PRIVACY NOTICE

Contents

  1. General
  2. Web
  3. Employee/prospective employee

1 GENERAL

Data Controller

Intona Limited, 7 Fairfield Street, Dundee DD3 8HY

Legal Basis

Intona Limited offers a range of goods and services relating to timber preservation, damp proofing, building services and asbestos surveying. As such, Intona Limited has a legitimate business interest in capturing, processing and retaining data from customers who have requested goods and services from the company for a mutually beneficial purpose.

Intona Limited undertakes to capture, process and retain all data obtained from individuals and businesses in line with the requirements of all applicable Data Protection Laws, including the UK Data Protection Act (DPA), Privacy and Electronic Communications Regulation (PECR) and the EU General Data Protection Regulation (GDPR).

Intona Limited will capture, process and retain data from the following categories of Data Subjects:

A: Customers (based in the UK and EEA)

Intona Limited will initially capture, process and retain customer data that is obtained through mail, telephone, email or the Intona.co.uk website when a customer requests goods, services or information. This data will be used for the purposes of:

  • Creating a customer profile on our in-house data systems,
  • Processing customer orders,
  • Creating and issuing customer invoices,
  • Monitoring order and customer account statuses,
  • Debt chasing,
  • Marketing activity (data provided may be manually profiled by Intona Limited to produce tailored marketing messages and limited customer data will be used when these messages are sent through our secure email management system),
  • Staff training, internal auditing, dealing with complaints and customer queries. No inbound and outbound customer calls are recorded for these purposes.

Intona Limited customers have the right to withdraw consent to hold their data at any time. However, if a customer chooses to withdraw consent, then Intona Limited will be unable to process any further orders for goods and services.

Intona Limited customers are provided with an opportunity to opt out of Intona Limited news emails when receiving all such communication. A unsubscribe link is supplied as part of such emails.

B: Complainants

Intona Limited has a Customer Complaints Policy and customers have the right to make a complaint when they are unhappy with goods or services that have been provided by Intona Limited.

When receiving the details of any complaint, Intona Limited will use the data provided for the purposes of:

  • logging and processing the details of the complaint,
  • carrying out and investigating the scenario outlined in the complaint,
  • making decisions based on the findings of any investigation,
  • informing the complainant of the outcome of their complaint,
  • nforming any affected parties of the outcomes and actions required (should there be any)

Data Transfers

Intona Limited may transfer customer data to third party service providers, agents, subcontractors and other associated organizations for the purposes of completing jobs and providing services to you. This may include third parties operating outside the EEA. Intona Limited will carry out all necessary due diligence to ensure that all data transfers to third parties/partners are carried out securely and that all necessary safeguards are in place to ensure data security. Intona Limited will also ensure that third parties/partners are fully aware of their responsibilities to ensure GDPR compliance when processing customer data transferred to them

For marketing purposes, Intona Limited will not share customer email addresses with secure advertising platforms such as Google and Facebook in order to tailor Intona Limited marketing messages for users.

Intona Limited will not transfer personal data to any other company or organization without your prior consent, with the exception of Her Majesty’s Revenue and Customs (HMRC) requests for financial data (relating to customer invoicing).

Data Retention

When a customer makes a purchase, Intona Limited will retain the data captured or our sales systems indefinitely for the purposes of: fulfilling the contract with the customer, providing an auditable customer trail, providing historical data for accounting purposes, responding to HMRC financial information requests, reviewing and improving services and processes.

