GDPR – Privacy Policy Statement
Vegetation Management Services Ltd is committed to ensuring the privacy and security of all personal data retained. The main board directors and senior managers are committed to the delivery of this policy statement and ensuring it is understood and followed throughout the business.
Vegetation Management Services Ltd company structure facilitates transparent and compliant administration of the General Data Protection Regulations (GDPR), this includes assigning responsibilities for Data Protection to a specific individual within the structure of the organisation.
Through the implementation of defined processes and with a strong focus on managing risk, Vegetation Management Services Ltd communicate openly with internal and external customers on how their personal data is collected and stored.
Vegetation Management Services Ltd only process personal data that is essential to business operations or our continued compliance with government and regulatory bodies where we are required us to achieve certain operational, vocational and administrative standards. This may include the need to verify certain competencies or qualifications held by an individual which may be essential for them to be considered by a client.
Personal data will be captured through completion of the Vegetation Management Services Ltd registration pack, via website enquires and bookings or verbally by a consultant. At this stage an explanation will be provided on what information will be required, the reason for obtaining this information and how it will be stored. Vegetation Management Services Ltd confirm that no personal data will be passed to a third party without the express permission of the individual.
All personal data is stored in a password-protected database located on an external server within a high-security data centre in the United Kingdom. This has tiered access dependant on role and responsibility which provides robust management controls on the retention and the updating/use of documentation and/or personal data. Hard copy documentation is archived off-site with an approved data archiving organisation.
Data captured and stored by the website is managed by Squaremedia Solutions; All payments are being processed via a third party, no payment data will be stored. Google Analytics, WordPress and Cookiebot protect website data.
Through the continual monitoring of compliance with this policy, Vegetation Management Services Ltd regularly review the accuracy of personal data held and offer routine opportunities for this to be updated. The quality and accuracy of all personal data is a primary concern and upon reasonable request, all personal data that is being held, where/how it was obtained and who it may be shared with will be made available.
Individuals are provided with every opportunity to reasonably exercise their right to access the personal data that Vegetation Management Services Ltd hold. Any and all requests for subject access will be answered within 28 days of the request being received. Additional or multiple requests over a consecutive 28 day period will receive a nominal administrative fee. The subject’s personal data will be provided in a clear, standardised format. Vegetation Management Services Ltd ensure that all relevant options are detailed within this format to assist the individual with their decision.
All individuals retain the right to complain to the Information Commissioners Office (ICO) should they feel there is a cause for concern regarding the manner in which their personal data is being managed or processed. In the first instance, all investigations will be carried out at a senior management level and escalated to the Managing Director in the event that an acceptable resolution cannot be achieved.
Vegetation Management Services Ltd ensure that all consent mechanisms used in the consent process are unambiguous. Every opportunity is provided for the individual to assert a positive indication of agreement and that they have been afforded the opportunity to make a decision, rather than proceed on an assumption of acceptance by default. In the event that it is necessary to hold personal data for children, the consent process will include the same positive consent mechanism to gain confirmation from a parent/carer for the personal data to be held.
Data security is of paramount importance to Vegetation Management Services Ltd as part of our protection from any data breaches. Systems are constantly monitored, audited and assessed to facilitate the detection of potential breaches. Any breaches deemed to be of a level that may involve suffering, financial loss or damage through identity theft or confidentiality breach will be notified to the ICO. To assist in the ongoing protection of personal data, Vegetation Management Services Ltd conduct Data Protection Impact Assessments (DPIA) at regular intervals and link them to existing risk assessments and company risk register.
Vegetation Management Services Ltd do not currently operate internationally. In the event that our business expands internationally this policy will be amended and distributed through the appropriate channels.