Privacy Policy

This privacy notice is to let you know how D R Communications Limited uses your personal information, what we do to ensure the safety and security of it, and who we share your information with.  We will also inform you of your rights and how the law protects you.

Who We Are

We are D R Communications Limited (DRC).

In this privacy policy:

• “we/us” means DRC;

• “third party” means someone who is not you or us;

D R Communications Limited, a company registered in England under number 5042330, whose trading office is 10 Kingsclere Business Park, Kingsclere, Newbury, Berkshire.  RG20 4SW

More information about us can be found at www.drc.ltd

Our Data Protection Officer can be contacted here:

privacy@drc.ltd

• 01256 895895

Our Privacy Principles and Promise

DRC is committed to respecting your privacy; we take privacy, security and complying with data protection and privacy laws seriously.

Below are our core Privacy Commitments.  We aim to put these commitments at the heart of everything we do.  We will:

• Keep your data safe and private

• Not sell your data

• Give you ways to manage your marketing choices

How the law protects you

As well as our Privacy Promise, your privacy is protected by law, this section explains how that works:

Data Protection regulations say that we can use personal information only if we have a proper reason to do so.  This includes sharing it outside DRC.  The law says we must have one or more of these reasons:

• To fulfil a contract we have with you, or

• When it is our legal duty, or

• When it is in our legitimate interest, or

• When you consent to it

A legitimate interest is when we have a business or commercial reason to use your information.  But even then, it must not unfairly go against what is right and best for you.  If we rely on our legitimate interest, we will tell you what that is.

Your Rights

At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

Right to access

• You have the right to request a copy of the information that we hold about you.

Right to rectification

• You have a right to correct data that we hold about you that is inaccurate or incomplete.

Right to be forgotten

• In certain circumstances you can ask for the data we hold about you to be erased from our records. Bear in mind, if you ask us to erase your information from our records, we may purchase data in the future that contains your information.  We can however mark it as “do not contact” therefore stopping any contact we may make to you.

Right to restriction of processing

• Where certain conditions apply to have a right to restrict the processing.

Right of portability

• You have the right to have the data we hold about you transferred to another organisation.

Right to object

• You have the right to object to certain types of processing such as direct marketing.

• You also have the right to be subject to the legal effects of automated processing or profiling.

Right to judicial review

• In the event that DRC refuse your request under rights of access, we will provide you with a reason as to why. You have the right to complain.

Should you wish to exercise any of these rights, please contact us using privacy@drc.ltd

All the above requests will be forwarded on should there be a third party involved in the processing of your personal data.

Here is a list of all the ways that we may use your personal information, and which of the reasons we rely on to do so.  This is also where we tell you what our legitimate interests are.

We may use your personal information to

• Manage our relationship with you or your business

• Develop new ways to meet our customers’ needs and to grow our business

• Develop and carry out marketing activities

• Study how our clients use products and services from us and other organisations

• Provide advice or guidance about our products and services

• Prospect for new customers

• Marketing

• Managing customer quotes and tenders

• Quality monitoring of calls

• Credit checks

• Managing customer accounts/contracts

• Customer retention/cross selling

• Lost customer prospecting

• Fault reporting

• Device repair

• Device Management

• Making sure company property is safe and secure

Our reasons

• Your consent

• Fulfilling contracts

• Our legitimate interests

• Our legal duty

Our legitimate interests

• Keeping our records up to date, working out which of our products and services may interest you and telling you about them

• Developing products and services

• Defining types of clients for new products or services

• Seeking your consent when we need it to contact you

• Being efficient about how we fulfil our legal duties

• Commercial proposition to sell telecommunication products and services

• Protect our commercial interest against bad debt

• Quality control and monitoring

• Invoice you for using our products and services

• Prevent and detect fraud or other crimes, recover debts or trace those who owe us money

• To provide details business analysis as part of your service reviews, this maybe via our 3rd party vendor who is GDPR compliant

How we use your information

This privacy notice is to let you know how we will look after your personal information.  This includes what you tell us about yourself, what we learn by having you as a client, and the choices you give us about what marketing information you may want us to send you.  This notice explains how we do this and tells you about your privacy rights and how the law protects you.

Where we collect personal information from

We may collect personal information about you (or your business) from these sources:

• Data you give to us

• When you apply for our products and services

• When you talk to us on the phone or in person with any of our team

• When you use our websites, mobile device apps

• In emails and letters

• In client surveys

• When you buy our products and services – this includes banking details for billing

Third Parties

• Companies and people who know you that pass us your details

• Credit reference agencies

• Reputable data suppliers

We also obtain data from publicly available sources such as information held in Companies House, and information about you that is openly available on the internet.

Training

All staff have undergone GDPR training which will be ongoing to ensure they are aware of relevant information, legislation and controls.

