Last Updated: May 4th 2018

Information Security Policy

Definitions


GDPR

General Data Protection Regulations.

Tod Security Systems

(T/A Tod Security and Fire) also known as Tod S.

Data controller

Entity or individual who determine what data to collect.

Data Processor

Entity or individual who process the data on behalf of the Data controller.

Tod S

Under the definitions of the GDPR are both Data controller and Processor.

Processing Data

Means any operation Tod S perform on Personal Data that is considered collection, storage, transfer, dissemination or erasure.

Personal Data

Any data that can be used to personally identify an individual.

Processing lawful basis


You have either given clear consent for Tod S to process your personal data for a specific purpose and/or the processing is necessary for Tod S to fulfil your individual requirements, or because you have asked Tod S to take specific steps before entering into a contract.

Introduction


Tods, take the protection and responsibility of your Personal Data very seriously. This Policy sets out the information to assist you to understand the Personal Data we collect from you, why we collect it, how it is used and shared and your choices regarding the use of Personal Data we collect.

 

We will always process Personal Data lawfully, fairly and in a transparent manner. In order to provide our contractual responsibilities to you, we need to collect, use and disclose to certain third parties information that may identify you personally.

Permission


Whilst you use our company to provide services to you, you will need to consent to the privacy practices described in this Policy. If you do not agree with any part of this Policy, and withdraw permission to use some or all of your personal data, it may affect our ability to provide our Products and/or Services to you.

Third parties disclosure of your Personal Data


We may disclose your Personal Data to third parties in accordance with this clause, however any disclosure must be directly in relation to the primary purpose of providing Products and/or Services to you in accordance with this Policy. Please note that we do not engage in the sale or trade of Personal Data under any circumstances.

We may Disclose your Personal Data to third parties performing services for us for the purposes described in this Policy. These services include processing and storing information on servers that may be located outside the UK. See further details below.

Under no circumstances are third parties authorised by us to use or control the Personal Data they receive from us for any other purpose for which we engaged them.

If you have concerns about the transfer of your Personal Data to third parties for the purpose of Processing, please contact us.

Location of Data processing and storage


Although Tod Security and Fire operate solely in the UK one or more of our Data Processors may operate their IT systems and data storage in Australia, New Zealand, and the United States of America as well as the UK and accordingly, we may disclose your Personal Data outside the UK and Europe. All our Data Processors are subject to the privacy practices set out in this Policy, and any applicable jurisdictional legislation.

 

It should be noted that Australia, New Zealand, and the USA have strict data privacy and protection laws of their own.
Your Personal Data may therefore be subject to privacy laws that are different from those in the UK. Personal Data collected within the UK may be transferred to and processed by third parties, located in a country outside the EU, where your Personal Data may be subject to different rights. However all third parties engaged by us must deal with the information we disclose in accordance with our legal obligations, privacy, confidentiality and security standards.

Data processing


We will only process Personal Data, where:

  • The action of processing is a result of your direct instruction;
  • You have consented for Tod S to undertake the processing;
  • The processing is necessary to provide our Products and/or Services to you; or
  • The processing is necessary for us to comply with any legal obligations.

For Example:

If we have been asked by you to install and maintain your monitored intruder alarm, we will need to control and process your data. Some of your personal data will be passed onto third parties such as our Alarm Receiving Centre (To allow them to contact you in the event of an activation), The Police (to allow them to attend your premises), National Security Inspectorate (so a compliance certificate can be issued for your system) our Security Managing software provider (to allow us to process your data on a day to day data basis to provide and manage those services you require us to carryout).

Personal Data Security


We have an obligation to ensure that your Personal Data is protected from unauthorised processing, accidental disclosure, access, loss, destruction or alteration. Accordingly, we have a range of technical security measures and procedures in place to ensure that your Personal Data is protected appropriately.

 

Our third party Processors also have a range of technical security measures and procedures in place to ensure that your Personal Data is protected. These measures have been implemented and are reviewed regularly to protect your Personal Data from scenarios which may result in the accidental or unauthorised disclosure of your Personal Data as mentioned above. Security measures, processes and encryption algorithms (including SSL protocols) are also audited by a third party on a monthly basis to ensure that we are adhering to and applying best practices to our implementation, management and use of security protocols.

Data Breach


In the unlikely event there is a data breach, we will notify the relevant data protection authority within 72 hours of being aware of such a breach, unless the breach is not likely to present any risk to your rights.

Personal Data in which we keep


Name, address, Tel Number, email addresses, Transaction details, Credit History with ourselves, Bank details (for Billing purposes only), Security System Data, Passwords and other nonspecific data that may be critical to allow us to carry out our services to you.

Your Rights


You have rights in respect of your Personal Data. Specifically, you may exercise your right to:

  • Request access to and obtain copies of any Personal Data we have collected from you;
  • Request that your Personal Data be provided to you in a format that can be easily read;
  • Modify or rectify your Personal Data if it is no longer accurate
  • Request your Personal Data be destroyed or erased if you believe it is no longer necessary for the purposes of which it was originally collected; and/or
  • Restrict or object to the collection or processing of the Personal Data we have collected from you. This includes, your ability to withdraw consent previously given at any time.

If you wish to exercise any of the above rights, please send your request to our Data Protection Officer.

Questions


If you have any questions or complaints in relation to this Policy or our use of your Personal Data, or if you wish to inform us of a change or correction to your personal information or would like a copy of the information we collect on you in relation to this Policy or our use of your Personal Data, please contact our Data Protection Officer:

  • Email: mail@todsf.co.uk
  • Post: Unit B10, Brecon House, Mamhilad Park Estate, Pontypool NP4 0HZ

Changes to this Personal Data Protection Policy


We may amend this Policy from time to time in order to continue ongoing compliance with applicable Privacy regulations. If there are significant changes made to this Policy, we will ensure we notify you.