DNS Privacy Statement
We Respect Your Privacy
Please take the time to read the following carefully to understand our views and internal practices regarding your personal data and how we will treat it.
For the purposes of the General Data Protection Regulations (GDPR), the data controller is Document Network Services Limited. You can contact the data controller by emailing firstname.lastname@example.org
This statement was most recently reviewed in May 2018. It is subject to regular reviews and may be updated in accordance with changes to legislation or internal processes. Any changes we may make to this statement will be posted on this page.
Our Commitment to You
Document Network Services Limited (“We”, “Us” or “Our”) are committed to protecting and respecting your privacy. This Statement is therefore designed to provide you with appropriate information, assurance and confidence that we are handling your data in a secure, professional manner, with the respect it deserves. This statement therefore addresses what personal information we collect and how we handle the personal information shared with us.
We will collect and process information in accordance with the following policies:
- All data collected from you (for example, information provided by you by filling in forms, surveys, competitions, transaction details, fulfilment of orders, details of visits to our websites etc,) will be transmitted to servers where it will be processed. The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA). It may also be processed by staff operating out of the EEA who work for us, an associated subsidiary or one of our suppliers on our current list of third parties. Such staff maybe engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storage or processing.
- We confirm that any personal details, which you provide to us (or which are available on public registers) from which we can identify you, are held in accordance with our Data Protection Registration Notification. When you register your details with us, we consider the information you input as private.
WHAT PERSONAL DATA DO WE COLLECT AND WHY
We will not collect any personally identifiable information about you unless you provide it to us voluntarily. If you do not want your personal data collected, please do not submit it to us. Some information provided may be legally or contractually required and therefore, if not provided, will limit the services that we are able to provide.
By providing us with your contact details and providing consent, you are confirming that you are happy to receive correspondence from us. In being able to manage the ways we contact you, five key methods will be used: Telephone, Post, Email, Text Message (SMS) and Social Media.
In the event that your personal information is no longer used by us for the purposes outlined in these policies, we will delete it except insofar as it is necessary to retain such information to comply with other relevant or applicable law.
Infomation We May Collect From You
We collect and process information only relevant for the above reasons/purposes, which may include;
- Personal Details.
- Financial Details.
- Goods/Services Provided.
- Details of transactions carried out and the fulfilment of your orders.
- Information that you provide by filling in forms on our website www.dnslimited.co.uk (“our website”).
- A record of correspondence with you.
- Survey responses.
- Call transcripts and call recordings
- Details of your visits to our website and the resources that you access.
- Visual images and personal appearance/behaviour.
Uses Made Of The Information
We process personal information to enable us to repair and sell our products; maintain our accounts and records; advertise our services; and to support and manage our employees.
We also process personal information using a CCTV system to monitor and collect visual images for the purposes of security and the prevention and detection of crime.
We are likely to also to have to utilise Legitimate Interests as a method of contacting you. In GDPR, Legitimate Interest stipulate that there may be scenarios in which we will contact our customers without their consent to do so. This will include areas such as recalls, scheduled servicing and contract renewal reminders, as we have legal, contractual or a legitimate reason to advise you of such circumstance. When we process your personal information for our legitimate interest, we make sure to consider and balance any potential impact on you (both positive and negative) and your rights under data protection laws.
If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please email email@example.com
How we use collected information
Collecting information provides specific benefits to our website visitors. Collecting your information will allow us to process your order and to better advise you of goods and services that may be of interest to you. We use the information for the following purposes:
- processing any order or enquiry from you
- processing your interest in us, whether as a potential employee or customer or supplier
- for statistical purposes to improve the services we provide
- to administer our business
- to notify you of topics that may be of interest to you
- completing or supporting any transaction or activity you have with us
- tailoring the website for its visitors
- analysis and reporting
- to build records of individual visitors
- contacting our visitors for promotion of the website or products
- to help us prevent fraudulent transactions
HOW DO WE SHARE YOUR PERSONAL DATA?
