At Test Incorporated Limited (Test Inc.) we value your privacy, and personal data is something we take seriously. This policy outlines how we use, store and look after your information.
At Test Inc. we recognise the trust you place in us when you share your personal information. We are committed to operating with openness, honesty and transparency. Your information is never shared with anybody, unless they absolutely need it to help us deliver the service you have requested of us.
Who are we?
Test Incorporated is one of the UK’s leading service companies providing a comprehensive range of specialist Preventative, Predictive and Periodic maintenance solutions across a vast range of electrical installations and system types nationwide.
What information do we collect?
There is some personal information we require in order for us to service our clients effectively.
The type of information that we keep on file is:
- Contact Name(s)
- Contact work telephone and/or work mobile numbers
- Work address of client
- Site works address (if different)
- Information regarding the site – the works that need to be carried out, last test dates, previous reports, etc.
Our method of collecting data consist of meetings, email or telephone call with our clients. However, all of this information gets stored in our Customer Relationship Management system (CRM). At Test Inc. we use a CRM called Insightly, which enables us to manage and monitor our client communication and service.
How do we store your information?
Under the New Rulings of the GDPR, Insightly have declared themselves compliant as a Data Controller and a Sub Processor. In addition, the companies they collaborate with are compliant (details can be found on their website https://www.insightly.com/subprocessors/).
This demonstrates that they are using secure processes, which allow us to manage and store data through their systems.
Insightly allows us to generate a project and track which stage of the process we are working towards; detailing actions to be achieved to move to the next milestone. This system is password protected and only key members of staff have access to it.
In addition, we use Xero Accounting system to process financial information for our clients, which details who to pay and when to pay them. This information is kept secure, behind a password locked site, which can only be accessed by key personnel. Xero state that they take their responsibilities under GDPR seriously and are GDPR compliant (https://www.xero.com/uk/campaigns/xero-and-gdpr/).
The personal data we store is to help us manage the services we provide. The data we use is never shared freely or shared publicly. Our online systems are updated, and our passwords are changed regularly to ensure that all data is kept safely and securely. Any personnel who leave the company have their accounts removed, and their internal passwords are changed.
The sites we use:
To provide a high-quality service to our clients, we utilise key platforms to measure and manage our operation, ensuring that projects are carried out and completed on time. As of May 25th, 2018, these tools are compliant under the GDPR rulings and their updated terms and privacy policies can be viewed on their respective websites.
- Insightly CRM
- Xero Accounting
How do we use your personal information?
At Test Inc. we use your personal information to make contact regarding electrical services that we provide. This includes initial contact with you after a meeting to discuss the works being carried out, through to contacting you during the servicing process to give you updates on quotations, when the works are going to be carried out, or to let you know that works are complete. We will also contact you when you are due for the works to be carried out again.
Many of the services we provide are legal requirements and should be carried out on a regular cycle. To ensure we are providing a full and professional service, we will store your information until the cycle is finished, which will enable us to inform you of your next testing due date.
Personal information is initially gathered when contact is made through our sales department or Business Development Managers. It is then securely passed to our Operations Team to schedule the project. Information such as site contact names and site address are passed on to one of our Lead Engineers, so they can ensure the smooth running of the project. Personal data obtained for business use is filed in a locked cabinet in the office. Our Accounting department is the only other department that will have access to personal data, which allows them to invoice for services provided.
Work that is conducted using subcontractors is done so in a secure manner. The subcontractor has no contact with the client nor do they have access to any personal information, they are solely informed of the site address and the works that need to be carried out. All correspondence will be made directly through a member of the Test Inc. Operations Team.
For any questions on how we use your information throughout the process, please contact our Head Office for more details.
What legal basis do we have for processing your personal data?
Under the new rulings of the GDPR in Europe, there are 6 possible legal grounds in which companies can process user’s personal information. These grounds are:
- Legitimate interests
- Vital Interests
- Public Task
- Legal obligation
At Test Inc. we process information under the legal grounds of Contract and Legitimate interests. This is outlined in the General Data Protection Regulation; Article 6 (1) section B and section F, which can be viewed online.
Section B states that ‘processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering a contract.’
Section F states ‘processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.’
On these grounds, we will process a client’s information when works are required to take place, and it is for the interest of the user requesting the works. The standard consent forms do not apply in this case due to this information being vital in our process.
When do we store and share personal data?
We only share personal data with office staff who need to access it to ensure we service our clients appropriately. Our Data Storage system, Insightly, is EU-U.S Privacy Shield Framework compliant. They also back up their databases daily and they are securely transferred and stored with military grade encryption to off-site locations.
How do we secure personal data?
To ensure your data is kept securely and to reduce the risks of breaches, all personal data is either kept locked away or password encrypted. These passwords are changed regularly, and the paper copies have backups online behind an encrypted software. No external sources can enter the building and access any information on Staff PC’s. We have steps in place on introduction to the business to inform staff that PC’s are to be locked or shut down when not in use so that only the user at the machine is the one that has access to the PC unless access needs to be given to a given staff member for a specific purpose only.
How long do we keep your personal data for?
Due to the nature of the services that we offer, it is important that we keep your information on file for up to 5 years after a project closure, as this is the standard compliance time for most electrical installations and will enable us to ensure your compliance. From this data we will contact you to see if you would like us to conduct the works required, if not, you will be removed from our systems.
Upon starting each project, we will check with you to ensure the information we have on file is correct and up to date, this will then restart the 5-year process outlined above.
When removing your personal data from our records, we delete your details from our online systems, and paperwork associated with the service we provided that contains personal data for the company or its specific staff members is shredded.
Your rights in relation to personal data:
Under the GDPR ruling, you have the following rights regarding your personal data, which can be exercised at any time.
You have the right to:
- Access personal information
- Correct or delete personal information
- Data portability
- Restrict processing of your data
- Log a complaint with the Information Commissioners Office
Any requests that you make for information or withdrawal will be made immediately upon the request being placed.
Test Inc. are committed to continuous improvement and will review this policy, software partners and its regularly kept data.