GDPR review

We have reviewed our process and appropriate changes have and will be made to provide appropriate data management.

We will continually review our procedures for IT and data management to keep up to date with changing technology and systems.

• Data we collect when you use our services.

• Data from third parties we work with

• Companies that introduce you to us

• Social networks

• Fraud prevention agencies

• Government and law enforcement agencies.

Who we share your personal information with

We may share your personal information these organisations:

• Organisations that introduce you to us

• Companies we have a joint venture or agreement to co-operate with

• Companies that we introduce you to

• Network, or other service providers who provide the services for your contract

• Any party linked with you or your business’ product or service

• Market researchers

• HM Revenue & Customs, regulators and other authorities

• Companies you ask us to share your data with

• Network service providers who provide the service agreed in your contract

• Other service providers if purchased through us, e.g. insurance companies

• Companies we have contracts with, to provide you with the services agreed in your contract, e.g. device repair centers

• If you use direct debits, we will share your data with the Direct Debit scheme

• Debt collection agencies or other debt recovery organisations

• Law enforcement agencies, regulatory organisations, courts or other public authorities if we must, or are authorised to do so by laIn the event we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets as part of the process of evaluation and to ensure continuity of service

Credit Checks

When you make a request for the supply of any products or services from us or any of our business partners and during the course of any such supply we may carry out credit checks on you at any time.  We will only use licensed credit references agencies but such agencies will keep a record of our search on your credit record.

We may search the electoral roll to verify your address.

We may use credit searches and other information, which is provided to us or the credit agencies, about you and those who are linked financially to you, if credit decisions are made about you, or other members of your household.

We will use this data to:

• Assess whether you or your business can afford to make payments

• Make sure what you’ve told us is true and correct

• Manage accounts with us

• Trace and recover debts

If, at any time during the provision of any goods and services to you, you fail to meet our credit conditions, we will contact you.

You can request a copy of your credit record by writing directly to the credit agencies.

Automated Decision Making

DRC does not use automated processes for decision making.  We may use a credit reference agency to perform credit checks when you apply for products or services with us however this is not an automated process, we use the credit reference agency’s recommendations and then we will manually review and make our decision based on this and other factors.

Cookies

Our website uses cookies to distinguish you from other users of our website.  This helps us to provide you with a good experience when you browse our website and allows us to improve our site.  For detailed information on the cookies we use and the purposes for which we use them, see our Cookies Policy.

Job Applicants

All the above applies for job applicants except for the below changes:

We may use your personal information to

• Make decisions who to employ

• Make sure company property is safe and secure

• Check for criminal convictions

Our reasons

• Our legitimate interests

• Our legal duty

Our legitimate interests

• Find and manage employees to ensure efficient running of the business

• Quality Control and Monitoring

• Security and safety of visitors, staff and assets

Type of personal information & Description

CCTV

• If you enter any of our buildings your images may be captured on CCTV

Contact

• Where your place of work is and how to contact you

Communications

• What we learn about you from letters, emails and conversations between us

Criminal Convictions

• If you are offered a position in certain areas/job roles we may apply for a basic disclosure

Education

• Details of your qualifications and education

Employment History

• Details of previous employers and references

Other Personal Information

• Details of hobbies etc. that you provide in your cv or application

Where we collect personal information from

Data you give us:

• When you apply for a job with us

• Data from third parties:

• Information from people and organisations you put us in contact with, i.e. references

The information we use

The information we collect about you and how we collect it can vary depending on the products and services that you use and subscribe to, how you have used the products and services, and how you have interacted with DRC even if you aren’t a customer, or what we have obtained from a third party with permission to share it with us.

These are some of the kinds of personal information that we use:

• Name

• Business address

• Individual address

• Contact details, such as email addresses and phone numbers

• Data that identifies computers or other devices you use to connect to the internet. This includes your Internet Protocol (IP) address.

• Individual DOB

 

The physical measures we take to protect your data

• Restriction of access to our buildings, and server rooms as necessary

• Adequate locks on all doors.

• Monitoring of unauthorised access.

• Written procedures for employees, contractors and visitors covering confidentiality and security of information.

The technical measures we take to protect your data

• Restricting access to systems depending on the sensitivity/criticality of such systems

• Password protection for all systems

• Maintaining records of the access granted to individuals (which is granular and varies depending on the seniority of that individual and or their role within the business)

• Ensuring prompt deployment of updates, bug-fixes and security patches for all systems

• Security over wireless networks and remote access tools

• Added security on mobile devices

• Automatic device locking

Sending data outside of the EEA

We would only send your data outside of the European Economic Area (‘EEA’) to:

• Follow your instructions.

• Comply with a legal duty

• Transfer it to organisations that are part of Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries.  It makes sure those standards are similar to what is used within the EEA.  You can find out more about data protection on the European Commission Justice website

Marketing

We may use your personal information to tell you about relevant products and offers.  This is what we mean when we talk about ‘marketing’.

