ERS Refrigeration & Air Conditioning GDPR Policy

  1. Introduction

ERS Refrigeration & Air Conditioning (“the Company,” “we,” or “our”) is committed to protecting the personal data of its customers, employees, and business partners in accordance with the General Data Protection Regulation (GDPR). This policy outlines how we collect, use, store, and protect personal data to ensure compliance with GDPR requirements.

  1. Scope

This policy applies to all personal data processed by ERS Refrigeration & Air Conditioning, including data related to customers, employees, suppliers, and any other individuals whose data we may process. It applies to all employees, contractors, and third parties working on behalf of the Company.

  1. Data Collection

We collect personal data for specific, legitimate business purposes, such as:

  • Providing and managing refrigeration and air conditioning services.
  • Responding to inquiries and providing customer support.
  • Processing payments, invoices, and other financial transactions.
  • Managing employee records and payroll.
  • Complying with legal requirements.

The types of personal data we collect may include:

  • Contact information (e.g., name, address, phone number, email).
  • Payment details (e.g., credit card information, bank account details).
  • Employment data (e.g., job title, work history, payroll information).
  • Technical data (e.g., IP addresses, service logs).
  1. Legal Basis for Processing

We process personal data based on the following legal grounds:

  • Consent: When individuals have given clear consent for us to process their personal data for a specific purpose.
  • Contractual Necessity: When processing is necessary for the performance of a contract.
  • Legal Obligation: When processing is necessary for compliance with a legal obligation.
  • Legitimate Interests: When processing is necessary for our legitimate business interests, provided that these interests do not override the rights of the data subject.
  1. Data Subject Rights

Under GDPR, data subjects have the following rights regarding their personal data:

  • Right to Access: The right to request access to personal data we hold.
  • Right to Rectification: The right to have inaccurate or incomplete data corrected.
  • Right to Erasure (“Right to be Forgotten”): The right to request the deletion of personal data under certain conditions.
  • Right to Restriction of Processing: The right to restrict the processing of personal data in certain circumstances.
  • Right to Data Portability: The right to receive personal data in a structured, commonly used, and machine-readable format.
  • Right to Object: The right to object to the processing of personal data under certain conditions.
  • Right Not to Be Subject to Automated Decision-Making: The right to not be subject to decisions based solely on automated processing.

Requests related to these rights can be made by contacting our Data Protection Officer at [Insert Contact Details].

  1. Data Security

We take data protection seriously and implement appropriate technical and organisational measures to secure personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. Measures include:

  • Data encryption and secure storage.
  • Regular security assessments and audits.
  • Access controls and data minimization practices.
  • Employee training on data protection principles.
  1. Data Retention

We retain personal data only as long as necessary to fulfill the purposes for which it was collected, or as required by law. Once data is no longer needed, we will securely delete or anonymise it.

  1. Third-Party Data Sharing

We may share personal data with third parties under the following circumstances:

  • With service providers or business partners who assist us in delivering our services (e.g., payment processors, IT service providers).
  • With legal authorities when required to comply with legal obligations.
  • With any organization, if necessary, to protect the rights, property, or safety of our company or others.

We ensure that any third parties with whom we share personal data are GDPR-compliant and provide adequate safeguards for data protection.

  1. Data Protection Officer (DPO)

Linda Hynan has been appointed as the Data Protection Officer for ERS Refrigeration & Air Conditioning. The DPO is responsible for overseeing the implementation of this policy, ensuring ongoing GDPR compliance, and serving as the contact point for data protection matters.

10. Contact Details:

  • Data Protection Officer:
    Linda Hynan
  • Email: info@ersrefrigeration.co.uk
  • Phone: 01256465605
  1. Review and Updates

This policy will be reviewed annually, or as necessary, to ensure compliance with GDPR and any changes in relevant laws. Updates will be communicated to all employees and relevant stakeholders.

  1. Contact Information

For any questions or concerns regarding this GDPR policy or data protection practices, please contact us at:

  • Email: info@ersrefrigeration.co.uk