GDPR Policy

Mayne Gas Heating GDPR Policy

 

This document outlines how Mayne Gas Heating Ltd are currently abiding by the GDPR -General Data Protection Regulation 2016, the EU regulation on data protection and privacy for all individuals within the European Union. The document explains types of information held, why we hold it, how we hold it, how we obtain it, and our protective measures against leaks of data.

 

Types of information we keep

Customers’ information kept includes names, phones numbers, email addresses, home addresses, and any relevant special requirements a customer may have (e.g. disabilities that may limit an engineer’s access to a property or ability to carry out the necessary task). We don’t keep any customer bank, credit or debit card information, other than that displayed on receipts, and a log of card payments we have received. Job history information is also kept, detailing work we have carried out at a property.

 

How we obtain this information and who obtains it

When a customer books in with office staff, typically over the phone, we request the above information in order to send an engineer to their property. We also need to be able to contact customers with quotes for work, invoices, service reminders, review requests and statements. We ensure our customers are aware as to why we obtain the information and do not send them spam or unauthorised marketing material. We also obtain information through our website enquiry service and through email. Occasionally a customer may stop an engineer on the street and so we obtain their information first hand.

 

Both incoming and outgoing phone calls are recorded. The incoming caller is presented with 5 options followed by a warning that the call will be recorded once an option is selected. Outgoing call warnings are verbal. Call recordings are subsequently attached to the relevant customer profile on our customer management system Simpro. Amongst other precautions, the call recording is paused when necessary and resumed when appropriate. i.e. when taking credit or debit card details and the staff member taking the call will use the handset, not the speaker and will not repeat any personal or sensitive data out loud.  

 

Why do we collect and store this information?

We collect the customer information to be able to carry out our services for them. We collect emails to reduce our post outgoings when contacting customers, so we send invoices, statements, quotes, review requests, service reminders, and respond to customer queries, through this medium.

 

Where our information is stored/ how we protect it

We use external company programs for our CIS software; we have a library of customers stored in our Simpro and Xero databases. They are both internet-based programmes, password protected for each user on desktop, and on tablet devices. Access can be denied at any time by the administrator Darren Mayne.

 

The field staff use a hand-held device when out on jobs and each device is password protected itself, controlled by the Director, Darren Mayne. Should he decide to deny access to a user access to a tablet, this can also be done remotely. User passwords for Simpro can be changed by the office manager in order to deny access on there too, should an employee leave, for example. Information stored on our computers is stored remotely on our server, which is locked in a room in our office. This server information is backed up to a cloud server, by the IT company we use to set it up and maintain it.

 

How long we store information for

Due to the nature of our industry, we must keep information for as long as a customer returns to us. Boiler warranties can last up to a decade and so a customer may require our services throughout that whole time and audit trail is required. Should we come across a customer in our database who we have not worked for in over 7 years we may delete their information, as it is unlikely they will use us again and information can be re-obtained in the event that they do.

 

Who do we share our data with?

We only share customer information with relevant and necessary parties, such as Gas Safe Register or a product manufacturer for warranty registration purposes. We need to share customer’s details and details of appliances installed for them to abide by industry rules and regulations. We also share our data with the providers we use for storing it- these include

Xero (Accounting Database), and E-Tech (IT provider). These companies abide by the GDPR themselves, and we have copies stored of their privacy policies.

 

Keeping up to date

Our staff attend informative meetings on the GDPR guidelines, the most recent on 18/01/2024, attended by our office manager, manager and company director. The information is then shared between the employees in both formal and informal meetings, to ensure everyone is aware of changes and regulations by which to abide. All staff complete continuous online GDPR training through Citation with our commitment CPD.

 

In the event of a data breach

In the event of leaked data, the person in question would be questioned and, if necessary, dismissed immediately with their passwords and access to our servers blocked. We would assess the extent of the breach, in terms of how much information has been leaked and to where the information has been leaked. If necessary, any affected customers would be

contacted and the impact assessed then the Information Commissioner’s Office notified of the breach and our corrective action.