Individual Rights

Intona Limited will capture, process and retain personal data in line with DPA and GDPR requirements. Your individual rights in line with these requirements include the:

  • right to be informed of how we use and process your personal data,
  • right of access to any personal data that we retain about you,
  • right to rectification of any personal data that we retain about you that you believe to be inaccurate,
  • right to erasure when there is no legal justification or legitimate business interest allowing us to retain your personal data,
  • right to restrict processing of personal data if , for example, you think that personal data we retain about you is inaccurate or we have no legal justification or legitimate business interest to continue to retain and process your personal data. Rather than request erasure, you can make the request to restrict processing,
  • right to data portability should you want to move, copy or transfer your personal data from one source to another,
  • right to object when personal data is processed due to legitimate business interest or performance of a task in the exercise of official authority, direct marketing and research and/or statistical analysis,
  • rights associated with automated decision making and profiling which allow you to obtain human intervention in any such process, express your points of view on decisions or outcomes made about you and obtain an explanation of any decisions made and subject them to challenge,
  • right to withdraw consent to hold your personal data at any time,
  • right to lodge a complaint with a supervisory authority should you be dissatisfied with how we have managed your personal data (the Information Commissioner’s Office (ICO) is the UK’s independent authority set up to uphold information rights in the public interest)

Subject Access Requests

In line with these individual rights, anyone who wishes to make a formal Subject Access Request to Intona Limited for the purposes of requesting personal data or taking some action with respect to the personal data that is held about them should submit the request in writing to Intona Limited either in writing by post to Mr. R. Mitchell, Director, Intona Limited 7 Fairfield street Dundee DD3 8HY or by emailing ron.mitchell @intona.co.uk

Call Recording

Intona Limited does not record customer calls.

2 WEB

When you use our web site, you can do so either anonymously or, in some cases, after registering and logging in as a member or user.

We do not gather or store personal data about anonymous users. We have no way of knowing who you are or where you live or work. It is technically possible for us to track your movements within our site by using your Internet location(IP address), but we will not do this.

Certain users provide a limited amount of personal data and trust us to use and store it responsibly. The lawful basis for gathering, storing and processing this data is to allow us to administer the company and its activities. The information we store is gathered when a user registers with us, submits an enquiry form, etc. The information we gather is limited to attributes which are required to administer interactions with that person. We only use this data for processes within our own organisation.

We comply with the provisions of the General Data Protection Regulation (GDPR) (which superseded the the Data Protection Act in 2018) and adhere to the Data Protection Principles. We do not undertake automated decision-making or profiling activities on individuals.

We will never disclose any personal data to any third party unless you agreed to this. You can change your preference regarding the sharing of data at any time. Your details would be passed to others only for use in facilitating an enquiry, contract or similar service. We will restrict the amount of information provided to the minimum required for the provision of the service.

Information about users who are not clients will be retained only for the period that their data may be required for the purpose of administration. If you require us to delete your personal data, please let us know. We will be happy to do so, but it may mean that we will no longer be able to provide you with certain services that depend upon the presence of your data.

We respect your rights to data portability, restriction of processing and your right to object to anything we do with your data. If you have such concerns, please let us know and we will do all we can to meet your requirements within the time constraints required by legislation.

You can request access to your personal data we store by using our contact form. You can also contact us by non-electronic channels. Our contact information can be accessed by selecting the "registered office" link which appears at the bottom of every page of our web site. We will accept and process all data access requests unless they are manifestly unfounded or excessive. There is no charge for making such a request, and we will comply within the time constraints required by legislation. If we refuse a request, you can complain to our Board, who will reply within the time constraints required by legislation. There may also be a judicial remedy.

We will never intentionally invade anyone's privacy. If you are unhappy about any reference to yourself or about appearing in any images on any of our web sites, please let us know and we will do our best to resolve your concerns. If you think there is a problem with the way we are handling your data, you have the right to complain to the Information Commissioner’s Office

if you believe that your identity has been misused anywhere in our web site, let us know about that too and we'll try to sort things out.

3 EMPLOYEE/PROSPECTIVE EMPLOYEE

What this Notice covers

Intona Limited is committed to protecting the privacy and security of your personal information.

This Privacy Notice describes how we collect and use personal information about you during and after your working relationship with us, in accordance with the General Data Protection Regulation (GDPR) and data protection legislation.

It applies to all current and former employees, workers and contractors.

Identity of the data controller

Intona Limited is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.

This notice does not form part of any contract of employment or other contract to provide services. We may update this notice at any time.

It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.