Disclosure Of Your Information
The information we collect may be accessed by our suppliers and ourselves. We may disclose your personal data to any member of our Group, which means our subsidiaries, and our ultimate holding company and its subsidiaries, as defined in section 736 of the UK Companies Act 1985.
We may share the information that we collect about you and the products/solutions that we have provided to you with selected third parties. Where necessary or required, we will share information with:
- Our Business Associates (including our Suppliers, Partners and holding company)
- Our Employees
- Financial Organisations
- Police Forces
- Goods/Service providers
Information is only shared with our partners who abide by our privacy statement. A full listing of companies with whom we may share your information with is available upon request. Under GDPR, unless there is a legal, contractual or legitimate interest for us to share your information, you have the opportunity for your information to not be provided to third parties.
We have carried out specific vetting on third parties to ensure that they are compliant with GDPR and further ensure that your personal data is handled in a manner required under legislation. Please note that we will never sell your information on.
SECURITY OF PERSONAL INFOMATION
Where We Store Your Personal Data
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA). It may also be processed by staff operating out of the EEA who work for us, an associated subsidiary or one of our suppliers on our current list of third parties. Such staff maybe engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services.
By submitting your personal data and agreeing for this to be shared, you agree to this transfer and its associated processing and storing. In some cases, the process will not require your consent as they will be a legally or contractually binding part of your dealings with us. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy statement. Third parties which share your information outside of the EEA will be vetted accordingly to ensure that your data is being handled appropriately.
How Can You Be Assured That Your Data Is Being Handled Appropriately?
We have carried out stringent checks throughout the organisation to ensure that your data is handled in a secure manner. Some key security measures that the organisation abides by include;
- A strict clear desk policy which ensures that no personal documentation is ever left unattended as well as lockable cabinets throughout the organisation.
- Password protected, security encrypted security systems, including firewalls and antivirus protection systems for additional security.
- Subject to external and internal data protection audits.
- Restricted use of portable IT methods including USB’s and laptops.
- Information Security Policy and Data Protection Policy for internal staff to abide by.
- Internal Data Retention Policy and approved shredding contractor for disposal of protected documents.
We have had our internal systems for IT, HR and Management audited and these passed to a standard that allowed our company to achieve Cyber Essentials Accreditation.
What Happens If Your Personal Data Is Breached?
As detailed throughout this statement, we will endeavour to ensure that your personal information is retained in accordance to legislation. However, if for any reason we discover that your personal information has been breached in anyway, including lost, stolen or hacked, dependant on the level of its severity, we will ensure that the Information Commissioners Officer (ICO) and you as a customer, are made aware within 72 hours of us understanding that a breach has been made.
Our staff have been trained in being able to understand and appreciate whether personal information has been breached and have a duty of care to ensure that the Data Protection Officer is informed as soon as a breach has been identified.
Action will then be taken to minimise the risk to your personal data as seen fit in accordance to the incident including following guidance from the Data Protection Officer and the ICO. We will also inform you once we are fully aware that the additional security measures have been put in place to further secure your information.
What About The Security Of My Information When Dealing With You Online?
In some cases, we may collect information about you which is not personally identifiable via our website however, under GDPR, if that information can be linked in some way to a living individual this can now be classified as restricted data. Examples include obtaining your IP address, the type of internet browser you are using and the computer operating system that you are using, as well as the search engine you accessed to locate our website or the associated advertisement that was clicked on a third-party website to link you to our webpage. Although all these are used predominantly for statistical purposes, these do have the potential to be linked to an individual and therefore fall within this statement.
You should be aware that if we are requested by the police or any regulatory or government authority investigating suspected illegal activities, to provide your user information and/or information concerning your activities whilst using this website we shall do so. We also reserve the right to disclose individually identifiable information to third parties where a complaint arises concerning your use of this website, and that use is deemed by us inconsistent with these terms.
We may disclose to third parties aggregated data on the use of this website or our services, provided that a single individual is not identifiable in such data.
This website has security measures in place to protect the loss, misuse and alteration of the information under our control. We use the most advanced encryption technology to protect you from unauthorised use of information supplied on our website. Unfortunately, the transmission of data via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information we will use strict procedures and security features to try to prevent unauthorised access.
