Smart terrace houses
  • Privacy Policy
  • Data Retention Policy
  • Information Classification Policy
Tab 1

Privacy Policy

Bensleys Timber Maintenance Co Ltd is committed to protecting and respecting your privacy.

Bensleys Timber Maintenance Co Ltd understands that your personal data is entrusted to us and appreciates the importance of protecting and respecting your privacy. To this end we comply fully with the data protection law in force in the UK and operate fully within the guidelines of the General Data Protection Regulations effective May 2018.

This Privacy Policy sets out the basis on which we collect and process personal data about you including our practices regarding the collection, use, storage and disclosure of personal data that we collect from you and/or hold about you, and your rights in relation to that data.

Please read the following carefully to understand how we process your personal data. By providing your personal data to us or by using our services, website or other online or digital platform(s) you are accepting or consenting to the practices as described or referred to in this Privacy Policy.

When we refer to ‘we’, ‘us’ and ‘our’, we mean Bensleys Timber Maintenance Co Ltd and our website www.bensleys.co.uk.

What personal data may we collect from you?

When we refer to personal data in this policy, we mean information that can or has the potential to identify you as an individual.

Accordingly, we may hold and use personal data about you as a customer and in any other capacity, for example, when you visit our website, complete a form, access our services or speak to us. Depending on what services you receive from us this may include sensitive personal data though this is unlikely.

Personal data we collect from you may include the following:

  • information that you give us when you enquire or become a customer of us including name, address, contact details (including email address and phone number)
  • details of purchases and other contact and correspondence we may have had with you
  • information you give us when you make a payment to us, such as financial/bank detail information

Location Information

  • If you use our Site, we may receive your generic location (such as city or neighbourhood) or, with your consent, precise geographic location data from your mobile device when the app is running and when it is not running
  • We may use and store this information to provide and improve features of our Sites, for example, to tailor our Sites on a needs-based manner to better facilitate your requests
  • Please see the Your Choices section, below, for more information about how to adjust your preferences, including those related to location information

Device Information

  • When you visit our Sites or open communications (such as emails), some information is automatically collected from devices (e.g., mobile, computer, laptop, tablet) used to visit or use our Sites including, but not limited to, operating system, access times, browser information (e.g., type, language, and history), settings, and other data about your device that we use to provide the services or as otherwise described in this Policy (" device information")
  • We also collect information about your usage and activity on our Sites using certain technologies, such as cookies, web beacons and other technologies (see our Cookies and Interest-Based Advertising Policy for more details)

Personal information, device information, and location information are collectively referred to as “your information."

How We Use Your Information

  • We may use your information for the following purposes to: provide you with the services, products, and functionality offered on our Sites and fulfil your requests, including, but not limited to, paying for services, joining waitlists;
  • communicate with you about your account or use of our Sites, services, products and/or functionality;
  • respond to, or follow up on, your comments and questions, and otherwise provide customer service;
  • provide information, services and products to our customers

Combined Information

  • We may combine your personal information with device information and location information (with your consent, where required) to serve you specifically, such as to deliver a product to you according to your preferences or restrictions
  • When we combine personal information, device information and location information in this way, we treat it as, and apply all of the safeguards in this Policy applicable to, your information

Retention

  • We will retain your information for the period necessary to fulfill the Purposes outlined in this Policy and as otherwise needed to comply with applicable law and internal company policies

How We Share Your Information

We may share your information with the following companies:

  • Healys Solicitors
  • NatWest Bank
  • Our website contains terms and conditions/privacy notices also governed by the General Data Protection Regulations (May 2018)
  • Should there be any breach of data by us we will notify you as soon as is reasonably possible after it has come to our attention

