Privacy Policy
At Test Incorporated Limited (Test Inc.) we value your privacy, and personal data is something we take seriously. This policy outlines how we use, store and look after your information.
​
The terms ‘we’, ‘us’ or ‘our’ in this document are referring to Test Inc. The terms ‘you’ and ‘our clients’ refers to Customers, Suppliers, Employees, and Sub-Contractors of Test Inc. and the people reading our privacy policy.
​
At Test Inc. we recognise the trust you place in us when you share your personal information. We are committed to operating with openness, honesty, and transparency. Your information is never shared with anybody, unless they absolutely need it to help us deliver the service you have requested of us or carry out necessary business activities.
​
For any questions regarding our privacy policy, or to find out what information we have on file about you, please contact our Head Office. At any time, upon request, you can be removed from our system by calling our office and speaking with our Data Controller on 01920 459700.
Who are we?
Test Incorporated is one of the UK’s leading service companies providing a comprehensive range of electrical services nationwide.
What Information do we collect?
There is some personal information we require for us to service our clients effectively.
The type of information that we keep on file is:
-
Names & Titles
-
Telephone Numbers
-
Mobile, Landline, Office… etc
-
-
Property Address(es)
-
Billing, Shipping, Site, Business Operations… etc
-
-
Customer Site Information (e.g. works required, date(s) of last works, historical reports/certifications, electrical system and structural information)
-
Bank Details (Suppliers & Sub-Contractors)
-
Proof of identity e.g. Drivers Licence, Passport (Employees & Sub-Contractors)
-
Dates of Birth (Employees & Sub-Contractors)
-
Medical Information (Employees & Sub-Contractors)
Our method of collecting data consist of private meetings, e-mail or telephone with our Customers, Suppliers, Sub-Contractors & Employees.
All information gets stored in our secure servers accessible only by those with authority and need, to facilitate necessary business activities.
How do we store your information?
We use several Software as a Service (SaaS) systems in the management of our business. Under the rulings of the GDPR, all our SaaS systems have declared themselves compliant as a Data Controller and a Sub-Processor.
This demonstrates that they are using secure processes, which allow us to manage and store data through their systems.
The personal data we store is to help us manage the services we provide. The data we use is never shared freely or shared publicly without written permission from a suitable authority of the data owner.
Our online systems are updated, and our passwords are changed regularly to ensure that all data is kept safely and securely. Any personnel who leave the company have their accounts removed and decommissioned to prevent any further access.
How do we use your personal information?
At Test Inc. we use your personal information to make contact regarding services that we provide. This includes initial contact with you after a meeting to discuss the works being carried out, through to contacting you during the servicing process to give you updates on quotations, when the works are going to be carried out, or to let you know that works are complete. We will also contact you when you are due for the works to be carried out again.
Many of the services we provide are statutory requirements and should be carried out periodically. To ensure we are providing a comprehensive professional service, we will store your information until the cycle is finished, which will enable us to inform you of your next inspection or maintenance due date.
​
Personal information is initially gathered when contact is made through our Account Managers or direct to our Service Team. Our Service Team upload information to our Workflow Management System which has controlled access to only those who require it to carry out our business activities. Information such as site contact names and site address are passed on to one of our Engineers, so they can attend and carry out works. Personal data obtained for business use is uploaded to our Workflow Management System accessible only by those who need the information to carry out necessary business activities e.g. planning & scheduling of works, invoicing customers, paying suppliers… etc.
​
Work that is conducted using subcontractors is done so in a secure manner. The subcontractor has no contact with the Customer, nor do they have access to any personal information, they are solely informed of the site address and the works that need to be carried out. All correspondence will be made directly through a member of the Test Inc. Service Team and/or Project Manager.
For any questions on how we use your information throughout the process, please contact our Head Office for more details.
How do we use your personal information?
Under the rulings of the GDPR, there are 6 possible legal grounds in which companies can process user’s personal information. These grounds are:
-
Legitimate interests
-
Vital Interests
-
Public Task
-
Legal Obligation
At Test Inc. we process information under the legal grounds of Contract and Legitimate interests. This is outlined in the General Data Protection Regulation; Article 6 (1) section B and section F, which can be viewed online.
