Privacy at Panache Fire Services Ltd

At Panache Fire Services Ltd (“we”, “us”), we routinely collect and use personal data about individuals, including customers, supplies and staff.  We are aware of our responsibilities to handle personal data with care, to keep it secure and comply with applicable privacy and data protection laws.
How this Policy Works
The purpose of this Policy is to provide a clear explanation of when, why and how we collect and use information which may relate to personal data”.

Important
Do read this with care.  It provides important information about how we use personal data and explains your statutory rights.

Privacy Product or services

1. Who is responsible for looking after your personal data?

Panache Fire Services Ltd is an independent company and will be responsible for collecting information about you and will be responsible for looking after your personal data and act as  a data controller

Panache Fire Services Ltd will be principally responsible for looking after your personal data. When accessing your personal data, we will comply with the standards set out in this Product or services.

2. What personal data do we collect?

This may include information about previous quotes obtained, background and contact information. The level and type of personal data we collect and use varies depending on the type of product or services. In some instances, it may be necessary for us to collect and use sensitive personal data. We will discuss this with you and establish any exemptions as maybe appropriate.  i.e.   Conditions or requirements for individuals that maybe housed in accommodation that we may need to service. For more information on what information we collect see appendix 1.
Customers.  We will collect your business contact details. We may collect your contact details if you visit our website, register for any information services or attend one of our events. If we collect personally identifiable information we will make it clear when we collect personal information and will explain what we intend to do with it.  See also our Cookie Policy.

3. When do we collect your personal data?

  • We will collect information from you directly when you apply for any product or services.
  • We may collect additional information where we believe this is necessary to manage the risk associated with a product or services.

Suppliers and Visitors

  • We will collect information about you if you or your company provides your contact or other information to us in the course of working with us, either directly as a business partner or as a representative of your company.
  • We may also collect information about you if you attend meetings, events or conferences that we organise, contact us through our website or sign up to one of our newsletters or bulletin services.
  • We may collect information from other public sources (e.g. your employer’s website) where we believe this is necessary to help manage our relationships with our business partners.

4. What do we use personal data for?

Customers, Supplier, Visitors. If you are a customer, supplier or visitor we will use your personal data to manage our relationship with you, including sending you marketing material (where we have appropriate permissions) and to invite you to events. Where relevant, we will use your personal data to deliver or request the delivery of services, and to manage and administer our contract with you or with your employer. If you are a visitor, we will use your personal data; typically, to register for certain areas of our website, enquire for further information, distribute requested reference materials, or invite you to one of our events.
Data analytics. We routinely analyse information in our various systems and databases to help improve the way we run our business, to provide a better service and to enhance the service we provide. We take steps to protect privacy by aggregating and where appropriate anonymising data fields (particularly in relation to Product or services Information as defined in Appendix 1 before allowing information to be available for analysis.

5. Protecting your privacy

We will make sure that we only use your personal data provided we have your consent to us using the data in that way.

  • our use of your personal data is necessary to perform a contract or take steps to enter into a contract with you (e.g. to manage product or services)
  • our use of your personal data is necessary to comply with a relevant legal or regulatory obligation that we have (e.g.  HMRC )
  • our use of your personal data is necessary to support ‘legitimate interests’ that we have as a business (for example, to improve our products, or to carry out analytics across our datasets), provided it is conducted at all times in a way that is proportionate, and that respects your privacy rights.

Before collecting and/or using any sensitive or personal data we will establish a lawful exemption which will allow us to use that information. This exemption will typically be:

  • your explicit consent
  • the establishment, exercise or defence by us or third parties of legal claims

PLEASE NOTE. If you provide your explicit consent to permit us to process your Sensitive personal data, you may withdraw your consent to such processing at any time. However, you should be aware that if you choose to do so we may be unable to continue to provide services to you.  This may mean that your product or services needs to be cancelled.

6. Who do we share your personal data with?
We work with many third parties, to help manage our business and deliver services. These third parties may from time to time need to have access to your personal data. These third parties may include:

  • Service providers who help manage our IT and back office systems

Regulators, which may include the HMRC   as well as other regulators and law enforcement agencies in the E.U. and around the world
We may be under legal or regulatory obligations to share your personal data with courts, regulators, law enforcement. If we were to sell part of our businesses we would need to transfer your personal data to the purchaser of such businesses.
We may also need to use personal data with Project Managers, Sales and  Admin staff or  Engineers who complete works  for you.

7. Direct Marketing
We may use your personal data to send you direct marketing communications about our products or our related services. This may be in the form of email, post, SMS, telephone or targeted online advertisements.
In most cases our processing of your personal data for marketing purposes is based on our legitimate interests, although in some cases (such as where required by law) may be based on your consent. You have a right to prevent direct marketing of any form at any time – this can be exercised by following the opt-out links in electronic communications or by contacting us using the details at the end of this document.
We take steps to limit direct marketing to a reasonable and proportionate level and to send you communications which we believe may be of interest or relevance to you, based on the information we have about you.

8. International Transfers

From time to time we may need to share your personal data with companies who may be based outside Europe (outside of the European Economic Area).
We will always take steps to ensure that any international transfer of information is carefully managed to protect your rights and interests:

  • We will only transfer your personal data to countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights,
  • Transfers to service Providers  and other third parties will always be protected by contractual commitments and where appropriate further assurances, such as certification schemes, such as the EU – U.S. Privacy Shield for the protection of personal data transferred from within the EU to the United States of America
  • Any requests for information we receive from law enforcement or regulators will be carefully checked before personal data is disclosed

You have the right to ask us for more information about the safeguards we have put in place as mentioned above. Contact us as set out at the foot of this document if you would like further information.