Other Sharing

  • We may disclose your information to regulatory authorities, courts, government agencies and other third parties where we believe that doing so would be in accordance with or permitted or required by any applicable law, regulation or legal process, to defend the interests, rights, and/or property of us or others, or to respond to emergencies
  • We may disclose or transfer your information to a third party if we sell, transfer, divest, or disclose all or a portion of our business or assets to another company in connection with or during negotiation of any merger, financing, acquisition, bankruptcy, dissolution, transaction, or proceeding
  • We may share aggregate statistical data for the improvement of services offered by our Sites. We may also share aggregated or de-identified information with third parties in our discretion
  • We may otherwise share your information as directed by you or subject to your consent

Security Of Your Information

  • When your bank account information is being transmitted to our Sites or through our Sites, it will be protected by cryptographic protocols
  • We cannot guarantee that transmissions of your bank account information or your other information will always be secure or that unauthorized third parties will never be able to defeat the security measures taken by us or our third-party service providers
  • Except to the extent that liability cannot be excluded or limited due to applicable law, we assume no liability or responsibility for disclosure of your information due to errors in transmission, unauthorized third-party access, or other causes beyond our control. You play an important role in keeping your information secure. You should not share your user name, password, or other security information for your account with anyone. If you have reason to believe that your interaction with us is no longer secure (e.g., if you feel that the security of any account you might have with us has been compromised), please contact us immediately as detailed in the Contact Us section, below

Cookies And Other Tracking Technologies

  • We collect information about your usage and activity on our Sites using certain technologies, such as cookies, web beacons, and other technologies. Third parties may also view, edit, or set their own cookies. We and our third-party service providers, advertisers, and/or partners may also place web beacons for such third parties. The use of these technologies by such third parties is subject to their own privacy policies and is not covered by this Policy, except as required by law

Your Choices

  • Email - If you do not want to receive marketing and promotional emails from us, you may click on the "unsubscribe" link in the email to unsubscribe and opt-out of marketing email communications. If you have an account with us, you may also opt-out of marketing emails in your account settings. Alternatively, to the extent that applicable law requires your prior opt-in consent to receive marketing and promotional emails, you can choose not to opt-in. Please note that even if you opt-out of receiving marketing communications from one or all of our sites, we may need to send you service-related communications
  • Application location choices - As detailed in the Information We Collect section, above, we may collect information about your location if you enable location services through the settings in your mobile device, or, as required, with your consent. You can change the privacy settings of your device at any time to turn off the sharing of this location information with our Sites. If you choose to turn off location services, this could affect certain features or services of our Sites. If you have specific questions about the privacy settings of your device, we suggest you contact the manufacturer of your device or your mobile service provider for help

Access And Correction Of Your Information

  • If you have created an online account with us and would like to update the information you have provided to us, you can access your account to view and make changes or corrections to your information. You may also contact us as detailed in the Contact Us section, below

Changes To This Policy

  • Except to the extent limited by applicable law, we reserve the right to update this Policy to reflect changes to our information practices by prominently posting notice of the update on our Sites, and as required, obtaining your consent
  • Any updates will become effective immediately after posting the updates to this Policy and apply to all information collected about you, or where required, upon your consent
  • You agree that you will review this Policy periodically
  • If we make any changes to this Policy, we will change the "Last Updated" date above
  • You are free to decide whether or not to accept a modified version of this Policy, but accepting this Policy, as modified, is required for you to continue using our Sites
  • If you do not agree to the terms of this Policy or any modified version of this Policy, your sole recourse is to terminate your use of our Sites
  • If we make any changes to this Policy that materially impacts previously collected information about you, we will obtain your prior express consent

Your Rights

  • You may complain to the ICO Information Commissioners Office at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF if you feel we are mishandling your data at any time
  • You may request us to remove part or all of the information we hold on you at any time
  • You may view or change any information we hold on you at any time
  • You may unsubscribe from all/any mailings at any time and we will ensure you do not receive anything further although it may take up to one month before it becomes effective
  • You may ask us to send on any information we hold on you to a named third party at any time
  • You may request at any time NOT to be profiled or subject to automated decision making
  • We will ensure any changes you ask us to make are carried out within one month. If you decide to withdraw your details from our mailing lists completely we promise not send you anything further, however in some cases legislation requires us to safely and securely keep some information for tax or VAT purposes for a specific length of time but rest assured it will not be used in any other way