Section B states that ‘processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering a contract.’
​
Section F states ‘processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.’
On these grounds, we will process a client’s information when works are required to take place, and it is for the interest of the user requesting the works. The standard consent forms do not apply in this case due to this information being vital in our process.
​
We will notify you of any updates to our processes and procedures or amendments to our privacy policy.
What legal basis do we have for processing your personal data?
Under the rulings of the GDPR, there are 6 possible legal grounds in which companies can process user’s personal information. These grounds are:
-
Legitimate interests
-
Vital Interests
-
Public Task
-
Legal Obligation
At Test Inc. we process information under the legal grounds of Contract and Legitimate interests. This is outlined in the General Data Protection Regulation; Article 6 (1) section B and section F, which can be viewed online.
Section B states that ‘processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering a contract.’
​
Section F states ‘processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.’
On these grounds, we will process a client’s information when works are required to take place, and it is for the interest of the user requesting the works. The standard consent forms do not apply in this case due to this information being vital in our process.
​
We will notify you of any updates to our processes and procedures or amendments to our privacy policy.
When do we store and share personal data?
We only share personal data with Test Inc. employees who need to access it to ensure we service our clients appropriately. Our SaaS systems back up their databases daily and they are securely transferred and stored with military grade encryption to off-site locations.
How do we secure personal data?
To ensure your data is kept securely and to reduce the risks of breaches, all personal data is either kept locked away or password encrypted. These passwords are changed regularly, and the paper copies have backups online behind an encrypted software. No external sources can enter the building and access any information on any of our SaaS systems.
We have steps in place on introduction to the business to inform employees that all Personal Computers and Smart Devices are to be locked or shut down when not in use so that only the user at the machine is the one that has access to the equipment.
​
We employ specialist Information Technical (IT) consultants who monitor and manage our IT infrastructure from virus’, phishing and trojan attacks. All mobile IT equipment is enrolled into a Mobile Device Management (MDM) system allowing us to swiftly locate, wipe, remove permissions in real-time should the need arise. Our IT Consultants regularly audit and perform Penetration Tests to ensure we are operating to the appropriate security levels.
We are also registered with the Information Commissioner’s Office (ICO) ref: ZA181234 - Link
How do we secure personal data?
Due to the nature of the services that we offer, it is important that we keep your information on file for up to a minimum of 5-Years after works are invoiced and complete. This is the standard compliance time for most electrical installations and will enable us to ensure your statutory compliance. From this data we will contact you to see if you would like us to conduct the works required, if not, you will be removed from our systems.
Upon starting each project, we will check with you to ensure the information we have on file is correct and up to date, this will then restart the 5-Year (or equivalent) process outlined above.
When removing your personal data from our records, we delete your details from our SaaS systems, and paperwork associated with the service we provided that contains personal data for the company or its specific staff members is shredded.
​
For any construction and installation works we will keep records on system for a minimum of 10-Years from completion.
Your rights in relation to personal data:
Under the GDPR ruling, you have the following rights regarding your personal data, which can be exercised at any time.
You have the right to:
-
Access personal information
-
Correct or delete personal information
-
Data portability
-
Restrict processing of your data
-
Log a complaint with the Information Commissioners Office
Any requests that you make for information or withdrawal will be made immediately upon the request being placed.
Test Inc. are committed to continuous improvement and will review this policy, software partners and its regularly kept data.
Monitoring Policy
-
The policy will be monitored on an on-going basis to ensure that it addresses issues effectively. The following will be monitored:
-
That all prospective employees are advised of the policy.
-
That the policy forms part of the induction programme.
-
Assessment of any reported incident or related occurrence.
​​
Monitoring of the policy is essential to assess how effective the Company has been to establish control of its obligations.
Reviewing Policy
This policy will be reviewed annually and, if necessary, revised in the light of legislative or organisational changes. Improvements will be made by learning from experience and the use of an established annual review.