The personal information we have for you is made up of what you tell us, and data we collect when you use our services, or from third parties we work with.  We study this to form a view on what we think you may want or need, or what may be of interest to you.  This is how we decide which products, services and offers may be relevant for you.

We can only use your personal information to send you marketing messages if we have either your consent or a ‘legitimate interest’.  That is when we have a business or commercial reason to use your information.  It must not unfairly go against what is right and best for you.

You can ask us to stop sending you marketing messages by contacting us at any time.  Whatever you choose, you’ll still receive statements, and other important information such as changes to your existing products and services

We may ask you to confirm or update your choices, if you take out any new products or services with us in future.  We will also ask you to do this if there are changes in the law, regulation, or the structure of our business.

You can ask us to stop sending you marketing messages by contacting us at privacy@drc.ltd

Whatever you choose, you’ll still receive other important information relating to your existing products and services.

If you change your mind you can update your choices at any time by contacting us.

How long we keep your personal information

DRC  may process personal data for up to 7 years if you are a prospective customer and for the length of your contract if you become an active customer.  This is in keeping with our legitimate interests and contractual

obligations.

We may also store personal data for up to 7 years for any of the following reasons:

• Respond to any questions or complaints

• To show that we treated you fairly

• To maintain records to comply with legal and regulatory rules that apply to us

• In keeping with our legitimate interests and contractual obligations

• We also have processes in place to securely dispose of data we no longer require.

The Principles of good Data Protection

These are the principles under which we seek to operate and manage your data.

• Lawfully processed, fairly and in a transparent manner in relation to individuals;

• Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;

• Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

• Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;

• Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and

• Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or • damage, using appropriate technical or organisational measures.

How to get a copy of your personal information [Referred to as Subject Access Request]

You can request access to the personal information we hold on you, by writing to us at this address:

DRC, 10 Kingsclere Business Park, Kingsclere, Newbury, Berkshire. RG20 4SW

You can also email us using privacy@drc.ltd

To submit a Subject Access Request please email privacy@drc.ltd

To ensure we are only sending the information to someone authorised to have it, we may at our discretion require you to provide two forms of ID from the below list:

• Passport

• Driving licence

• Birth certificate

• Utility bill (from last 3 months)

• Current vehicle registration document

• Bank statement (from last 3 months)

Letting us know if your personal information is incorrect

You have the right to question any information we have about you that you think is wrong or incomplete.  Please contact us if you want to do this.  If you do, we will take reasonable steps to check its accuracy and correct it.

What if you want us to stop using your personal information?

You have the right to object to our use of your personal information, or to ask us to delete, remove, or stop using your personal information if there is no need for us to keep it.  This is known as the ‘right to object’ and ‘right to erasure’, or the ‘right to be forgotten’.

There may be legal or other official reasons why we need to keep or use your data.  But please tell us if you think that we should not be using it.

We may sometimes be able to restrict the use of your data.  This means that it can only be used for certain things, such as legal claims or to exercise legal rights.  In this situation, we would not use or share your information in other ways while it is restricted.

You can ask us to restrict the use of your personal information if:

• It is not accurate

• It has been used unlawfully but you don’t want us to delete it

• It is not relevant any more, but you want us to keep it for use in legal claims

• You have already asked us to stop using your data but you are waiting for us to tell you if we are allowed to keep on using it

• If you want to object to how we use your data, or ask us to delete it or restrict how we use it or, please contact us using privacy@drc.ltd

How to withdraw your consent for non-statutory personal information

You can withdraw your consent at any time.  Please contact us using privacy@drc.ltd if you want to do so.  If you withdraw your consent, we may not be able to provide certain products or services to you.  If this is so, we will tell you.

Reporting breaches

As soon as DRC become aware of any breach we have a legal obligation to report the data breach to the ICO within 72 hours.  Where feasible and if a high risk breach, we will inform the individual effected and give the action plan we are putting in place to rectify such.

All our Employees have an obligation to report actual or potential data protection compliance failures.    This allows us to:

• Investigate the failure and take remedial steps if necessary

• Maintain a register of compliance failures

• Notify the ICO of any compliance failures that are material either individually or as part of a pattern of failures

Any employee who fails to notify of a breach, or is found to have known or suspected a breach has occurred but has not followed the correct reporting procedures will be liable to disciplinary action.

How to complain

Please let us know if you are unhappy with how we have used your personal information.  You can contact us in writing at this address:

DRC, 10 Kingsclere Business Park, Kingsclere, Newbury, Berkshire.  RG20 4SW

Or by emailing privacy@drc.ltd

You also have the right to complain to the Information Commissioner’s Office if we do not respond to your complaint appropriately and in a timely manner.  www.ico.org.uk