Contact Us

  • Mark J. Browne, Data Controller, Bensleys Timber Maintenance, 10 De Montfort Road, Brighton, BN2 3AU
  • The Bensleys T M Co Ltd Privacy Notice covers our registered office, our website, and all aspects of using www.bensleys.co.uk. We operate fully within the guidelines of the General Data Protection Regulations effective May 2018
  • if you need to contact us for any reason our email address is , our telephone number is 01273 600700. We are open [Monday to Thursday 9am – 5pm and Friday 9am - 4pm]; should you wish to write to us, our head office address is 10 De Montfort Road, Brighton, BN2 3AU
  • all information we hold will have been obtained on a lawful basis directly from you after expressing an interest in our products or services which satisfies the legitimate interest requirement of the General Data Protection Regulations (May 2018)

We will only collect and securely store any information you have given us to:

  • process and fulfil your order requirements
  • to send you information to keep you up to date on products, services or promotions we run that you have indicated you may be interested in
  • we will only ask you for details relevant to your enquiry (name, address, telephone number, email address) or purchase (payment information) and will securely hold these until you ask us to remove them (see your rights) with online transactions we automatically obtain an IP address
  • we do not retain personal or financial information obtained during the payment process
  • we will not pass your details onto any third party that are not involved in the purchasing process (Paypal, bank etc. to facilitate secure payment, delivery source of royal mail/courier or feedback websites if you leave comments)
  • for our online customers - when you browse our website our systems will remember the pages you have visited and retain that information. We may then use this when deciding what offers or invitations would be of interest to you
  • We will ask you to opt in to receive information on sales, newsletters, direct marketing etc. we will not send you these without your permission
  • if we change any of our privacy notices we will inform you by email or if you have opted not to receive emails we will write to you, we will also display a reminder on our website advising customers things have changed and can be viewed in our Privacy Notice section

Your Rights

  • you may complain to the ICO Information Commissioners Office at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF if you feel we are mishandling your data at any time
  • you may request us to remove part or all of the information we hold on you at any time.
  • you may view or change any information we hold on you at any time
    • you may unsubscribe from all/any mailings at any time and we will ensure you do not receive anything further although it may take up to one month before it becomes effective.
    • you may ask us to send on any information we hold on you to a named third party at any time
    • you may request at any time NOT to be profiled or subject to automated decision making

We will ensure any changes you ask us to make are carried out within one month. If you decide to withdraw your details from our mailing lists completely we promise not send you anything further, however in some cases legislation requires us to safely and securely keep some information for tax or VAT purposes for a specific length of time but rest assured it will not be used in any other way.

Should you wish to do any of the above please put your request in writing via email to: or write to Mark J. Browne, Data Controller, 10 De Montfort Road, Brighton, BN2 3AU. There will be no charge for this service.

Tab 2

Data Retention Policy - GDPR

Date of publication – 1st May 2018
Date of review – 1st May 2018
Responsibility – Mark J Browne, Data Protection Officer

Bensleys Timber Maintenance Company Limited is hereinafter referred to as “the company”

1. Overview

The need to retain data varies widely with the type of data. Some data can be immediately deleted and some must be retained until reasonable potential for future need no longer exists. Since this can be somewhat subjective, a retention policy is important to ensure that the company's guidelines on retention are consistently applied throughout the organisation.

2. Purpose

The purpose of this policy is to specify the company’s guidelines for retaining different types of data.

3. Scope

The scope of this policy covers all company data stored on company-owned, company-leased, and otherwise company-provided systems and media, regardless of location.