Addresses & Cookies
As stipulated above, when you view the website, we may store some information regarding your computer and browsing habits. This information is stored in the form of a “cookie” or similar file.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the website.
Most web browsers allow some control of most cookies through the browser settings. You may refuse to accept cookies by activating the settings on your browser. However, if you select this setting you may be unable to access certain parts of our website.
Third Party Links & Cookies
Third Party Website Links
Our website may, from time to time, contain links that lead to websites furnished by independent website owners. Using these links may mean that you leave our website. The information presented therein is the sole responsibility of the website owners. We have no control of responsibility for the content of the independent websites and provides these links to website visitors for their convenience. If you decide to access any of the third-party websites from this website, you do so entirely at your own risk. Third party websites have their own privacy policies and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Third Party Cookies
What Rights Do You Have Over Your Personal Infomation
Under GDPR, individuals have by far greater ownership of the way in which they are able to manage their own personal information. There are now eight areas in which you have rights to, known as the Data Subject Rights and they are broken down as follows;
- Right to Access/Subject Access Requests – The Right to Access provides you with the opportunity to obtain all the information we hold against you as an individual (also known as Subject Access Requests). The GDPR allows us one month to provide you with all the information we hold against you, your vehicle and your address. This will solely be in relation to the person making the request. We will review all our manual and electronic data and provide you with everything accordingly. If your request specifies what documentation you require, this will assist us in responding to your request quicker.
- Right of Rectification – If you believe that the information that we hold about yourself is incorrect, inaccurate or incomplete, the right of rectification ensures that you can contact us and we will update it accordingly. We will provide you with confirmation once the update has taken place.
- Right to Erasure – Under GDPR, you have the option for all records of your personal information held by us to be erased. There are however a number of exemptions to this right, given that we may have legal or contractual rights to retain your person information. If, however it is felt that we hold information about you which is no longer necessary for the initial purpose it was collected, your right to erasure will be granted.
- Right to Data Portability – GDPR provides you with the opportunity for your personal information to be provided back to you in a portable format. This means that you can transfer your data to a different provider without the need for you to provide it again to them.
- Right to Withdraw Consent – We like to give you the opportunity to manage the way in which we communicate with you. Under GDPR, this is known as the Right to Withdraw Consent. If for any reason, you would no longer wish for us to contact you, either entirely, or via certain methods, this right can be used. This simply means that we will update your contact preferences within our systems, as well as advising third parties with whom we have supplied your information, of your updated preferences also.
- Right to be Informed – This right encompasses the need for transparency over how we use your data and is the intention for this entire document. It ensures that we supply appropriate notification about our processing activities and ensure that they are concise, transparent, easily accessible, written in clear, plan language and free of charge.
- Right to Restrict Processing – This allows you the opportunity to let you hold your data but not processes it for marketing purposes. If you request this right to be actioned, we will place you on a suppression list where it is no longer processed.
- Right to Object – Under GDPR you can object to processing based on legitimate interest or a task classified as being in public interest, direct marketing and processing for purposes of scientific/historical research and statistics.
How Do You Contact Us Regarding Your Personal Data & How It Is Handled?
If you wish to contact us regarding the manner in which your personal data is handled; updating your personal preference; utilising your personal rights; or wishing to complain, then you can:
- Email us at firstname.lastname@example.org
- Post your enquiry to Document Network Services Ltd, Unit 12 Melbourne Business Court, Millennium Way, Pride Park, Derby, DE24 8LZ.
Please note, we may require proof of identity in order to complete some requests. A copy of your passport or driving licence is the most suitable, however other forms of photographic identity are also acceptable.
If you remain unhappy with the manner that your data is being handled in, and/or you feel that the response is not sufficient, please contact the Information Commissioners Officer (ICO) using their website www.ico.org.uk who are the supervisory authority for data protection within the UK.
Changes To Our Privacy Statement
Any changes we may make to our privacy statement in the future will be posted on this page and, where appropriate, notified to you by e-mail.