Privacy Policy

At Workflo Solutions (Scotland) Ltd, we are committed to protecting your privacy and ensuring the security of your personal data. This privacy policy outlines how we collect, use, disclose, and protect your personal information as a data controller. By engaging our services, you acknowledge and consent to the practices described in this policy.

Information We Collect

We may collect and process the following types of personal data

• Contact information, including your name, address, phone number, and email address.
• Financial information, such as billing details and payment records.
• Information necessary to provide our services, including project details and relevant documentation.
• Communication records and correspondence with you.
• Any other information you provide to us voluntarily.
• Purpose and Legal Basis for Processing

We process personal data for the following purposes:

• Your consent given at the time of engaging our services.
• The processing is necessary for the performance of our contract with you.
• Compliance with legal obligations.

Please note that providing us with certain personal data is a requirement of our contract with you. If you fail to provide the requested information, we may be unable to provide our services effectively.

Disclosure of Personal Data

We may share your personal data with the following parties:

• HM Revenue and Customs (HMRC) for tax compliance purposes.
• Professional indemnity insurers for insurance coverage.
• Debt collection service providers for recovering outstanding payments.
• Product manufacturers, if necessary for warranty claims or technical support.
• Additionally, we may disclose personal data if required or permitted by law, including:
• Law enforcement agencies, upon their lawful request.
• Courts and tribunals in connection with legal proceedings.
• The Information Commissioner's Office (ICO) as required by data protection regulations

Should you request us not to share your personal data with the above parties, we may need to cease our services.

Third-Party Service Providers

We may engage third-party service providers, including service agents, debt recovery agents, field tracing agents, and subcontractors, to assist in delivering our services and fulfilling our legitimate interests. These providers are bound by contractual obligations to handle your personal data securely and only process it for the specified purposes.

Subject Access Requests (SARs)

You have the right to request access to the personal data we hold about you, subject to applicable laws. To submit a subject access request, please send a written request to Kirsty Cole at the address provided below. To expedite the process, include relevant details to verify your identity and locate the requested information, such as your name, address, work address, date of work, and relevant invoice numbers.

We are committed to responding to SARs promptly, within one month of receipt, as required by the Data Protection Act 2018 (DPA 2018). However, there may be circumstances where we are permitted to refuse access, such as when there has been little or no change to the data since a previous request.

You may authorise someone else, such as a friend, relative, or solicitor, to request information on your behalf. To grant such authorisation, please sign a letter stating your consent and the authorised person's details.

If we act as a data processor on behalf of your organisation, we will assist you with subject access requests in line with the above guidelines.

Rectification of Personal Data

If you believe that any personal data we hold about you is inaccurate or incomplete, please notify us promptly. We will take reasonable steps to rectify and update the information as necessary.

Withdrawal of Consent

If you have provided consent for the processing of your personal data, you have the right to withdraw that consent at any time. To withdraw your consent, please inform us promptly. Please note that the withdrawal of consent does not affect the lawfulness of processing prior to the withdrawal, and we may still have a legal basis to process your data in certain circumstances

Marketing Activities and Data Usage

At Workflo Solutions (Scotland) Ltd, we may use your personal data for limited marketing activities, subject to your consent where required by applicable laws. Our marketing activities aim to provide you with relevant information about our services and promotions that may be of interest to you. Please take note of the following:

• Consent: We will obtain your explicit consent before using your personal data for direct marketing purposes, where required by applicable data protection laws.
• Marketing Communications: With your consent, we may send you marketing communications via email, phone calls, or other means of communication. These communications may include updates on our services, special offers, promotions, and industry-related information.
• Opt-out: You have the right to opt-out of receiving marketing communications from us at any time. To opt-out, follow the instructions provided in our marketing emails or contact us using the information provided in Section 9 (Contact Information). Even if you choose to opt-out of marketing communications, we may still contact you for other purposes, such as providing updates on our services or fulfilling our contractual obligations.
• Data Sharing: We will not share your personal data with third parties for their direct marketing purposes without obtaining your consent.
• Profiling: We may use profiling techniques to tailor our marketing communications to your preferences and interests. However, any automated decision-making that significantly impacts you will not be based solely on automated processing.
• Data Accuracy: To ensure that our marketing communications are relevant and accurate, please inform us promptly if there are any changes to your contact information.
• Data Retention: We will retain your personal data for marketing purposes only as long as your consent is valid or as required by applicable laws.

Please note that your consent for marketing activities is entirely voluntary, and you have the right to withdraw it at any time without affecting the lawfulness of our previous marketing activities.

Automated Decision-Making

We do not engage in automated decision-making processes that significantly impact you or involve sensitive personal data.

