Vysiion strives to maintain the highest standards of decency, fairness and integrity in all our operations. Likewise, we are dedicated to protecting our employees, contractors, suppliers, consumers and online visitors.
Your personal data is any information relating to you from which you can be identified.
This policy sets out:
- how we will process any personal data that we collect from you and what it will be used for,
- the information that you are entitled to receive from us when we collect your personal data and
- your rights under the General Data Protection Regulation (GDPR) in connection with the way we handle your personal data.
You can choose not to give personal data. We may need to collect personal data by law, or under the terms of a contract and/or relationship that we have with you. If you choose not to give us this personal data, it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform services so we cancel a product or service you have with us.
2. Our Promise to You
- To keep your personal data safe and only process it on valid legal basis
- To keep our records up to date and delete or correct inaccurate personal data
- Not to keep your personal data after the purpose has ended
- Not to sell your personal data
- To give you ways to manage and review your marketing choices at any time
3. Who We Are
Vysiion Ltd, as the company responsible for your personal data is the Data Controller. You can contact our Data Protection Officer (DPO) at:
The Data Protection Officer
c/o Admin/ QHSE Dept
or by email to firstname.lastname@example.org
4. Legal Basis for Processing your Personal Data
We need to have a proper reason under the GDPR whenever we process your personal data ourselves or share it with others. These reasons are:
- To fulfil a contract we have with you or to take steps at your request prior to entering into a contract with you, or
- When it is our legal duty, or
- When it is in our legitimate interest or the legitimate interest of a third party except where such interests are overridden by your interests or your fundamental rights or freedoms, or
- When you consent to it.
A legitimate interest is when we have a business or commercial reason to process your personal data, but this must not unfairly go against your rights. If we rely on our legitimate interest, we will tell you what that is.
In the section below this one is a list of all the ways that we may process your personal data, and which of the reasons we rely on to do so. This is also where we tell you what our legitimate interests are.
Unless we have your explicit consent to do so, we will not process special categories of personal data revealing any of the following: racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, sex life or sexual orientation.
5. Information we collect and how we collect it
We may collect personal data from you in the following ways:
- when you make an enquiry or register your interest on our website
- when you contact us in person, over the telephone, by email or by post
- at the point of purchasing product or service from us
- when you apply for our products and services
- in customer surveys
- if you take part in our surveys or promotions
- when you use our services
- payment and transaction data
- at the point of purchasing product or service from you
- when you apply to us for work
- when we employ you
We may collect your personal data from third parties we work with including:
- Companies that introduce you to us
- Credit reference agencies
- Suppliers of materials and equipment
- Trade Contractors
- Sales lead websites
- Social networks
- Analytics providers
- Public information sources such as Companies House
- Agents working on our behalf
- Market researchers
- Government and law enforcement agencies.
The type of information we may ask you to provide about yourself and therefore collect includes, but is not limited to: (customer and employee)
- Contact Details: Name, address, contact telephone number (mobile and landline), e-mail address, job title, company you work for, date of birth, National Insurance number, emergency contact details
- The services and products you are interested in
- Company details: status and history for credit reference checking
- Contractual Details about the products or services we provide to you
- Locational Data we get about where you are, such as may come from your mobile phone or the address where you connect a computer to the internet
- Behavioural Details about how you use our products and services
- Technical Details on the devices and technology you use
- Communications: What we learn about you from letters, emails and conversations between us
- Social Relationships: What we learn about your family, friends and other relationships that we record from conversation between you and us
- Open Data and Public Records: Details about you that are in public records, such as the Electoral Register, Companies House and information about you that is openly available on the internet
- Usage Data: Other data about how you use our products and services
Relating to employees specifically:
- Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses; date of birth, gender, marital status and dependents
- Next of kin and emergency contact information
- National Insurance number
- Bank account details, payroll records and tax status information
- Salary, annual leave, pension and benefits information
- Start date
- Location of employment or workplace
- Copy of driving licence
- Copy of passport
- Recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process)
- Employment records (including job titles, work history, working hours, training records and professional memberships)
- Compensation history
- Performance information
- Disciplinary and grievance information
- Information about your use of our information and communications systems
- Quotes from you relating to business activities
- We may also collect, store and use the following “special categories” of more sensitive personal information: Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions.
- Information about criminal convictions and offences.
You can however at any time tell us to change or remove any personal data or to stop or restrict the processing of your personal data.