Note that the need to retain certain information can be mandated by local, industry regulations and will comply with EU General Data Protection Regulation GDPR and the Data Protection Act 1988 and the Data Protection (Amendment) Act 2003. Where this policy differs from applicable regulations, the policy specified in the regulations will apply.

4. Policy
4.1 Reasons for Data Retention

The company does not wish to simply adopt a "save everything" approach. That is not practical or cost effective and would place an excessive burden on company and IT Staff to manage the constantly-growing amount of data.

Some data, however, must be retained in order to protect the company's interests, preserve evidence, and generally conform to good business practices. Some reasons for data retention include:

  • Litigation
  • Incident investigation
  • Tax/Financial purposes
  • Security incident investigation
  • Regulatory requirements
  • Intellectual property preservation
  • Contactual obligations
  • Legitimate business interests
4.2 Data Duplication

As data storage increases in size and decreases in cost, companies often err on the side of storing data in several places on the network. A common example of this is where a single file may be stored on a local user's machine, on a central file server, and again on a backup system. When identifying and classifying the company's data, it is important to also understand where that data may be stored, particularly for duplicate copies, so that this policy may be applied to all duplicates of the information.

4.3 Data Retention Requirements

This section sets guidelines for retaining the different types of company data.

  • Personal customer data: Personal data will be held for as long as the individual is a customer of the company plus six years
  • Personal employee data: General employee data will be held for the duration of employment and then for six years after the last day of contractual employment. Employee contracts will be held for six years after the last day of contractual employment.
  • Tax payments will be held for seven years
  • Records of leave will be held for three years
  • Recruitment details: interview notes of unsuccessful applicants will be held for one year after interview. This personal data will then be destroyed
  • Planning data: seven years
  • Health and Safety: seven years for records of major accidents and dangerous occurrences
  • Public data: Public data will be retained for three years
  • Operational data: Most company data will fall in this category. Operational data will be retained for five years
  • Critical data including Tax and VAT: Critical data must be retained for seven years
  • Confidential data: Confidential data must be retained for seven years
4.4 Retention of Encrypted Data

IT Support/retention of data is held by the following company:
South East Business Systems, 2-8 Sussex Road, Haywards Heath RH16 4EA
Telephone: 01444 41641
Facsimile: 01444 459453
Email:
Website: www.e-sebs.co.uk

4.5 Data Destruction

Data destruction is a critical component of a data retention policy. Data destruction ensures that the company will use data efficiently, thereby making data management and data retrieval more cost effective. Exactly how certain data should be destroyed is covered in the Data Classification Policy.

When the retention timeframe expires, the company must actively destroy the data covered by this policy. If a user feels that certain data should not be destroyed, he or she should identify the data to his or her supervisor so that an exception to the policy can be considered. Since this decision has long-term legal implications, exceptions will be approved only by a member or members of the company's management team.

The company specifically directs users not to destroy data in violation of this policy. Destroying data that a user may feel is harmful to himself or herself is particularly forbidden or destroying data in an attempt to cover up a violation of law or company policy.

4.6 Applicability of Other Policies

This document is part of the company's cohesive set of security policies. Other policies may apply to the topics covered in this document and as such the applicable policies should be reviewed as needed.

4. Enforcement

This policy will be enforced by the Data Protection Officer and/or Executive Team. Violations may result in disciplinary action, which may include suspension, restriction of access, or more severe penalties up to and including termination of employment. Where illegal activities or theft of company property (physical or intellectual) are suspected, the company may report such activities to the applicable authorities.

Tab 3

Information Classification Policy

Bensleys Timber Maintenance Company Limited provides fast, efficient, and cost-effective damp proofing, structural waterproofing, timber treatment, wall tie replacement and associated building services for a variety of clients. As an industry leader, it is critical for Bensleys Timber Maintenance Company Limited to set the standard for the protection of information assets from unauthorised access and compromise or disclosure. Accordingly, Bensleys Timber Maintenance Company Limited has adopted this information classification policy to help manage and protect its information assets.

