At Workflo Solutions (Scotland) Ltd, we are committed to protecting your privacy and ensuring the
security of your personal data. This privacy policy outlines how we collect, use, disclose, and protect
your personal information as a data controller. By engaging our services, you acknowledge and
consent to the practices described in this policy.
Information We Collect
We may collect and process the following types of personal data
- Contact information, including your name, address, phone number, and email address.
- Financial information, such as billing details and payment records.
- Information necessary to provide our services, including project details and relevant
documentation.
- Communication records and correspondence with you.
- Any other information you provide to us voluntarily.
- Purpose and Legal Basis for Processing
We process personal data for the following purposes:
- Your consent given at the time of engaging our services.
- The processing is necessary for the performance of our contract with you.
- Compliance with legal obligations.
Please note that providing us with certain personal data is a requirement of our contract with you. If
you fail to provide the requested information, we may be unable to provide our services effectively.
Disclosure of Personal Data
We may share your personal data with the following parties:
- HM Revenue and Customs (HMRC) for tax compliance purposes.
- Professional indemnity insurers for insurance coverage.
- Debt collection service providers for recovering outstanding payments.
- Product manufacturers, if necessary for warranty claims or technical support.
- Additionally, we may disclose personal data if required or permitted by law, including:
- Law enforcement agencies, upon their lawful request.
- Courts and tribunals in connection with legal proceedings.
- The Information Commissioner's Office (ICO) as required by data protection regulations
Should you request us not to share your personal data with the above parties, we may need to cease
our services.
Third-Party Service Providers
We may engage third-party service providers, including service agents, debt recovery agents, field
tracing agents, and subcontractors, to assist in delivering our services and fulfilling our legitimate
interests. These providers are bound by contractual obligations to handle your personal data securely
and only process it for the specified purposes.
Subject Access Requests (SARs)
You have the right to request access to the personal data we hold about you, subject to applicable
laws. To submit a subject access request, please send a written request to Kirsty Cole at the address
provided below. To expedite the process, include relevant details to verify your identity and locate the
requested information, such as your name, address, work address, date of work, and relevant invoice
numbers.
We are committed to responding to SARs promptly, within one month of receipt, as required by the
Data Protection Act 2018 (DPA 2018). However, there may be circumstances where we are permitted
to refuse access, such as when there has been little or no change to the data since a previous request.
You may authorise someone else, such as a friend, relative, or solicitor, to request information on your
behalf. To grant such authorisation, please sign a letter stating your consent and the authorised
person's details.
If we act as a data processor on behalf of your organisation, we will assist you with subject access
requests in line with the above guidelines.
Rectification of Personal Data
If you believe that any personal data we hold about you is inaccurate or incomplete, please notify us
promptly. We will take reasonable steps to rectify and update the information as necessary.
Withdrawal of Consent
If you have provided consent for the processing of your personal data, you have the right to withdraw
that consent at any time. To withdraw your consent, please inform us promptly. Please note that the
withdrawal of consent does not affect the lawfulness of processing prior to the withdrawal, and we
may still have a legal basis to process your data in certain circumstances
Marketing Activities and Data Usage
At Workflo Solutions (Scotland) Ltd, we may use your personal data for limited marketing activities,
subject to your consent where required by applicable laws. Our marketing activities aim to provide
you with relevant information about our services and promotions that may be of interest to you.
Please take note of the following:
- Consent: We will obtain your explicit consent before using your personal data for direct
marketing purposes, where required by applicable data protection laws.
- Marketing Communications: With your consent, we may send you marketing communications
via email, phone calls, or other means of communication. These communications may include
updates on our services, special offers, promotions, and industry-related information.
- Opt-out: You have the right to opt-out of receiving marketing communications from us at any
time. To opt-out, follow the instructions provided in our marketing emails or contact us using
the information provided in Section 9 (Contact Information). Even if you choose to opt-out of
marketing communications, we may still contact you for other purposes, such as providing
updates on our services or fulfilling our contractual obligations.
- Data Sharing: We will not share your personal data with third parties for their direct marketing
purposes without obtaining your consent.
- Profiling: We may use profiling techniques to tailor our marketing communications to your
preferences and interests. However, any automated decision-making that significantly
impacts you will not be based solely on automated processing.
- Data Accuracy: To ensure that our marketing communications are relevant and accurate,
please inform us promptly if there are any changes to your contact information.
- Data Retention: We will retain your personal data for marketing purposes only as long as your
consent is valid or as required by applicable laws.
Please note that your consent for marketing activities is entirely voluntary, and you have the right to
withdraw it at any time without affecting the lawfulness of our previous marketing activities.
Automated Decision-Making
We do not engage in automated decision-making processes that significantly impact you or involve
sensitive personal data.
Use of CCTV
In order to ensure the security and safety of our premises, we utilise Closed-Circuit Television (CCTV)
surveillance systems. The use of CCTV is subject to the following provisions:
-
Purpose: The primary purpose of our CCTV system is to prevent and detect unlawful activities,
protect the security of our premises, assets, and personnel, and enhance the safety of
individuals within the premises.
-
Scope: CCTV cameras are strategically placed in specific areas of our premises, including
entrances, common areas, and other relevant locations. These cameras may capture images,
videos, and audio recordings.
-
Data Collection: The CCTV system may collect personal data, such as visual images of
individuals, vehicle registration numbers, and other identifiable information. The data
collected is securely stored and accessed only by authorised personnel for legitimate
purposes.
-
Data Retention: Unless required for investigation purposes or as necessary to meet legal
obligations, CCTV data is generally retained for a limited period of time. Retention periods
may vary based on the nature and purpose of the recorded data.
-
Access and Disclosure: Access to CCTV data is restricted to authorised personnel who have a
legitimate need for such access. We may disclose CCTV data to law enforcement agencies,
regulatory authorities, or other parties as required or permitted by law.
-
Rights of Individuals: Individuals whose personal data is captured by our CCTV system have
the right to request access to their data, subject to applicable laws and regulations. Requests
should be made in writing to the contact provided in Section 5 (Subject Access Requests).
-
Security Measures: We maintain appropriate technical and organisational measures to
protect CCTV data against unauthorised access, accidental loss, destruction, or damage.
Please note that signage indicating the use of CCTV may be displayed in prominent locations within
our premises.
Employee Data
As part of our operations, Workflo Solutions (Scotland) Ltd collects and processes personal data
relating to our employees, contractors, and other staff members. We are committed to protecting the
privacy and confidentiality of this information. This section outlines how we handle employee data:
- Data Collection: We collect and process personal data necessary for employment purposes,
including but not limited to names, addresses, contact information, employment history,
qualifications, and other relevant details required for managing the employment relationship.
-
Purpose and Legal Basis: The processing of employee data is necessary for the performance
of the employment contract, compliance with legal obligations, and the legitimate interests
of the company in managing the employment relationship.
-
Data Use: Employee data is used for various employment-related purposes, including
recruitment, employment contract management, payroll and benefits administration,
training, performance management, and compliance with employment laws.
-
Data Sharing: Employee data may be shared with third parties when necessary to fulfil
employment-related obligations, such as payroll processors, benefits providers, and
government agencies for tax and reporting purposes. We ensure that any third parties with
access to employee data are compliant with data protection laws.
-
Data Retention: We will retain employee data for the duration of the employment relationship
and for a period required by law or to meet our legitimate business interests. After the
termination of employment, we will securely delete or anonymise personal data as per our
data retention policies.
-
Employee Rights: Employees have the right to access, rectify, and erase their personal data in
accordance with applicable data protection laws. To exercise these rights, employees should
contact the Human Resources department using the information provided in Section 9
(Contact Information).
-
Employee Consent: In certain circumstances, we may seek employee consent for specific data
processing activities, such as the use of employee photographs for promotional materials.
Employee consent is always obtained freely and can be withdrawn at any time.
-
Employee Training: We provide training and resources to our employees to ensure they
understand the importance of data privacy and security and their responsibilities concerning
data protection.
-
Employee Monitoring: We may implement limited monitoring of employee activities, such as
monitoring IT usage and access controls, to maintain the security of our systems and protect
sensitive data.
-
Employee Data Transfers: In case of data transfers to countries outside the European
Economic Area (EEA), we will ensure appropriate safeguards are in place to protect the data,
as required by applicable data protection laws.
Data Security
We take data security seriously and implement appropriate technical and organisational measures to
protect personal data from unauthorised access, loss, alteration, or disclosure. These measures
include encryption, access controls, regular security assessments, and employee training on data
protection.
Data Breach Notification
In the event of a data breach that poses a risk to the rights and freedoms of individuals, we will
promptly notify the relevant authorities and affected individuals, as required by applicable data
protection laws.
Cookies and Tracking Technologies
Our website may use cookies or other tracking technologies to enhance user experience. For more
information on our use of cookies, please review our Cookie Policy.
Third-Party Links/Websites
Our website may contain links to third-party websites or services. Please note that our privacy policy
does not apply to those external sites, and we encourage you to review the privacy policies of those
sites.
Children's Privacy
Our services are not intended for children under a certain age. We do not knowingly collect personal
data from children. If you are a parent or guardian and believe that your child has provided us with
personal data, please contact us using the information provided in Section 9 (Contact Information),
and we will take steps to delete such information.
Data Transfers
If we transfer your personal data to countries outside the European Economic Area (EEA), we will
ensure appropriate safeguards are in place to protect the data, as required by applicable data
Changes to the Privacy Policy
We may update this privacy policy from time to time to reflect changes to our data handling practices
or legal requirements. The most current version of the policy will be available on our website, and we
will notify you of any material changes.
Data Protection Officer (DPO)
For any questions or concerns related to data protection or this privacy policy, you may contact our
Data Protection Department at the following address:
Jonathan Weir
Privacy@workflo-solutions.co.uk
Workflo Solutions (Scotland) Ltd
Workflo House Unit 16 Shairp Business Park
Houston Ind Estate, Livingston
West Lothian EH54 5FD
Phone: 01506 441188
Complaints
If you are dissatisfied with our response to a subject access request or believe that we have not
complied with the General Data Protection Regulation (GDPR) or DPA 2018, you can submit a
complaint to Kirsty Cole at the address provided below. We take privacy concerns seriously and will
investigate and address any complaints promptly.
Contact Information:
Kirsty Cole
Privacy@workflo-solutions.co.uk
Workflo Solutions (Scotland) Ltd
Workflo House Unit 16 Shairp Business Park
Houston Ind Estate, Livingston
West Lothian EH54 5FD
Phone: 01506 441188