What is a privacy notice?
Vaultex UK Limited (“Vaultex” or “we”) wants to ensure that you understand what information we collect about you, how we will use it and for what purpose. We are also required by data protection legislation to explain certain matters to you. This notice sets this out [and overrides anything previously communicated to you which is different].
What we collect and use
Vaultex is both the ‘Controller’ and a ‘Processor’ of the personal data you provide to us. As a result of your interaction with Vaultex, we will inevitably hold certain personal data about you, including:
How and why we will use your personal data
We will process your data in line with Vaultex’s legitimate business interests, which include the following examples:
- To effectively manage suppliers
- Client Query Resolution
- To contact end clients to advise them of actual discrepancies and missing credits
- To allow Vaultex to undertake a Due Diligence check on 3rd party consultancy partners
- To verify inbound security vans.
- Marketing (with consent)
- To allow guests to log in the Vaultex WiFi network
If there are circumstances where we feel we need to process data and it is not in line with these reasons, we will provide you with updated notification (or seek your express consent if that is necessary). We are guided by the principle that you should not be surprised by any processing of your personal data that we undertake.
How and why we will use your particularly sensitive personal data
We may process “special categories” of particularly sensitive personal information in the following circumstances:
- To gain access to Vaultex site operations
- To record and monitor suspicious activity at a site
- In limited circumstances, with your explicit consent;
- Where we need to carry out our legal obligations and in line with our data policy;
- Where it is needed in the public interest, and in line with our data policy;
- In relation to legal claims;
What we do with it
All the personal data we process and/or control is processed both internally and in specific areas,
- Company Internal Servers and Systems
- Designated storage areas
- Witness Call Record Viewer system
We will need to share your personal data with others from time to time, including:
- Our professional advisers, such as our accounting and legal advisers where they require that information in order to provide advice to Vaultex;
- The Financial Conduct Authority, the Bank of England, HM Revenue & Customs and any other regulatory authority that we may be subject to for the purpose of demonstrating compliance with applicable law and regulations;
- Such third parties as we reasonably consider necessary in order to prevent crime, e.g. the police;
- Our service providers such as Thomson Reuters, Experian, Pinsent Masons
Your personal data may be stored and processed outside of the European Economic Area (EEA) in countries that may have different data protection rules to those in the UK. However, Vaultex will ensure that the transfer of your personal data outside of the EEA will only occur where the appropriate safeguards have been put in place, such as using corporate rules which are binding on the data processors and have been approved by the ICO. If you want to learn more about the details of these safeguards you should get in touch with us using the contact details at the bottom of this notice.
No 3rd parties have access to your personal data unless the law allows them to do so.
We have an internal Data policy in place to oversee the effective and secure processing of all personal data processed and stored at Vaultex.
How long we keep your personal data
Your personal data will only be retained as long as is reasonably necessary. What this means in practice will vary as between different types of data. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, any continued need to process the data and also our legal and regulatory obligations.
We are required under a variety of different legislation to retain data for specific periods, after which time it will be destroyed.
How will your personal information be kept safe?
We take the security of your personal information very seriously and we have put in place internal controls and security measures to protect it. Access to your personal information is restricted to those employees, workers and agents who are required to access it. We also have cyber security measures in place to keep your data secure. We also take steps to ensure that third parties who access personal data will only process your personal information on our instructions and they are subject to a duty of confidentiality. We have procedures in place to deal with any suspected data breach.
What are your rights?
You have certain rights in relation to your personal data to which we have made you aware within this Privacy Notice.
You also have the right to make a request to get a copy of the personal information that we hold about you. You can also ask us to correct your personal information if it is incorrect.
If you wish to raise a complaint on how we have handled your personal data, obtain more information on your rights under the data protection act or request a copy of the personal information we hold about you please email us at [email protected].
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law you can complain to the Information Commissioner’s Office (ICO).