All Bensleys Timber Maintenance Company Limited share in the responsibility for ensuring that our information assets receive an appropriate level of protection by observing this Information Classification policy:

  • Company Managers or information ‘owners’ shall be responsible for assigning classifications to information assets according to the standard information classification system presented below. (‘Owners” have approved management responsibility. ‘Owners’ do not have property rights.)
  • Where practicable, the information category shall be embedded in the information itself
  • All Company associates shall be guided by the information category in their security-related handling of Company information

All Company information and all information entrusted to Company from third parties falls into one of four classifications in the table below, presented in order of increasing sensitivity.

Information Category: Unclassified Public
Description: Information is not confidential and can be made public without any implications for Company. Loss of availability due to system downtime is an acceptable risk. Integrity is important but not vital.
Examples
• Product brochures widely distributed
• Information widely available in the public domain,
including publicly available Company web site areas
• Sample downloads of Company software that is for
sale
• Financial reports required by regulatory authorities
• Newsletters for external transmission
Information Category: Proprietary
Description: Information is restricted to management approved internal access and protected from external access. Unauthorized access could influence Company's operational effectiveness, cause an important financial loss, provide a significant gain to a competitor, or cause a major drop in customer confidence. Information integrity is vital.
Examples
• Passwords and information on corporate security
procedures
• Know-how used to process client information
• Standard Operating Procedures used in all parts of
Company’s business
• All Company-developed software code, whether
used internally or sold to clients
Information Category: Client Confidential Data
Description: Information received from clients in any form for processing in production by Company. The original copy of such information must not be changed in any way without written permission from the client. The highest possible levels of integrity, confidentiality, and restricted availability are vital.
• Client media
• Electronic transmissions from clients
• Product information generated for the client by
Company production activities as specified by the
client
Information Category: Company Confidential Data
Description: Information collected and used by Company in the conduct of its business to employ people, to log and fulfil client orders, and to manage all aspects of corporate finance. Access to this information is very restricted within the company. The highest possible levels of integrity, confidentiality, and restricted availability are vital.
• Salaries and other personnel data
• Accounting data and internal financial reports
• Confidential customer business data and
confidential contracts
• Non disclosure agreements with clients\vendors
• Company business plans
Information Category
Description
Examples
Unclassified Public
Information is not confidential and can be made public without any implications for Company. Loss of availability due to system downtime is an acceptable risk. Integrity is important but not vital.
• Product brochures widely distributed
• Information widely available in the public domain,
including publicly available Company web site areas
• Sample downloads of Company software that is for
sale
• Financial reports required by regulatory authorities
• Newsletters for external transmission
Proprietary
Information is restricted to management approved internal access and protected from external access. Unauthorized access could influence Company's operational effectiveness, cause an important financial loss, provide a significant gain to a competitor, or cause a major drop in customer confidence. Information integrity is vital.
• Passwords and information on corporate security
procedures
• Know-how used to process client information
• Standard Operating Procedures used in all parts of
Company’s business
• All Company-developed software code, whether
used internally or sold to clients
Client Confidential Data
Information received from clients in any form
for processing in production by Company. The
original copy of such information must not be
changed in any way without written permission from the client. The highest
possible levels of integrity, confidentiality, and
restricted availability are vital.
• Client media
• Electronic transmissions from clients
• Product information generated for the client by
Company production activities as specified by the
client
Company Confidential Data
Information collected and used by Company in the conduct of its business to employ people, to log and fulfil client orders, and to manage all aspects of corporate finance. Access to this information is very restricted within the company. The highest possible levels of integrity, confidentiality, and restricted availability are vital.
• Salaries and other personnel data
• Accounting data and internal financial reports
• Confidential customer business data and
confidential contracts
• Non disclosure agreements with clients\vendors
• Company business plans