The Surveillance Group Ltd (TSG) is committed to safeguarding the privacy of our customers, staff, stakeholders and website visitors; in this policy we explain how we will treat your personal information. This policy applies to all users of the website, all customers, all TSG staff and TSG stakeholders. This policy applies to our use of any and all data collected by us in relation to your employment, use of the website and any service rendered.
The Surveillance Group Ltd is limited by guarantee and registered at Companies House, number 4246863. The company’s registered office can be found on the web site contact’s page, https://www.thesurveillancegroup.com/contact.
TSG are registered with the Information Commissioners Office:
Registration Number: Z738946X
Date Registered: 21 November 2002 Registration Expires: 20 November 2018
Data Controller: The Surveillance Group Limited
By using our services and website or if you are an employee of The Surveillance Group, you provide TSG with certain information that TSG will process. The purpose for processing this information is to enable TSG to book students onto courses and ease of communication with them. Employees provide details to enable HR and Finance-related activities, such as payroll and administration. At no point will any of the details that you supply to TSG be used for marketing purposes or be passed to any third party company.
The lawful basis for TSG processing this data are as follows:
i) the individual has given clear consent for you to process their personal data for a specific purpose.
ii) the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
This policy applies to data of which we are considered to be the controller, under the GDPR. In instances where we are acting as a processor, ie acting on behalf of another organisation, it is the controller’s legal responsibility to identify the lawful basis for processing the data. Please contact the GPO for further information – Thomas Hull firstname.lastname@example.org.
You may withdraw such consent at any time by emailing your request to Thomas Hull (DPO) at email@example.com.
To ensure the welfare of staff whilst in the employment of TSG and competence to perform their role, we will process their personal data, some of which may be deemed as sensitive under the GDPR. That is to say that we may process data regarding an individual’s physical health, biometric data or commission of a criminal offence. Other typical data we will process are names, addresses and dates of birth which are vital for TSG to process for the day to day running of the company and is classed as personal data as it relates to a living individual who can be identified from that data.
Information collected from staff/clients/students will be used for the purposes specified in this policy. You will be under a contractual obligation to provide us with this.
Personal data provided will remain in-house within TSG, and will not be shared externally.
Without limitation, any of the following data may be collected: Information that you provide to us when registering with our website; Information that you provide to us when using the services on our website, or that is generated in the course of the use of those services Information contained in or relating to any communication that you send to us or send through our website (including the communication content and metadata associated with the communication) name; contact information such as email addresses and telephone numbers; IP address (automatically collected); web browser type and version (automatically collected); operating system (automatically collected); a list of URLS starting with a referring site, your activity on this Web Site, and the site you exit to (automatically collected); and Cookie information (see below).
Information collected via this website will be used for the purposes specified in this policy.
We will not, without your express consent, supply your personal information to any third party for the purpose of their or any other third party's direct marketing.
We may disclose your personal information to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes set out in this policy.
We may disclose your personal information to any of our employees, professional advisers, suppliers insofar as reasonably necessary for the purposes set out in this policy.
We may disclose your personal information:
to the extent that we are required to do so by law; in connection with any ongoing or prospective legal proceedings; in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk)
Primarily, our data will be provided to us by the data subject themselves. However, we are contractually required to ascertain details of the last five years residency for each new employee, as well as a consumer check. This information is accrued via third party searches and explicit consent will be gathered to undertake these before they are conducted.
We will not transfer data outside of the EEA.
Rights of Access
You have the right to access your personal data and supplementary information.
The right of access allows you to be aware of and verify the lawfulness of the processing.
Right to rectification
The GDPR includes a right for you to have inaccurate personal data rectified, or completed if it is incomplete.
You can make a request for rectification verbally or in writing to Thomas Hull (firstname.lastname@example.org). You have one calendar month to respond to a request. In certain circumstances TSG can refuse a request for rectification.
This right is closely linked to the controller’s obligations under the accuracy principle of the GDPR (Article (5)(1)(d)).
Right to erasure
The GDPR introduces a right for you to have personal data erased.
The right to erasure is also known as ‘the right to be forgotten’.
You can make a request for erasure verbally or in writing to Thomas Hull (email@example.com).
TSG will have one month to respond to a request.
The right is not absolute and only applies in certain circumstances.
Right to restrict processing
You have the right to request the restriction or suppression of your personal data.
This is not an absolute right and only applies in certain circumstances.
When processing is restricted, TSG are permitted to store the personal data, but not use it.
You can make a request for restriction verbally or in writing to Thomas Hull (firstname.lastname@example.org).
You have one calendar month to respond to a request.
This right has close links to the right to rectification (Article 16) and the right to object (Article 21).
Right to data portability
The right to data portability allows you to obtain and reuse your personal data for your own purposes across different services.
Upon request, TSG must move, copy or transfer personal data from one IT environment to another in a safe and secure way, without hindrance to usability.
Right to object
You have the right to object to:
processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics.
Rights related to automated decision making including profiling
TSG does not utilise any automated decision-making strategies.
Right to complain
All internal complaints or for further information regarding the processing of data, please contact Thomas Hull (Data Protection Officer) at email@example.com or on 01905-767-879.
Alternatively, the Information Commissioners Office can be contacted on 0303 123 1113 or via their website https://ico.org.uk/concerns/.
This section sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal information.
Personal information that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
Notwithstanding the other provisions of this section, we will retain documents (including electronic documents) containing personal data:
to the extent that we are required to do so by law; if we believe that the documents may be relevant to any ongoing or prospective legal proceedings; and in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).
To stay in line with the fifth data protection principle TSG/NETWATCH will do the following to ensure that “Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
|INFORMATION ASSETS||RETENTION PERIOD|
|Company Pay Roll Information||6+ years, in line with tax legislation|
|TSG client accounts||7|
|Third party misc data||7|
|Company Information, financial data and documentation||6+ years, in line with tax legislation|
|TSG certifications||3+ years|
|Employee Information||1-3 years in line with data protection act|
|Staff And Third Party Contracts||7 +|
|TSG Policy Documentation||7+|
|TSG Training document||7+|
|Manned/Unmanned/Brand Protection Reports||7+ years, longer if requested by client|
|2 Databases holding manned/unmanned/brand protection reports.||7+ years, longer if requested by client|
|Exchange server holding emails||7 years|
|Training departments student data||7 years|
|Training departments records||7 years|
|Fleet Inventory listing rented/owned cars/misc||7 years|
The Surveillance Group Ltd will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information at all times.
Cookies are small files saved to the user's computer’s hard drive that track, save and store information about the user's interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.
Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors.
Other cookies may be stored to your computer’s hard drive by external vendors when this website uses referral programs, sponsored links or adverts. Such cookies are used for conversion and referral tracking and typically expire after 30 days, though some may take longer. No personal information is stored, saved or collected.
Users contacting this website and/or its owners do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use, as detailed in the Data Protection Act 1998. Every effort has been made to ensure a safe and secure form to email submission process but advise users using such form to email processes that they do so at their own risk.
Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.
Users are advised to use social media platforms wisely and communicate / engage upon them with due care and caution in regard to their own privacy and personal details. This website nor its owners will ever ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.
The Surveillance Group's website accepts payments through Realex Payments; a fully PCI DSS compliant payment provider. Your credit card details are never exposed to The Surveillance Group and are never recorded on their servers.
Data Protection Act 1998
Privacy and Electronic Communications Regulations 2003
v.1.0 August 2017 Edited & customised by: The Surveillance Group Ltd. Brook Court, Whittington Hall, Whittington Road, Worcester, WR5 2RX