6. How we use your Personal Data
We may use the personal data collected/provided by you as follows:
- To ensure that content from our website is displayed in the most effective way for you and for your computer/device
- To respond to your enquiry
- To send you information about similar products and services
- To process and manage the sale and/or purchase of service and products
- To notify you about changes to our service
- To carry out analysis to make improvements to our website and/or services
- To measure or understand the effectiveness of advertising we deliver to you and others
- To carry out agreements which have arisen from any contracts entered between you and us – for example your purchase of products or services from us
- To provide the warranties which cover any products purchased from us
- To monitor customer satisfaction (including processing customer satisfaction surveys)
- To keep our records up to date
- To develop and manage products and services, and what we charge for them
- To define types of customers for new products or services
- To test new products
- To develop and carry out marketing activities
- To study how our customers use our products and services
- To develop and manage our brands
- To manage how we work with other companies that provide services to us and our customers
- To make and manage customer payments
- To collect and recover money that is owed to us
- To comply with laws and regulations that apply to us
- To detect, investigate, report, and seek to prevent financial crime and fraud
- To manage risk for us and our customers
- To respond to complaints and seek to resolve them
- To run our business in an efficient and proper way – this includes managing our financial position, business capability, planning, communications, corporate governance, and audit
- For payroll reasons
- For emergency contact reasons
- To go on any 3rd party security lists or security checks
Relating to employees specifically:
- Making a decision about your recruitment or appointment
- Determining the terms on which you work for us
- Checking you are legally entitled to work in the UK
- Paying you and, if you are an employee, deducting tax and National Insurance contributions
- Providing benefits to you as listed in the company handbook
- Liaising with the company’ pension provider
- Administering the contract we have entered into with you
- Business management and planning, including accounting and auditing
- Conducting performance reviews, managing performance and determining performance requirements
- Making decisions about salary reviews and compensation
- Assessing qualifications for a particular job or task, including decisions about promotions
- Gathering evidence for possible grievance or disciplinary hearings
- Making decisions about your continued employment or engagement
- Education, training and development requirements
- Dealing with legal disputes involving you, or other employees, workers and contractors, including accidents at work
- Ascertaining your fitness to work
- Managing sickness absence
- Complying with health and safety obligations
- Preventing fraud
- Monitoring your use of our information and communication systems to ensure compliance with our IT policies
- Ensuring network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution
- Conducting data analytics studies to review and better understand employee retention and attrition rates
- Equal opportunities monitoring
- To assist with marketing activity
Our legal basis under the GDPR for each of these purposes are as follows:
USE STATED ABOVE
To fulfil a contract that we have with you or to take steps at your request prior to entering into a contract with you:
4, 5, 9, 10, 21, 22, 29, 30, 32, 33, 35,
To comply with our legal duty:
5, 13, 23, 24, 31, 32, 43, 46, 47, 51
It is in our legitimate interest or the legitimate interest of a third party except where such interests are overridden by your interests or your fundamental rights or freedoms:
1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 36, 37, 38, 39, 40, 41, 42, 44, 45, 47, 48, 49, 50, 52
We have your consent to it:
2, 4, 5, 11, 17, 23, 26, 28, 52, 34,
Where we do not have your express consent we may base our processing of your personal data on any other basis that applies.
If we intend to use your personal data for any purpose not stated above we will first notify you of the intended use and the legal grounds.
You can choose which channel you would like us to contact you on, for marketing purposes and with information regarding our products and services at the point this information is collected – this can be done by checking or unchecking the relevant boxes as directed. If you no longer wish for us to communicate with you, you can:
- Visit https://www.vysiion.co.uk/cookie-preferences/ to update your cookie preferences and for data opt-out preferences
- contact us by post, telephone or email GDPR@vysiion.co.uk
7. Sharing your Personal Data
We may disclose your personal data to third parties in certain circumstances but we will not sell, rent or trade your personal data.
Your personal data may be transferred outside the UK and the European Economic Area. Some countries have adequate protection of personal data under their laws but where this is not the case we will be responsible for ensuring that appropriate security and privacy safeguards are in place, either by requiring the recipient to have signed up to a recognised international framework of data protection or by contractual obligations.
Where relevant, we may give third party providers who supply services to us, or who process personal data on our behalf, access to your personal data in order to help us to process it for the purposes set out above. When doing so, we will ask them to confirm that their security measures are adequate to protect your personal data.
Within the purposes set out above we may share your personal data with the following third parties:
- In respect of processing payroll and providing HMRC with details
- With your consent, we will also pass your personal data on to third parties, for example employees, customers and contractors going on secure building access lists and also having security clearance processed
- We may disclose your personal data to third parties working on our behalf, recruitment companies, accountants, HMRC, training companies
- We may disclose your personal data to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our contracts with you; or to protect our rights, property, or our safety and/or the safety of our customers, or others.
