GDPR Statement of Compliance

Power Office Services Limited – GDPR Statement of Compliance 

The General Data Protection Regulation (‘GDPR’) is effective from 25th May 2018.

In preparation for GDPR, Power Office Services acknowledges its responsibility to develop and maintain business-wide awareness of the rights of individuals to be empowered and protected in terms of data privacy.

We have consulted broadly and implemented processes, procedures and training to ensure that a legal basis for the processing of personal data underpins all business practices at Power Office Services.

We recognise that there are a small number of circumstances in which personal data may be processed and that the GDPR clarifies the responsibilities of companies as far as the processing (collection, storage, maintenance and use) of personal data is concerned.

Power Office Services is actively working on its GDPR strategy and considers this to be an ongoing endeavour that will continue to be operational beyond the enforcement date of 25th May 2018. We will continually strive to ensure that personal data privacy is embedded as routine practice on a perpetual basis.

The Power Office Services board of Directors have appointed a Data Controller, responsible for the general management and security of data, and ongoing compliance with the GDPR.

Power Office Services has undertaken to ensure that all staff receive training in the concepts and requirements of data protection law. Staff will be expected to embrace the ethos of data protection law and to adopt practices in the workplace that reflect the company’s commitment to ensuring that the rights of individuals are respected and protected at all times.

Power Office Services’ internal policy for data protection requires any products, services or systems adopted by the company (relating in any way to the processing of personal data) to undergo an assessment to establish that they do not contravene the company’s policies to maintain compliance with the GDPR.

Power Office Services has implemented training and processes to enable staff to recognise and respond to data Subject Access Requests (‘SARs’). Staff will understand the significance of undertaking identity checks prior to responding to requests for data portability and the rectification and erasure of personal data.

Further to this, Power Office Services appreciates that its products and services are likely to form part of the controls and processes that its clients’ businesses will implement in order to fulfil their own GDPR obligations.

FAQ

If you are employed by an organisation that is a Power Office Services client, prospective client, business partner, supplier or associate, it is possible that we might record data about you (in which case, you become the ‘data subject’ in the context of the GDPR).

A list of responses to questions frequently asked by ‘data subjects’ follows:

Where and how will the data about me be recorded?

We will collect and store information about you when you enquire about our products and services via e mail or by telephone, or when you meet with us.

We may supplement the information we hold about your business (or you as an individual if you are a sole trader or corporate entity of some kind) with information from third parties such as Graydon, LinkedIn and other publicly available platforms.

Your data is likely to be recorded in our Customer Relationship Management (CRM) database system. There may also be emails that you have sent to us (and that we have sent to you) recorded in our CRM system and within our email server database.

If you are a supplier or client, it is probable that we will hold a record which relates to you within our accounting software database as well.

Our CRM, Email and Accounting databases are all maintained within a secure location in the European Union.

What data do Power Office Services hold about me?

Our CRM system is configured to provide for the recording of the following personal information:

Full name, Title, Type of Role, Phone number(s), Email address(s), Postal address (business address)

In addition, we may have attached to your record in our CRM system:

Documents that you have sent us Emails that you may have sent to us or we have sent to you Notes that we have made as outcomes from interactions with you (telephone conversations and meetings) Details of any future planned activities that we have with you

Records held within our accounting system will include a history of transactions (including sales orders, invoices and financial status information that relates specifically to your trading history with us). These may be regarded as ‘personal’ if you are a sole trader or a corporate entity of some kind.

How does Power Office Services ensure data security?

All our database systems are password protected and access is only afforded to those with a legitimate reason for so doing.

All users are required to have a domain user name and password to authenticate against the security model for access to our databases. Password policies determine that these must be changed with a high degree of frequency and they must also have a pre-determined level of complexity.

Where corporate systems are available to staff (exclusively) via the internet, all web services are secured via SSL/TLS certificate security certificate and all internet data transactions are encrypted as a consequence.

Remote workers are only able to access data services within our corporate network via secure Virtual private Network (VPN).

What do you do with my information?

We use your information for the following purposes:

To communicate with you in relation to the products and services that your employer has contracted with us to provide. To monitor our levels of customer service and manage the way in which we support you (if your employer is our customer). To understand our customers’ needs and requirements. To advise you of other products and services that we offer which we feel may be of benefit to you and/or your employer. To alert you to events and news that we feel might be relevant and/or useful to you.

How long do you hold this information

Once you have provided this information to us, we will look to make contact with you and your information will be retained indefinitely, until such time that you wish to ‘unsubscribe’ or request for your information to be erased

With whom do you share my information?

We will never share your information with a third party without your express permission, unless we are required to do so by law.

Do you process sensitive personal data?

We do not directly process data which the Data Protection Act 1998 defines as ‘sensitive personal data’. As a business to business (B2B) company, most data recorded within our systems is of a corporate nature.

How will you use my information to contact me?

We may contact you by telephone (via a business phone number where it has been provided, and sometimes via a mobile phone), by post (to your business address), by email (via a business email address if you have provided us with one) or by Social Media platform (such as LinkedIn, Facebook or Twitter).

Will you send me marketing information?

We will only send you marketing information about other products and services that we (ourselves) offer.

You may want to inform us that you no longer wish to receive email marketing messages from us. Please alert us to this via phone on 020 8888 4000, email to [email protected] or in writing (to our head office address in London N22).

Can I see the information that you hold about me?

If you would like a copy of the personal information that we hold about you, simply call us on 020 8888 4000 or write to us at Power Office Services, 36 New Road, London N22 5ET

We will acknowledge the request as soon as we receive it and will provide a full response within 30 calendar days of our acknowledgement.