Bluestone Security Ltd is committed to complying with its legal obligations under the General Data Protection Regulation 2016 (“GDPR”). This policy describes how we use and protect the information that you provide to us.
It is important for us to process and use your data only in accordance with the General Data Protection Regulation (“GDPR”, from the GDPR implementation date) or, until GDPR implementation date, the Data Protection Act 1998, (collectively the “Data Protection Laws”) and your expectations, and to be transparent with you in how we process and use your data.
What personal data do we collect and process?
In order for us to operate our business we need to collect personal data from those who access our websites or premises, obtain products or services from us, provide products or services to us, are engaged by us or who we otherwise have dealings with in the course of our day to day activities.
We are committed to ensuring that the personal data we collect and use is appropriate for this purpose and does not constitute an invasion of an individual’s privacy. This section sets out further details of the types of personal data we collect in different circumstances and how it is used by us.
Visitors to our website
If you visit our websites your personal data including your name, email address, telephone number and other contact information will be collected if you register to use the website (where registration is required), subscribe to one of our services, post material or request further services. We may also ask you for information if you report a problem with a website.
We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
We may collect details of your visits to our websites including traffic data, location data, weblogs and other communication data as well as details of the resources that you access. We may also collect information about your computer including, where available, your IP address, operating system and browser type. This information is used for system administration and to report aggregate information to our advertisers.
We use information held about you in the following ways:
To ensure that content from our websites is presented in the most effective manner for you and for your computer.
To provide you with information, products or services that you request from us.
To carry out our obligations arising from any contracts entered into between you and us.
To allow you to participate in interactive features of our service, when you choose to do so.
To notify you about changes to our service.
Customers and related individuals
We collect personal data from our customers and related individuals where necessary to provide our services or where an individual has otherwise consented to its collection.
We may use the personal data collected for the purposes of:
Providing our products and services to you or the organisation you represent.
Operating back office and administration services connected with the provision of our products and services.
Managing relationships including by providing you with information on events and access to publications.
Suppliers and third party service providers (including individual contractors)
We may collect personal data including your name, email addresses, telephone numbers and other business contact information for the purposes of receiving services or quotations, managing relationships, providing services to our clients and operating our business.
We may use and disclose the information we collect in such manner as we believe to be necessary to enable us to carry out our business and to receive the services being provided. This includes the use of personal information in connection with billing, invoicing, payment and legal enforcement.
If you register interest in applying for a vacancy with Bluestone Security Ltd or submit an application for a vacancy we will collect your name and contact details including your address, email address and telephone number. More detailed personal data may also be collected where you are the subject of a vetting process which may include details of your employment and education history, references, professional memberships and qualifications, credit check results, criminal records check results, DVLA details and proof of identity documents.
Information we collect will be used by us to process and progress your application and to complete our onboarding processes should you go on to be employed or engaged by us.
Your rights as a data subject
As a data subject you have certain rights which you may exercise if we are in possession of, or are processing, your personal data. Specifically:
Right of access – you have the right to request a copy of the information that we hold about you.
Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
Right to be forgotten – you have a right, in certain circumstances, to ask for the data we hold about you to be erased from our records.
Right to restriction of processing – where certain conditions apply you have a right to restrict the processing of your personal data.
Right of portability – you have the right to have the data we hold about you transferred to another organisation.
Right to object – you have the right to object to certain types of processing such as direct marketing.
To exercise these rights please contact us using the contact details set out in the Contact Information section below. In the event that Bluestone Security Ltd refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined in our Complaints procedure.
On what basis do we process personal data?
We will only process personal data where we have a lawful basis on which to do so. The lawful basis on which data is processed will depend on the nature of the information collected and the purposes for which it is used by us but will be one or more of following:
Consent: you have provided your consent for us to process their personal data for a specific purpose.
Contract: the processing is necessary for a contract you have with us or because you have asked us to take specific steps before entering into a contract.
Legal obligation: the processing is necessary for us to comply with our legal obligations.
Vital interests: the processing is necessary to protect someone’s life.
Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party.
For how long do we hold personal data?
We will only retain personal information for the period necessary to fulfil the purposes for which it is collected and processed, or for such shorter or longer period as may be prescribed by applicable law or our internal policies and procedures. Further information on our retention policy can be requested by contacting us via the information provided in the Contact Information section below.
Transferring and storing your data
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”), including the United States of America. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, amongst other things, the fulfilment of orders, the processing of payment details or the provision of support services. By submitting your personal data to us, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Notice.
Information provided via our websites
All information provided via our website is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Disclosure of your information
We may disclose your personal information to any member of our group, which means Bluestone Security Ltd, it subsidiaries and subsidiary undertakings from time to time (as defined in the Companies Act 2006).
We may also disclose your personal information to third parties in certain circumstances including:
We may provide personal data to clients, third party suppliers, service providers, professional advisors and other business partners to enable us to provide or receive products or services.
In connection with the administration and operation of our business we may provide personal data to third parties who provide support services including IT, finance and accounting and HR services and research, marketing, business development and consultancy services.
In the event that we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets.
We may disclose or share your personal data if we are under a duty to do so in order to comply with any legal obligation or where necessary to enforce any legal right or contractual agreement, or to protect the rights, property, or safety of Bluestone Security Services Ltd, our employees, customers, or others. This includes exchanging information with other companies, organisations and bodies for the purposes of fraud protection and credit risk reduction.
Links to other websites
Our websites may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Changes to our Privacy Notice
Any changes we may make to our Privacy Notice in the future will be posted on this page and we suggest that you check back frequently to see any updates or changes.
Our Data Protection Officer is responsible for the management of personal data within PSS and for ensuring that compliance with data protection legislation and good practice can be demonstrated. Questions, comments and requests regarding this Privacy Notice or our collection or use of personal data should be addressed to:
The Data Protection Officer
Bluestone Security Services Ltd