- Marketing policy
- Employee policy
- Customer records policy
- Staff training policy
- CCTV policy
- Website and email security measures
- Payment records
1. Marketing policy
All marketing is done through Facebook and MailChimp; we have reviewed their GDPR Policy and are happy that their terms and conditions facilitate and comply with GDPR regulation. Any marketing emails we send out through MailChimp give recipients the option to opt in or opt out.
2. Employee policy
All personal employment related documents are kept in a locked filing cabinet in a secure office. Bank details are securely kept on the password protected Sage PAYE software and shared with Barclays Bank, our Bankers, to facilitate salary payments from our accounts office. This office is securely locked when unmanned.
Staff training takes place on a regular basis to make them aware of our policy on GDPR and the importance of how we use best practices for customer data protection. Employee Earnings Personal Data is shared with HMRC as in accordance with the Law.
3. Customer records policy
Customer records are kept in a secure cabinet/storage cupboard. Details about the future are kept secure. Customer visitor data is destroyed and not kept. No credit or bank card information is stored or recorded. Details of customers' motor cars are kept on file and electronically. Details such as customer service records and MOT records are kept secure.
4. Customer training policy
Staff training on how we control and how we protect customer details is done through regular staff training. Staff training takes place on a monthly basis to make them aware of our Policy on GDPR and the importance of how we use best practices for customer data protection.
5. CCTV policy
Crime prevention and security
CCTV is used at RJF Motorhomes premises for maintaining the security of property and for the prevention and investigation of crime. The personal data collected and processed by RJF Motorhomes for these purposes may include visual images, personal appearance, other biometric data and activities undertaken by data subjects. Such personal data may be processed in respect of staff, customers and clients, offenders and suspected offenders, members of the public and those inside, entering or in the immediate vicinity of the firm’s premises. Where necessary or required this personal data is shared with the data subjects themselves, employees and agents, services providers, police forces, security organisations and persons making an enquiry.
6. Website and email security measures
- Data transfer from site to server
- SSL and transfer over https
- Data stored on site CRM system
- Firewall and daily scans for malware using security plugin
- Data stored with database backups
- Database encrypted with unique password
- Data stored on computers and other devices
- Password protection/antivirus and anti-malware on all devices
- Protection of backups
- Backup plugin locked down with password
- Password protection
We retain necessary PII as long as a supplier has a live account with us. We need the PII to operate as a business as far as checking in requirements against contractual agreements, which requires us to keep email records, quotations and notes along with raising invoices and credits.
Once a relationship ends then we will retain all the client information including PII for a period of 6 months. This period ensures that the client has had sufficient time to set up services elsewhere and request any portable information to assist them with the new set up.
If you require us to keep the PII for longer you will have to let us know in writing.
At the end of this period all PII will be deleted with the exception of invoice copies required for us to meet our legal requirements with HMRC.
Right to be forgotten
You can contact us at any time and ask us to delete all PII that we hold about you. If you are a client this will end any contract you have with us as we are unable to service your account without this information. If you are no longer a customer your information will automatically be deleted after 6 months as detailed above.
The information we hold
You have the right to request a copy of any PII we hold about you. This will be sent to the registered email address we hold for your business in zip format.
We will never disclose or sell your information to any third party without your implicit consent unless we are required to by law.
8. Payment Records
Customer payment records or details are never kept or stored electronically on a computer or details of payment kept on file under any circumstances in such as credit or debit card details are concerned.