Privacy Policy

This privacy notice is to let you know how D R Communications Limited uses your personal information, what we do to ensure the safety and security of it, and who we share your information with.  We will also inform you of your rights and how the law protects you.
Who We Are
We are D R Communications Limited (DRC). In this privacy policy: D R Communications Limited, a company registered in England under number 5042330, whose trading office is 10 Kingsclere Business Park, Kingsclere, Newbury, Berkshire. RG20 4SW More information about us can be found at www.drc.ltd Our Data Protection Officer can be contacted here:
Our Privacy Principles and Promise
DRC is committed to respecting your privacy; we take privacy, security and complying with data protection and privacy laws seriously. Below are our core Privacy Commitments. We aim to put these commitments at the heart of everything we do. We will:
How the law protects you
As well as our Privacy Promise, your privacy is protected by law, this section explains how that works: Data Protection regulations say that we can use personal information only if we have a proper reason to do so. This includes sharing it outside DRC. The law says we must have one or more of these reasons: A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. If we rely on our legitimate interest, we will tell you what that is.
Your Rights
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
Right to access
You have the right to request a copy of the information that we hold about you.
Right to rectification
You have a right to correct data that we hold about you that is inaccurate or incomplete.
Right to be forgotten
In certain circumstances you can ask for the data we hold about you to be erased from our records. Bear in mind, if you ask us to erase your information from our records, we may purchase data in the future that contains your information. We can however mark it as “do not contact” therefore stopping any contact we may make to you.
Right to restriction of processing
Where certain conditions apply to have a right to restrict the processing.
Right of portability
You have the right to have the data we hold about you transferred to another organisation.
Right to object
You have the right to object to certain types of processing such as direct marketing.
Right to object to automated processing, including profiling
You also have the right to be subject to the legal effects of automated processing or profiling.
Right to judicial review
In the event that DRC refuse your request under rights of access, we will provide you with a reason as to why. You have the right to complain. Should you wish to exercise any of these rights, please contact us using privacy@drc.ltd All the above requests will be forwarded on should there be a third party involved in the processing of your personal data. Here is a list of all the ways that we may use your personal information, and which of the reasons we rely on to do so. This is also where we tell you what our legitimate interests are.
We may use your personal information to
Our reasons
Our legitimate interests
How we use your information
This privacy notice is to let you know how we will look after your personal information. This includes what you tell us about yourself, what we learn by having you as a client, and the choices you give us about what marketing information you may want us to send you. This notice explains how we do this and tells you about your privacy rights and how the law protects you.
Where we collect personal information from
We may collect personal information about you (or your business) from these sources:
Third Parties
We also obtain data from publicly available sources such as information held in Companies House, and information about you that is openly available on the internet.
Training
All staff have undergone GDPR training which will be ongoing to ensure they are aware of relevant information, legislation and controls.
GDPR review
We have reviewed our process and appropriate changes have and will be made to provide appropriate data management. We will continually review our procedures for IT and data management to keep up to date with changing technology and systems.
Who we share your personal information with
We may share your personal information these organisations:
Credit Checks
When you make a request for the supply of any products or services from us or any of our business partners and during the course of any such supply we may carry out credit checks on you at any time. We will only use licensed credit references agencies but such agencies will keep a record of our search on your credit record. We may search the electoral roll to verify your address. We may use credit searches and other information, which is provided to us or the credit agencies, about you and those who are linked financially to you, if credit decisions are made about you, or other members of your household. We will use this data to: If, at any time during the provision of any goods and services to you, you fail to meet our credit conditions, we will contact you. You can request a copy of your credit record by writing directly to the credit agencies.
Automated Decision Making
DRC does not use automated processes for decision making. We may use a credit reference agency to perform credit checks when you apply for products or services with us however this is not an automated process, we use the credit reference agency’s recommendations and then we will manually review and make our decision based on this and other factors.
Cookies
Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them, see our Cookies Policy.