- We may need to confirm your identity before we provide products or services to you or your business. We may also share your personal information as needed to help detect fraud and money-laundering risks. We may use solicitors and other advisers for these purposes. We may allow law enforcement agencies to access your personal data. This is to support their duty to detect, investigate, prevent and prosecute crime.
- We may disclose your personal data to third parties in the event that we sell any of our business or assets, in which case we may disclose your personal data to the prospective buyer of such business or assets. If we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets.
8. How we use your information to make automated decisions
We sometimes use systems to make automated decisions based on personal data we have – or are allowed to collect from others – about you. This helps us to make sure our decisions are quick, fair, efficient and correct, based on what we know. These automated decisions can affect the products, services or features we may offer you now or in the future, or the price that we charge you for them.
Here are the types of automated decision we make:
- Pricing and approving credit
- Credit reference agencies
- Data we may already hold.
- Tailoring products and services
- Based on information collected from our website
9. Protecting your information
We will seek to keep your personal data secure by taking appropriate technical and organisational measures against unauthorised or unlawful processing and against accidental loss, destruction or damage.
Only authorised personnel and third parties will have access to your personal data.
We will retain your personal data for no longer than the period of time needed for the purposes that we collected the data and for as long as we have legal grounds to retain it. There is no fixed period after which all record of your personal data will be deleted as this will depend on the circumstances and the purposes of the processing but we will take steps and maintain policies to keep retention under proper review. We will not seek your consent before deleting any personal data.
When purchasing from Vysiion Ltd, we may need to retain your personal data relating to the purchase for warranty and service reasons.
11. Your Right of access to your Personal Data
You have the right to access your personal data including us providing to you , a copy (which may be in electronic form) of any of your personal data that we are holding or using (referred to as “processing”) or that third parties are processing on our behalf.
We will also provide to you, if you request it, the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom the personal data have been or will be disclosed, including recipients in countries outside the UK or international organisations;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- if the personal data was not collected from you, any information available to us as to the source of it;
- whether the personal data has been subject to automated decision-making, including profiling, and if so information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
Requests for this information or a copy of your personal data should be in writing, enclosing proof of identification such as a copy of your passport, driving licence or other documentation confirming your name and address (for example a utility bill) to be addressed to:
The Data Protection Officer,
c/o Admin/ QHSE Dept
or by email to GDPR@vysiion.co.uk
12. Your Right to Removal or Correction of Personal Data and to Restriction of Processing
You have the following rights under GDPR:
- a right to request us to correct inaccurate or incomplete data (“Right to rectification”)
- a right to request us to delete any of your personal data
- a right to request us to stop or to restrict any aspect of the processing of your personal data In certain circumstances we may wish to continue and if GDPR allows us to do so we will inform you of our grounds (“Right to restriction of processing”)
In each case we will tell you what action we are taking and we will also notify any third party to whom the data has been disclosed.
Vysiion Ltd recognises and will follow the lawful basis for processing can also affect which rights are available to individuals. For example, some rights will not apply:
Right to erasure
Right to portability
Right to object
However, an individual always has the right to object to processing for the purposes of direct marketing, whatever lawful basis applies.
13. Your Rights Concerning Automated Processing and Profiling
You have the following rights under GDPR over automated decisions and profiling.
- You can ask that we do not make our decision based on the automated score alone.
- You can object to an automated decision, and ask that a person reviews it.
- You can object to the use of your personal data in profiling or direct marketing.
14. Your Right to Data Portability
You have the right to receive from us the personal data that you have given us in a structured, commonly used and machine-readable format (“Right to data portability”) and/or to have the data sent by us directly to another party. Please note that this right only applies in certain circumstances, which is when we held the data on grounds of your consent or to perform a contract with you or for steps preparatory to such a contract and we were processing that data by automated means.
15. Your Right to Complain to the Regulator
Please let us know if you are unhappy with how we have processed your personal data. You can contact us by writing to the Data Protection Officer at the address given above.
You have the right to lodge a complaint with the Information Commissioners Office (ICO) which is the UK supervisory authority for the processing of personal data. Further details are available on the ICO’s website.
16. Enquiries and to Exercise your Rights
If you have any questions, or want more details about how we process your personal data, or if you wish to exercise any of your rights you can contact us on the contact details on our website or by writing to the Data Protection Officer at the address given above.