GDPR General Data Protection Regulation Action Plan.
GDPR Action Plan (General Data Protection Regulation)
Auto Time Systems has been working on an action plan since the end of 2017 in order to be compliant with the GDPR which is due to come into force on May 25th 2018.
The GDPR is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).
Our goal is to provide our customers with an effective and compliant approach for protecting personal data when the regulations come into force. We are undergoing extensive re-evaluation of our processes and procedures and have been working with our suppliers i.e. Bodet – to ensure we are fully compliant to GDPR.
- Ensure that decision makers and key employees are aware that the law is changing on 25th May 2018 and the impact it has on the business and our customers.
- Analysis information flowchart – documenting where personal data comes from and who we share it with.
- Implement the use of a Record Log. This is to be used by our In house Technicians and Engineers to record all working activities to customer database’s/files.
- Through courtesy calls, maintain company records ensuring that the customer data is up to date and accurate. Should any information be out of date or inaccurate this will be deleted and cleansed from the database.
- Review current privacy notices
- Ensure compliance through ICO (information Commission’s Office) guidelines.
- Review GDPR actions plans of our software providers (ie. Bodet)
Auto Time Systems Ltd is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified, then you can be assured that it will only be used in accordance with this privacy statement.
Auto Time Systems Ltd may change this policy from time to time by updating this document. You should check this document to ensure that you are happy with any changes. This policy is effective from 25/05/2018.
What we collect
We may collect and store the following information:
- Name and Job Title
- Contact information including email address
- Company address details
- Company Bank details for business transactions
- Number of employees onsite and number of sites
- Other information relevant to customer surveys
Where we collect the information
We collect the information from the following sources:
- Email and Telephone Enquiries
- Bodet Partner Network Distributor
What we do with the information we gather
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
- Internal record keeping.
- We may use the information to carry out business activities such as quotations, orders, invoicing and remittance.
- We may use the information to improve our products and services.
- We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
- We may use the information to contact you to make courtesy calls to ensure you are happy with the service you receive.
- We may email you with updates and changes to the services we provide.
- We may use your information to log tickets with our technical team when you encounter technical difficulties.
Who the information will be shared with
We may share the information with the following third parties to provide you with further assistance in your enquiry:
- Bodet Partner Distributor Network – this information may be shared with the company whom deals with your area – they will then take over the enquiry.
- Software developers – Customers who experience technical issues which are unresolvable onsite may be referred to the software developers.
- We may share the information with leasing companies – Customers who have been supplied with a quotation and wish to proceed with a lease agreement will be vetted by our designated leasing company.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.
If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible at the below address. We will promptly correct any information found to be incorrect.
Alternatively our customer care department will also be carrying out bio-annual courtesy calls to ensure you are happy with the service we provide. During these calls our assistant will check the account information we have stored on our database. If during the calls it is identified that the information we hold is incorrect this will be modified or deleted to reflect the correct accurate information.
We aim to ensure that all our websites are https certified by 01/07/2018.
All data will be treated as strictly confidential information and we shall ensure that access to the personal data is restricted to only employee to whom it is necessary.
Should a breach occur, ATS will give immediate notice after becoming aware of the breach. ATS will also maintain a register of all personal data breaches. This register shall have the following information:
- A description of the nature of the personal data breach.
- A description of the likely occurred consequences.
- A description of the measure taken or propose to take to address the breach.
We are committed to ensure that your information is secure; it is now standard policy that all customers undertake a database check prior to receiving technical support.
Once the database check has been passed, this query/issue will be logged on our support portal and the administrator will receive a confirmation email and an incident number. If the administrator contacts us again, they must reference the incident number.
If during the resolution process it is deemed that a copy, backup or screenshot of the database is required then written consent will be obtained from the relevant point of contact within your company before proceeding. On receipt of written consent our technical team will then continue, recording all activities on a technical log, starting from the date the database is received right through to deletion.
On resolution this ticket will be closed and stored securely on our database for future reference.
Software Privacy policies
As Time and Attendance, Door Access Control and Masterclock System software is stored on your server, Auto Time Systems Ltd does not have access to your personal data. For more information regarding the privacy policies for Kelio software please contact us by emailing email@example.com or by telephone on 01257 252002. Head Office or 01506 896 806 Scotland Office.
For more information on our solutions or to arrange an on-site with one of our consultants to discuss your access control requirements in more detail, please don’t hesitate to call us on 01257 252002 England / 01506 896 806 Scotland or use the contact form below.