Pavlou Plumbers aims ensure that all data collected is stored and processed in accordance with the UK GDPR and Data Protection Act 2018.
|Data from which a person can be identified, including data that, when combined with other readily available information, leads to a person being identified
|Special Category Data
|Data such as:
|Obtaining, recording or holding data
|The person whose personal data is held or processed
|A person or organisation that determines the purposes for which, and the manner in which, personal data is processed
|A person, other than an employee of the data controller, who processes the data on behalf of the data controller
Stelios Pavlou has overall responsibility for ensuring that Pavlou Plumbers complies with its obligations. Day-to-day responsibilities rest with Stelios Pavlou. They will ensure that all staff are aware of their Data Protection obligations, and oversee any queries related to the storing or processing of personal data.
We hold Personal Data about our clients, and potential clients. The nature of our business may require our clients to share Personal Data with us so that we can fulfil our contractual obligations to them (lawful basis for processing). Typically, for both our records and information provided by our clients, this will include, but is not limited to:
We may need to carry out Data Protection Impact Assessments, which will be completed before any data is shared. If we are acting as a Data Processor, this will be subject to a Data Controller/Data Processor Agreement.
We may share data with third parties to support the operational needs and smooth running of our company. These third parties may include, but will not be limited to, facilities providers, consultants engaged by Pavlou Plumbers and specialist software providers. We will not share information with anyone without consent unless the law and our policies allow us to do so. We will ensure that only the data needed to carry out the service required is shared (data minimisation) and the data share will, if required, be subject to Data Protection Impact Assessments and Data Controller/Data Processor Agreements.
We will only retain the data we collect for as long as is necessary to satisfy the purpose for which it has been collected.
Paper based records, digital records and portable electronic devices, such as laptops and hard drives that contain Personal and/or Special Category Data, are compliant with GDPR and are regularly assessed. Unless otherwise requested, the data provided by our clients will be returned to our client compliantly, or destroyed compliantly, within 30 days of the end of the contract.
If you feel that we have mishandled your or your Personal Data at any time you can make a complaint to Stelios Pavlou by emailing firstname.lastname@example.org or by or phoning 01244 888801.
Alternatively, you can contact the Information Commissioners Office by visiting their website (https://ico.org.uk/make-a-complaint/) or by calling their helpline on 0303 123 1113.