This privacy notice sets out how we will process personal data we collect from or about you, or which you provide to us. Please read this notice carefully to understand why data is being collected and what we do with that data.
For the purpose of the Data Protection Act 1998 and General Data Protection Regulation EU 2016/679, the data controller is Martin Ralph a company registered in England whose registered address is 11 Dragoon House, Hussar Court, Brambles Business Park, Portsmouth, Hampshire, PO7 7SF.
We are committed to protecting your personal information.
What type of information will we collect from you?
The personal information we collect from you will typically include the following;
- Full name and contact details (including your contact number, email and postal address)
- Your communications with us, including a record of emails or postal correspondence.
On what basis can we process your information?
The legal grounds under data protection legislation for processing your personal data are as follows:
- It is necessary for the performance of a contract to which you are a party, or to take steps prior to entering into a contract with you, for us to provide you with our Terms of Engagement.
What are we going to do with your information?
We will hold and use personal information about you in the following ways:
- To fulfil our obligations to you when providing you with our Surveying services
- To share your information with others where necessary to fulfil our Surveying services for you or where acting as a Surveyor for a third party on your behalf (estate agent)
- Communicate with you during the course of providing our services, for example with your enquiries and requests
- To provide you with information about goods or services we feel may interest you, where you have provided permission for us to do so or, if you are an existing customer only, where we choose to contact you by electronic means (including email) with information about our own goods and services similar to those which you have already obtained from us or negotiated to obtain from us. For those marketing messages you can unsubscribe at any time.
How long we keep your data for
- We will retain your personal data on our database if you have purchased from us in the last 7 years. This is for legitimate business reasons. You have the right to ask us to remove your data at any time.
Who your information may be shared with
We will pass your details onto;
- Estate Agents
We will not share your information with third parties for marketing purposes without first obtaining your prior consent.
Transfer of personal data
We do not transfer personal data outside of the UK.
In order for our website to function correctly it creates small text files called Cookies. Cookies do not carry any personally identifiable information and are only used to track, monitor and improve our services and enable us to measure web traffic and analytics.
You can find out more about Cookies and the EU Cookie Law at: http://www.allaboutcookies.org
If you choose not to receive our cookies, we cannot guarantee that your experience will be as fulfilling as it would otherwise be. For instance, the site won’t be able to recognise your commenter ID, meaning that you won’t be able to send a message to us.
Any paper documents containing information about an identifiable person and their personal data is shredded on site.
How you can access and update your information.
You have a right to;
- Request a copy of the personal information we hold about you, known as a data subject access request.
- Request that information we hold about you which may be incorrect is rectified.
- Ask us to restrict the processing of your personal data in certain circumstances.
- Object to us processing it. We will either agree to stop processing or explain why we are unable to.
- Ask us to delete your personal data from our records if it is no longer needed for the original purpose
- Ask us, at any time to stop processing your personal data, if the processing is based only on individual consent.
These requests are free of charge and can be sent to firstname.lastname@example.org
We promise to;
- Take your data privacy seriously
- Keep the data we process safe, secure and private.
- Not to use 3rd party in the processing of your data without your express permission.
We will advise you should there be a breach to our network which could compromise your data and information.
Further details can be found at www.ico.org.uk or 0303 123 1113. However, we encourage individuals to come to us in the first instance.
PHYSICAL STORAGE DEVICES
MARTIN RALPH’S data is backed-up daily on two physical devices, in two separate locations.
One location being on site at 11 Dragoon House, Hussar Court, Brambles Business Park.PO7 7SF
The other Location being offsite at a secure address, provided on request.
The Connection between the 2 locations is secured by a VPN. and access to these devices are protected by secured passwords. Please see Passwords Policy
Storing work data on physical devices, including but not limited to USB drives, memory cards, CD or external hard drives, must be pre-approved by IT.
- Employees of Martin Ralph must only use devices provided by the company unless otherwise given permission.
- NEVER use or even plug in a USB drive that you have found or been given as a promotional item as these devices may contain hidden malware or viruses.
- Lost or stolen devices must be reported to IT and a manager immediately to help ensure their safe return and prevent a data leak.
Employees at MARTIN RALPH may access a variety of IT resources, including computers and other hardware devices, data storage systems, and other accounts as part of their employment. Passwords are a key part of IT’s strategy to make sure only authorised people can access those resources and data.
All employees who have access to any of those resources are responsible for choosing strong passwords and protecting their log-in information from unauthorised people.
The purpose of this policy is to make sure all MARTIN RALPH’S resources and data receive adequate password protection. The policy covers all employees who are responsible for one or more account or have access to any resource that requires a password.
- All passwords should be reasonably complex and difficult for unauthorized people to guess. Employees should choose passwords that are at least eight characters long and contain a combination of upper- and lower-case letters, numbers, and punctuation marks and other special characters. These requirements will be enforced with software when possible.
- In addition to meeting those requirements, employees should also use common sense when choosing passwords. They must avoid basic combinations that are easy to crack. For instance, choices like password,password1 and Pa$$w0rd are equally bad from a security perspective.
- A password should be unique, with meaning only to the employee who chooses it. That means dictionary words, common phrases and even names should be avoided. One recommended method to choosing a strong password or pass phrase that is still easy to remember: Pick a phrase, take its initials and replace some of those letters with numbers and other characters and mix up the capitalization. For example, the phrase, ‘This may be one way to remember’ can become TmB0WTr!.
- Employees must choose unique passwords for all of their company accounts, and may not use a password that they are already using for a personal account.
- All passwords must be changed regularly, with the frequency varying based on the sensitivity of the account in question. This requirement will be enforced using software when possible.
- If the security of a password is in doubt, for example, if it appears that an unauthorized person has logged in to the account, the password must be changed immediately.
- Default passwords, such as those created for new employees when they start or those that protect new systems when they’re initially set up, must be changed as quickly as possible.
DO’S & DON’TS
- Don’t use any words from the dictionary. Also avoid proper nouns or foreign words.
- Don’t use anything remotely related to your name, nickname, family members or pets.
- Don’t use any numbers someone could guess by looking at your mail like phone numbers and street numbers, and
- Choose a phrase that means something to you, take the first letters of each word and convert some into characters.
- Employees may never share their passwords with anyone else in the company, including co-workers, managers, administrative assistants, IT staff members, etc. Everyone who needs access to a system will be given their own unique password.
- Employees may never share their passwords with any outside parties, including those claiming to be representatives of a business partner with a legitimate need to access a system.
- Employees should take steps to avoid phishing scams and other attempts by hackers to steal passwords and other sensitive information. All employees will receive training on how to recognize these attacks.
- Employees must refrain from writing passwords down and keeping them at their workstations. See above for advice on creating memorable but secure passwords.
- Employees may not use password managers or other tools to help store and remember passwords without the I.T department permission