is stored electronically, on a computer, or in certain paper based filing systems.
Data Subjects for the purpose of this policy include all living individuals about whom we hold personal data. A data subject need not be a UK national or resident. All data subjects have legal rights in relation to their personal information.
Personal Data means any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an ID number, location data, online identifier, or one or more factors specific to physical, physiological, genetic, mental, economic, cultural or social identity of that person.
Data Controllers are the people who or organisations which determine the purposes for which, and the manner in which, any personal data is processed. They are responsible for establishing practices and policies in line with GDPR. We are the data controller of all personal data used in our business for our own commercial purposes.
Data Processors include any person or organisation that is not a data user that processes personal data on our behalf and on our instructions. Employees of data controllers are excluded from this definition but it could include suppliers which handle personal data on the Company’s behalf.
Processing is any activity that involves use of the data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring personal data to third parties.
Personal Data Breach is a breach of security which leads to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise Processed.
Consent is any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes, by a clear confirmative action or statement signifies agreement to the Processing of their Personal Data.
Sensitive personal data includes information about a person's racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health or condition or sexual life, or about the commission of, or proceedings for, any offence committed or alleged to have been committed by that person, the disposal of such proceedings or the sentence of any court in such proceedings. Sensitive personal data can only be processed under strict conditions, including a condition requiring the express permission of the person concerned.
Legitimate Interest means the interest of business’ conducting and managing products and services to provide the best experience to clients and potential clients. In terms of data, the processing must still be necessary and it must balance the individual’s interest rights and freedoms against the business’ legitimate interests.
What Personal Data do we collect, store and use
We collect, store and use the personal information that you provide to us in filling in any Enquiry form on our website or when you contact us via email, mail or telephone. This is done so that we may discuss any legitimate business interests with you. We do not ask for or collect any Sensitive personal data.
When you visit our website we may automatically collect your IP address and associated computer technical information (eg your URL (uniform resource locator), browser details, date/time and length of visits, products you viewed, etc). This type of data processed is statistical in nature and therefore does not identify any individual.
We collect, store and use the above data to:-
- To contact you and provide you with information that you request from us about our services or, when you have given us consent, information which we feel may interest you about our business or services.
- In the performance of our Legitimate Interests – but your personal impact and rights are considered and balanced against this before we process your data. If we feel that the impact to you would be significant, then we will always seek your consent to processing such data.
- Notify you of any changes to our services ie marketing communications etc.
- Administer our website including content presented in the best way, data analysis and statistics (which may be through a third party) and research.
- Aggregate data for statistics or demographic purposes – this is derived from your personal data but you cannot be identified from it.
Your personal information will be used solely by Life Environmental Services Ltd., save for any of the following circumstances:-
- In the event that we are acquired by a third party
- In the event that we buy or sell a company or part thereof
- To our approved analytics organisations that assist us in improvement of our website
- If we are under statutory obligation to disclose the data
- To our approved third parties where we believe there is a legitimate interest to you.
We do not sell your data to any third party.
How we protect your Personal Data
We are committed to ensuring that all your Personal Data is secure and we only store it for as long as is necessary pursuant to the services that we provide. As previously mentioned, we have been awarded the Cyber Essentials Accreditation for our computer systems and processes. We have robust technology and procedures in place in order to minimise risks of any loss, misuse, amendment or deletion.
The data that we collect may be transferred to and stored at a destination outside the EEA (European Economic Area). By submitting your personal data, you agree to this transfer, storing and processing. We will take all reasonable steps to ensure that your data is treated securely and in accordance with this policy.
Unfortunately, the transmission of information via the internet is not totally secure. Although we will do our utmost to protect your data, we are unable to guarantee the security of it when transmitted to our website, so you do so at your own risk. Once we have received your data, our IT protocols will try to prevent unauthorised access within our firewalls.
How long we keep your data for
We will only retain your personal data for as long as necessary to fulfil the purposes that we collected it for, which may include satisfying statutory, accounting or contractual obligations.
We consider each type of personal information collected and determine how long retention is necessary by considering the following factors:-
- The type and amount of personal information collected
- The potential risk and impact of any unauthorised use or disclosure
- The use of the data – ie is it for legal purposes
- Whether we need the data in its raw form or can it be anonymised or pseudonimised
- Whether we need to process that specific data and can the same result be achieved by other means.
Your Rights & Requests
With respect to your own personal data, you have the right to request:-
- Access to your personal data – this is called a ‘Subject Access Request’ (please see below)
- Amendment or deletion to your personal data
- Transfer of your personal data to you or a third party
- Withdrawal of your consent
- Processing suspension for one of the following scenarios:
- To establish its accuracy
- Where our use is unlawful but you don’t want us to use it
- Where you need us to hold it although we no longer require it
- Where you have objected to its use but we need to establish whether we have an overriding legitimate grounds to use it.
We have processes in place to accommodate all the above requests. We may have overriding legitimate reasons, in compliance with GDPR, for which we hold your personal data. In these instances, we will advise them following your request.
Following any request, we will try to verify that you are the Data Subject to whom the personal data that we hold relates. Without this verification, we will be unable to authorise your request.
You can obtain further information about your rights from the ICO via their website www.ico.org.uk.
To Contact us
To make a Subject Access Request or exercise your rights under GDPR or raise a general query about this notice please send an email to email@example.com.
Bring your compliance needs to Life
To learn more about how Life Environmental can help your business, contact us today.