Use of CCTV

In order to ensure the security and safety of our premises, we utilise Closed-Circuit Television (CCTV) surveillance systems. The use of CCTV is subject to the following provisions:

• Purpose: The primary purpose of our CCTV system is to prevent and detect unlawful activities, protect the security of our premises, assets, and personnel, and enhance the safety of individuals within the premises.
• Scope: CCTV cameras are strategically placed in specific areas of our premises, including entrances, common areas, and other relevant locations. These cameras may capture images, videos, and audio recordings.
• Data Collection: The CCTV system may collect personal data, such as visual images of individuals, vehicle registration numbers, and other identifiable information. The data collected is securely stored and accessed only by authorised personnel for legitimate purposes.
• Data Retention: Unless required for investigation purposes or as necessary to meet legal obligations, CCTV data is generally retained for a limited period of time. Retention periods may vary based on the nature and purpose of the recorded data.
• Access and Disclosure: Access to CCTV data is restricted to authorised personnel who have a legitimate need for such access. We may disclose CCTV data to law enforcement agencies, regulatory authorities, or other parties as required or permitted by law.
• Rights of Individuals: Individuals whose personal data is captured by our CCTV system have the right to request access to their data, subject to applicable laws and regulations. Requests should be made in writing to the contact provided in Section 5 (Subject Access Requests).
• Security Measures: We maintain appropriate technical and organisational measures to protect CCTV data against unauthorised access, accidental loss, destruction, or damage.

Please note that signage indicating the use of CCTV may be displayed in prominent locations within our premises.

Employee Data

As part of our operations, Workflo Solutions (Scotland) Ltd collects and processes personal data relating to our employees, contractors, and other staff members. We are committed to protecting the privacy and confidentiality of this information. This section outlines how we handle employee data:

• Data Collection: We collect and process personal data necessary for employment purposes, including but not limited to names, addresses, contact information, employment history, qualifications, and other relevant details required for managing the employment relationship.
• Purpose and Legal Basis: The processing of employee data is necessary for the performance of the employment contract, compliance with legal obligations, and the legitimate interests of the company in managing the employment relationship.
• Data Use: Employee data is used for various employment-related purposes, including recruitment, employment contract management, payroll and benefits administration, training, performance management, and compliance with employment laws.
• Data Sharing: Employee data may be shared with third parties when necessary to fulfil employment-related obligations, such as payroll processors, benefits providers, and government agencies for tax and reporting purposes. We ensure that any third parties with access to employee data are compliant with data protection laws.
• Data Retention: We will retain employee data for the duration of the employment relationship and for a period required by law or to meet our legitimate business interests. After the termination of employment, we will securely delete or anonymise personal data as per our data retention policies.
• Employee Rights: Employees have the right to access, rectify, and erase their personal data in accordance with applicable data protection laws. To exercise these rights, employees should contact the Human Resources department using the information provided in Section 9 (Contact Information).
• Employee Consent: In certain circumstances, we may seek employee consent for specific data processing activities, such as the use of employee photographs for promotional materials. Employee consent is always obtained freely and can be withdrawn at any time.
• Employee Training: We provide training and resources to our employees to ensure they understand the importance of data privacy and security and their responsibilities concerning data protection.
• Employee Monitoring: We may implement limited monitoring of employee activities, such as monitoring IT usage and access controls, to maintain the security of our systems and protect sensitive data.
• Employee Data Transfers: In case of data transfers to countries outside the European Economic Area (EEA), we will ensure appropriate safeguards are in place to protect the data, as required by applicable data protection laws.

Data Security

We take data security seriously and implement appropriate technical and organisational measures to protect personal data from unauthorised access, loss, alteration, or disclosure. These measures include encryption, access controls, regular security assessments, and employee training on data protection.

Data Breach Notification

In the event of a data breach that poses a risk to the rights and freedoms of individuals, we will promptly notify the relevant authorities and affected individuals, as required by applicable data protection laws.

Cookies and Tracking Technologies

Our website may use cookies or other tracking technologies to enhance user experience. For more information on our use of cookies, please review our Cookie Policy.

Third-Party Links/Websites

Our website may contain links to third-party websites or services. Please note that our privacy policy does not apply to those external sites, and we encourage you to review the privacy policies of those sites.

Children's Privacy

Our services are not intended for children under a certain age. We do not knowingly collect personal data from children. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us using the information provided in Section 9 (Contact Information), and we will take steps to delete such information.

Data Transfers

If we transfer your personal data to countries outside the European Economic Area (EEA), we will ensure appropriate safeguards are in place to protect the data, as required by applicable data

Changes to the Privacy Policy

We may update this privacy policy from time to time to reflect changes to our data handling practices or legal requirements. The most current version of the policy will be available on our website, and we will notify you of any material changes.

Data Protection Officer (DPO)

For any questions or concerns related to data protection or this privacy policy, you may contact our Data Protection Department at the following address:

Complaints

If you are dissatisfied with our response to a subject access request or believe that we have not complied with the General Data Protection Regulation (GDPR) or DPA 2018, you can submit a complaint to Kirsty Cole at the address provided below. We take privacy concerns seriously and will investigate and address any complaints promptly.

Contact Information: