Who we are
BM Security Ltd is a provider of security systems and services based in Surrey
What data do we collect?
In order to deliver the services that we do, we need to collect personal data. Depending on which of our services you use, we may need to collect:
- Name, address and contact details such as telephone number and email address
- Bank details, only where required
- Any special access requests that could affect any site visits that are made
- Technical details about your security system
How we collect data
Your data will either be provided to us by:
- You, when initiating a contractual relationship with us
- Third parties that you have contracts with where we have been appointed with carrying out
- the work
- Collecting data while carrying out work as part of existing contracts (e.g. collecting contact details to arrange a site visit)
What data do we collect and how we use it?
We may use your information to:
- Carry out security, locks, debt, roll shutters and aerial fitting as part of our work
- Take payment for our work
- Make and receive contractual payments with our suppliers
- Register customer-supplied data for services that we provide
How we secure data
We implement a set of strict information security policies and procedures to protect your data both in transit and at rest. These include:
- All data communications are secured using industry standard cryptographic mechanisms ensuring that all the data we send or receive is protected.
- All data is stored in our highly secure databases within the UK.
- We implement strict security controls around accessing the data implementing the principle of least privilege.
As part of our day to day operations we may need to pass your personal data to our third-party suppliers. This is only done to support the contract that we have with you. Your data will not be used for any other purpose without your express consent. Your data will not be used by our third-party suppliers for marketing purposes.
Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA) you have a number of rights with regard to your personal data. You have the right to request from us access to and rectification or erasure of your personal data, the right to restrict processing, object to processing as well as in certain circumstances the right to data portability.
If you have provided consent for the processing of your data you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.
You have the right to lodge a complaint to the Information Commissioners’ Office if you believe that we have not complied with the requirements of the GDPR or DPA 18 with regard to your personal data.
Subject Access Request
If you do exercise your right to raise a subject access request we have put processes in place that will tell you:
- Whether or not your data is processed and if so why, the categories of personal data concerned and the source of the data if it is not collected directly from you
- To whom your data is or may be disclosed, including to recipients located outside the European Economic Area (EEA) and the safeguards that apply to such transfers
- For how long your personal data is stored (or how that period is decided)
- Your rights to rectification or erasure of data, or to restrict or object to processing
- Your right to complain to the Information Commissioner if you think BM Security Ltd has failed to comply with your data protection rights
- Whether or not BM Security Ltd carries out automated decision-making and if so, the logic involved in any such decision-making
If BM Security Ltd discovers that there has been a breach of personal data that poses a risk to an individual’s rights and freedoms, we will report it to the Information Commissioner within as soon as is possible. The organisation will record all data breaches regardless of their effect. If the breach is likely to result in a high risk to the rights and freedoms of individuals, it will tell affected individuals that there has been a breach and provide them with information about its likely consequences and the mitigation measures it has taken.
Some of the processing that the BM Security Ltd carries out may result in risks to privacy. Where processing would result in a high risk to an individual’s rights and freedoms, we will carry out a data protection impact assessment to determine the necessity and proportionality of processing. This will include considering the purposes for which the activity is carried out, the risks for individuals and the measures that can be put in place to mitigate those risks.