Categories of personal data we process

We will collect, store, and use the following categories of personal information about you:

  • Personal contact details such as name, title, addresses, telephone numbers, personal email addresses; date of birth; gender; marital status and dependants,
  • Next of kin and emergency contact information,
  • National Insurance number,
  • Bank account details, payroll records and tax status information,
  • Salary, annual leave, pension and benefits information,
  • Start date,
  • Copy of driving license,
  • Recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process),
  • Employment records (including terms and conditions of employment, work history, working hours, training records and professional memberships),
  • Compensation history,
  • Performance information including appraisals and performance improvement plans,
  • Details of any disciplinary and grievance proceedings you have been involved in,
  • Details of any leave you have taken including holidays; sickness; family and parental leave,
  • CCTV footage,
  • Information obtained through electronic means such as swipe card records and biometric means of identification,
  • Information about your use of our information and communications systems,
  • Photographs,
  • Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions,
  • Trade union membership,
  • Information about your health, including any medical condition, health and sickness records and details of any disability for which we may need to make reasonable adjustments,
  • Genetic information and biometric data,
  • Information about criminal convictions and offences.

Sources of personal data

We collect personal information about you through the application and recruitment process, either directly from you or from an employment agency or background check provider. We may sometimes collect additional information from third parties including former employers and credit reference agencies.

We also collect additional personal information in the course of job-related activities throughout the period you are working for us

Our lawful bases for processing your data

We will use your personal information in the following circumstances:

Where we need to perform the contract we have entered into with you. Where we need to comply with a legal obligation. Where it is necessary for our legitimate interests or those of a third party and your interests and fundamental rights do not override those interests.

Our purposes for processing your data

  • Making a decision about your recruitment or appointment,
  • Determining the terms on which you work for us,
  • Checking you are legally entitled to work in the UK,
  • Paying you and, if you are an employee, deducting tax and National Insurance contributions,
  • Liaising with your pension provider,
  • Administering the contract we have entered into with you,
  • Business management and planning, including accounting and auditing,
  • Conducting performance reviews, managing performance and determining performance requirements,
  • Making decisions about salary reviews and compensation,
  • Assessing qualifications for a particular job or task, including decisions about promotions,
  • Gathering evidence for possible grievance or disciplinary hearings,
  • Making decisions about your continued employment or engagement,
  • Making arrangements for the termination of our working relationship,
  • Education, training and development requirements,
  • Dealing with possible legal disputes involving you, or other employees, workers and contractors, including accidents at work,
  • Ascertaining your fitness to work,
  • Managing sickness absence,
  • Complying with health and safety obligations,
  • To prevent fraud,
  • To monitor your use of our information and communication systems to ensure compliance with our IT policies,
  • To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution,
  • To conduct data analytics studies to review and better understand employee retention and attrition rates, Equal opportunities monitoring,

Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.

Who has access to your data?

We may share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.

Recipients of your data may include third-party service providers (such as payroll and pensions providers); other related business entities; a regulator or to otherwise comply with the law.

Where we do so, we will require third parties to respect the security of your data and to treat it in accordance with the law.

We may transfer your personal information outside the EU. If we do, you can expect a similar degree of protection in respect of your personal information.

Security of your data

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

How we decide how long to retain your data

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Your rights

You have the right to:

  • Request access to, and a copy of, your personal information,
  • Request correction of the personal information that we hold about you,
  • Request erasure of your personal information,
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.

If you believe we have not complied with your rights, you can complain to the Information Commissioner.

What if you do not provide personal data?

If you do not provide personal data, it is likely to be impossible for Intona Limited to enter into, or to continue with, an employment relationship with you.

Automated decision-making

Intona Limited may make use of electronic automated decision-making systems. We would only do so in the following circumstances:

  • Where we have notified you of the decision and given you 21 days to request reconsideration.
  • Where it is necessary to perform the contract with you and appropriate measures are in place to safeguard your rights.
  • In Limited circumstances, with your explicit written consent and where appropriate measures are in place to safeguard your rights.

Employment decisions are not based solely on automated decision–making.

Changes to this Privacy Notice

Intona Limited reserves the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

Revised June 2018