Privacy Notice – Artemis Recoveries Ltd
At Artemis Recoveries Limited, we are committed to your data privacy and security. We do this by meeting the requirements of the General Data Protection Regulation (GDPR). This notice outlines how we do this and what it means for you.
Who we are:
Artemis Recoveries Limited, you may know us by our trading name, Artemis Repair
Our registered address is 2 Pavilion Court, 600 Pavilion Drive, Northampton NN4 7SL
Our Company registration Number is 08887639
Our Data Privacy point of contact:
Questions about our policy and practices are handled by our Operations Team. You can contact the Operations Team using the enquiries form on our website: www.artemisrepair.co.uk/contact/, by emailing email@example.com or writing to our office address:
Artemis Recoveries Limited, Lakeside House, 9 The Lakes, Bedford Road, Northampton NN4 7HD
Who we collect your information for:
Our clients – if we have been asked to process your information by one of our clients, we will explain to you who the client is and where we have gotten the information from. When we act on behalf of a client we are a Data Processor; we collect, store and use the information for the purpose and reason our client decides.
Our own use – if you are one of our clients, suppliers or employees, we are the Data Controller; we decide what information is collected about you (or your business) and the purpose.
Our lawful basis for processing your information:
Legitimate Interest – we believe we have a legitimate interest to fulfil the services expected of us by both prospective and existing clients and customers. To provide these services we need to engage staff, suppliers and other third parties. For all this to work, we need relevant information about every person or business involved; customers, clients, suppliers, employees etc.
- Sometimes the nature of the information means we will also have another or multiple legal bases that apply. For example, there may also be:
a contract in place or we may have been asked to take specific steps to enter into a contract;
- consent may also have been given;
- we also have a legal obligation to abide with the law;
- there is a vital interest like protecting someone’s life.
Special Category Data:
Where we process sensitive personal data also known as special category data, we will only do so where it is necessary for us to:
- carryout our obligations under employment, social security, or social protection law or a collective agreement;
- It is necessary to protect the vital interest of you or another individual where you or they are physically incapable of giving consent;
- It relates to personal data made public by the individual it relates to;
- It is needed to establish, exercise or defend a legal claim or where a court is acting within their judicial capacity;
- We have your explicit consent for example, if you have a medical condition which will affect how we work at your property or handle your claim.
Why we collect your information:
- To process the insurance claim you are making against your insurance or someone else’s;
- To enable us to process an insurance claim someone else is making against your policy;
- To enable building, maintenance or repair works to your building or facility;
- To process a payment we would like to make to you or you would like to make to us;
- For processing recruitment and employment with Artemis Recoveries;
- To carry out security checks to work with or on our behalf;
- To recover money payable to us;
- To recover costs your actions have incurred for our client;
- To enable you to work on our behalf as a supplier;
- To provide you with a service as our client;
- To check you are happy with the service we have provided;
- To process any of the above where you are acting on behalf of your client or the business you work for.
We will only use your data for purposes that are compatible with the original reason we collected it. We will obtain your explicit permission before using your data for an unrelated reason. For example, if we had collected your data to process a claim, we would obtain your permission before using it to market a product to you.
Where we collect your information from:
We use a variety of mediums to collect your data, examples include recorded phone calls, photographs, videos, emails, questionnaires, face-to-face conversations or client instruction forms. We also use publicly accessible databases such as a Land Registry search and other internet searches.
Most of the information we hold is provided by you directly, the client we are working for, or a third party involved in the purpose of our transaction, like a sub-contractor or surveyor.
The information we collect:
Personal data that could be used to identify you like your name or address.
Account details, such as bank account information needed to process a payment.
Employment details, like name, company address, email, telephone numbers.
Special category data where it is relevant to our purpose or we are legally required to do so, such as employment law or HSE requirements. This type of data is sensitive information which generally puts the individual at a higher risk of being discriminated against, for example information about an individual’s health or ethnic origin. We will always gain your explicit permission to record and communicate any special category data.