Job Applicants
All the above applies for job applicants except for the below changes: We may use your personal information to:
Our reasons
Our legitimate interests
Type of personal information & Description
CCTV
If you enter any of our buildings your images may be captured on CCTV
Contact
Where your place of work is and how to contact you
Communications
What we learn about you from letters, emails and conversations between us
Criminal Convictions
If you are offered a position in certain areas/job roles we may apply for a basic disclosure
Education
Details of your qualifications and education
Employment History
Details of previous employers and references
Other Personal Information
Details of hobbies etc. that you provide in your cv or application
Where we collect personal information from
Data you give us:
The information we use
The information we collect about you and how we collect it can vary depending on the products and services that you use and subscribe to, how you have used the products and services, and how you have interacted with DRC even if you aren’t a customer, or what we have obtained from a third party with permission to share it with us. These are some of the kinds of personal information that we use:
The physical measures we take to protect your data
The technical measures we take to protect your data
Sending data outside of the EEA
We would only send your data outside of the European Economic Area (‘EEA’) to:
Marketing
We may use your personal information to tell you about relevant products and offers. This is what we mean when we talk about ‘marketing’. The personal information we have for you is made up of what you tell us, and data we collect when you use our services, or from third parties we work with. We study this to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you. We can only use your personal information to send you marketing messages if we have either your consent or a ‘legitimate interest’. That is when we have a business or commercial reason to use your information. It must not unfairly go against what is right and best for you. You can ask us to stop sending you marketing messages by contacting us at any time. Whatever you choose, you’ll still receive statements, and other important information such as changes to your existing products and services We may ask you to confirm or update your choices, if you take out any new products or services with us in future. We will also ask you to do this if there are changes in the law, regulation, or the structure of our business. You can ask us to stop sending you marketing messages by contacting us at privacy@drc.ltd Whatever you choose, you’ll still receive other important information relating to your existing products and services. If you change your mind you can update your choices at any time by contacting us.
How long we keep your personal information
DRC may process personal data for up to 7 years if you are a prospective customer and for the length of your contract if you become an active customer. This is in keeping with our legitimate interests and contractual obligations. We may also store personal data for up to 7 years for any of the following reasons: We also have processes in place to securely dispose of data we no longer require.
The Principles of good Data Protection
These are the principles under which we seek to operate and manage your data.
How to get a copy of your personal information [Referred to as Subject Access Request]
You can request access to the personal information we hold on you, by writing to us at this address: DRC, 10 Kingsclere Business Park, Kingsclere, Newbury, Berkshire. RG20 4SW You can also email us using privacy@drc.ltd To submit a Subject Access Request please email privacy@drc.ltd To ensure we are only sending the information to someone authorised to have it, we may at our discretion require you to provide two forms of ID from the below list:
Letting us know if your personal information is incorrect
You have the right to question any information we have about you that you think is wrong or incomplete. Please contact us if you want to do this. If you do, we will take reasonable steps to check its accuracy and correct it.
What if you want us to stop using your personal information?
You have the right to object to our use of your personal information, or to ask us to delete, remove, or stop using your personal information if there is no need for us to keep it. This is known as the ‘right to object’ and ‘right to erasure’, or the ‘right to be forgotten’. There may be legal or other official reasons why we need to keep or use your data. But please tell us if you think that we should not be using it. We may sometimes be able to restrict the use of your data. This means that it can only be used for certain things, such as legal claims or to exercise legal rights. In this situation, we would not use or share your information in other ways while it is restricted.
You can ask us to restrict the use of your personal information if:
How to withdraw your consent for non-statutory personal information
You can withdraw your consent at any time. Please contact us using privacy@drc.ltd if you want to do so. If you withdraw your consent, we may not be able to provide certain products or services to you. If this is so, we will tell you.
Reporting breaches
As soon as DRC become aware of any breach we have a legal obligation to report the data breach to the ICO within 72 hours. Where feasible and if a high risk breach, we will inform the individual effected and give the action plan we are putting in place to rectify such. All our Employees have an obligation to report actual or potential data protection compliance failures. This allows us to: Any employee who fails to notify of a breach, or is found to have known or suspected a breach has occurred but has not followed the correct reporting procedures will be liable to disciplinary action.
How to complain
Please let us know if you are unhappy with how we have used your personal information. You can contact us in writing at this address: DRC, 10 Kingsclere Business Park, Kingsclere, Newbury, Berkshire. RG20 4SW Or by emailing privacy@drc.ltd You also have the right to complain to the Information Commissioner’s Office if we do not respond to your complaint appropriately and in a timely manner. www.ico.org.uk