9. How long do we keep your personal data?
We will retain your personal data for as long as is reasonably necessary for the purposes listed in this document. In some circumstances we may retain your personal data for longer periods of time, for instance where we are required to do so in accordance with legal, regulator, tax or accounting requirements.
In specific circumstances we may also retain your personal data for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal data or dealings.

We maintain a data retention product or services which we apply to records in our care. Where your personal data is no longer required we will ensure it is either securely deleted or stored in a way which means it will no longer be used by the business.

10. What are your rights
You have a number of rights in relation to your personal data.

You may request access to your data, correction of any mistakes in our files,  erasure of records where no longer required restriction on the processing of your data, objection  the processing of your data, Data portability and various information in relation to any  international transfers
To exercise your rights you may contact us as set out in at the end of this document. Please note the following if you do wish to exercise these rights:

Right What this means
Access You can ask us to:
confirm whether we are processing your personal data;
give you a copy of that data;
provide you with other information about your personal data such as what data we have, what we use it for, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, how you can make a complaint, where we got your data from  the extent that information has not already been provided to you in this Product or services.
Rectification You can ask us to rectify inaccurate personal data.
We may seek to verify the accuracy of the data before rectifying it.
Erasure You can ask us to erase your personal data, but only where:
It is no longer needed for the purposes for which it was collected; or
You have withdrawn your consent (where the data processing was based on consent); or
Following a successful right to object or
It has been processed unlawfully; or
To comply with a legal obligation to which Panache is subject.
We are not required to comply with your request to erase your personal data if the processing of your personal data is necessary:
For compliance with a legal obligation; or
For the establishment, exercise or defence of legal claims;
There are certain other circumstances in which we are not required to comply with your erasure request, although these two are the most likely circumstances in which we would deny that request
Restriction You can ask us to restrict (i.e. keep but not use) your personal data, but only where:
Its accuracy is contested to allow us to verify its accuracy; or
The processing is unlawful, but you do not want it erased; or
it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
You have exercised the right to object, and verification of overriding grounds is pending.
We can continue to use your personal data following a request for restriction, where:
we have your consent; or
to establish, exercise or defend legal claims; or
To protect the rights of another natural or legal person.
Portability You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it ‘ported’ directly to another Data controller but in each case only where:
The processing is based on your consent or on the performance of a contract with you
The processing is carried out by automated means.
Objection You can object to any processing of your personal data which has our ‘legitimate interests’ as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.

Once you have objected, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.

International Transfers You can ask to obtain a copy of, or reference to, the safeguards under which your personal data is transferred outside of the European Economic Area.
We may redact data transfer agreements or related documents (i.e. obscure certain information contained within these documents) for reasons of commercial sensitivity.
Supervisory Authority You have a right to lodge a complaint about our processing of your personal data. In the UK, the supervisory authority for data protection is the ICO (https://ico.org.uk/).
Identity We take the confidentiality of all records containing personal data seriously and reserve the right to ask you for proof of your identity if you make a request in respect of such records.
Fees We will not ask for a fee to exercise any of your rights in relation to your personal data unless your request for access to information is unfounded, respective or excessive, in which case we will charge a reasonable amount in the circumstances. We will let you know of any charges before completing your request.
Timescales We aim to respond to any valid requests within one month unless it is particularly complicated, or you have made several requests in which case we aim to respond within three months. We will let you know if we are going to take longer than one month. We might ask you if you can tell us what exactly you want to receive or are concerned about. This will help us to action your request more quickly.
Third Party Rights We do not have to comply with a request where it would adversely affect the rights and freedoms of other data subjects.

 

11. Contact and complaints
The primary point of contact for all issues arising from this Product or services, including requests to exercise data subject rights, is our Data Protection Officer.  The Data Protection Officer can be contacted in the following ways:

Email:  info@panachfire.co.uk

Write to: Data Protection Officer, Panache Fire Ltd, Unit 1, Wycombe Industrial Mall, West End Street, High Wycombe, Bucks, HP11 2QY
If you have a complaint or concern about how we use your personal data, please contact us in the first instance and we will attempt to resolve the issue as soon as possible. You also have a right to lodge a complaint with your national data protection supervisory authority at any time.

Definitions

Data Controller: means a natural or legal person (such as a company) which determines the means and purposes of processing of personal data.
ICO: The Information Commissioners Office regulates the processing of personal data by all organisations within the UK.

Sensitive Personal Data: means any personal data relating to your health, genetic or biometric data, criminal convictions, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership. At Panache, (other than in the context of our employees, which is outside the scope of this Product or services) we routinely only process Sensitive Personal Data relating to health or criminal convictions.
Service Providers: these are a range of third parties to whom we outsource certain functions of our business. For example, we have service providers who help us with the administration of setting up a new product or services record. Some of these providers use ‘cloud based’ IT applications or systems, which means that your personal data will be hosted on their servers, but under our control and direction. We require all our service providers to respect the confidentiality and security of personal data.
Telematics data:  data provided automatically to us by a device which monitors your behaviour. An example is data collected from a device fitted to a vehicle reflecting driving behaviour.

 

Appendix 1 Categories of Personal Data

Health Data – e.g. details of injury, medical report

Criminal Data – e.g. driving offences, police reports

Financial Information – bank account details used for payment

Anti-fraud Data –address, history

Suppliers and Visitors Contact Details – name, work address, work email, work telephone numbers, job title, bank accounts for payment.

Marketing name, job title, email address, interests / marketing list, record of permissions or marketing objections, website data (including online account details, IP address and browser generated information) see also our cookie policy

Office Visitor
name, job title, email address, telephone number,

CCTV images