We will never collect more information about you than we need to achieve our purpose.
Who we will share your information with:
Where it is appropriate to our purpose for having your data, we will share your information with:
- suppliers that we ask to process some or all of our purpose. Such as one of our subcontractor who will conduct the building works, a surveyor who will provide us with a report, or our accountants who will process a payment.
- consultants and businesses who check and support our business practices like external auditors, our company insurers or Health & Safety advisors.
- databases and IT platforms which we use to store and process information
search engines and databases that we use to search for relevant information that can help us achieve our purpose, such as Land Registry
These companies will be governed by their own Privacy Policies and Statements.
If we are holding your data on behalf of our client, we will always provide all the data we hold to them and they may ask us to pass your data to another supplier they use.
Which country will your store my data in:
Most of the systems we use have UK or EEA based servers and are therefore bound by GDPR. Some of the systems we use have servers based outside the EEA, in these instances we will always check that the provider is compliant with the requirements of GDPR before we use them.
How long we keep your data for:
We will only keep your personal information for as long as is necessary. We decide how long to keep data based on:
- legal requirements that apply to the data such as employment law or the requirements of the HMRC;
- contractual requirements that apply to the data such as a guarantee or material warrantee period, or the length of time specified by our client.
Every two years we check the timeframes we need to keep different types of data for. This is to ensure we continue to keep the data for only as long as is necessary.
Your rights for how we use your information:
The right to be informed
We do this using this privacy notice and by doing our best to give you opportunities to access it, such as posting a copy on our website and including an access link at the bottom of our emails.
The right of access
You can request details on how we process your personal data and what type of data we hold about you. You can request this information by writing to our Operations Team using the contact details noted at the start of this statement. We may ask you to provide us with certain information to enable us to fulfil your request and to ensure the request has come from you. We will respond to you within a month of receiving your request unless there are any exceptional circumstances that prevent us from doing so.
The right to rectification
We will always do our best to ensure your data is accurate and up to date. Should you identify that data we hold about you is inaccurate or incomplete, you have the right for this to be corrected. Where we have passed your data to a third party we will do our best to notify them too.
The right to erasure
You have the right to ask us to stop processing your information and to erase it. We will always fulfil this request unless there are legal or regulatory grounds not to, for example information we need to keep to comply with HMRC. We may ask you to provide us with certain information to enable us to fulfil the request and to ensure the request has come from you.
In the event you request we erase your data, we will be unable to continue the purpose that we held the data for. For example, we would be unable to continue working with you, providing a service for you, or for you to continue working for us. This will also restrict the level of contact we can have with you and recognising who you are should you contact us in the future.
The right to restrict processing
You can ask us to stop processing your data. We will retain enough information to ensure the processing is restricted. Doing this will not stop the processing we have conducted to date, it will stop us from continuing to process the information.
Should you request we stop processing your information it will prevent us from continuing the purpose we held your data for. This would also restrict the level of contact we can have with you, for example, we would not proactively contact you.
The right to data portability
At your request we will make the personal data you have provided to us portable using an electronic format. This is to enable easy transfer between one IT platform and another.
The right to object
Where we are the Data Controller (we are not acting on behalf of someone else such as our clients) and your processing is based on legitimate interest, you can object to us processing it at any time. This includes where we process your data for tasks in the public interest, direct marketing, statistic, or official authority such as a police investigation.
Rights related to automated decision making
We do not use automated decision making, if we did, you could ask for any automated decisions to be reviewed.
The right to complain
You can contact us on firstname.lastname@example.org if you would like to discuss our policy in more details or to make a complaint.
For more information about GDPR and your rights, please see the Information Commissioners Office (ICO) website http://ico.org.uk, they regulate how information is handled in the UK and we are registered with them. They are the escalation point as the Supervisory Authority.
Changes to our privacy Statement:
We regularly review our statement and will place any updates on this webpage. This privacy statement was last updated on 3rd May 2018.