GDPR Compliance Policy for Parkgate Mobility

1. Introduction

Parkgate Mobility (hereinafter referred to as “the Company”) is committed to complying with the General Data Protection Regulation (GDPR) and safeguarding the personal data of our customers, suppliers, and employees. This policy outlines our approach to data protection and explains how we collect, process, store, and protect personal data.

2. Purpose of Data Collection

The Company collects personal data for the following purposes:

  • To provide products and services to customers, including mobility aids and related services.
  • To handle customer service inquiries and requests.
  • To process orders, manage repairs, and provide warranty services.
  • To maintain legal compliance, including managing contracts and fulfilling obligations to customers and third parties (e.g., Motability).
  • To comply with VAT rules and ensure that VAT-free products are correctly provided to eligible customers.

3. Data Collection and Processing

We collect and process the following categories of personal data:

  • Customer Information: Name, address, contact details, date of birth, VAT status, medical or mobility information (if applicable), and service history.
  • Employee and Supplier Information: Name, contact details, tax and payment information.
  • Website Visitors: IP address, browser type, and usage data, collected through cookies.
  • Call Recordings: All incoming and outgoing calls are recorded for training, monitoring, and dispute resolution purposes.

4. Legal Basis for Processing

We process personal data based on the following legal grounds:

  • Consent: For marketing communications or when required by law.
  • Contractual Necessity: To fulfil contractual obligations related to sales, repairs, and warranty services.
  • Legal Obligation: For accounting, taxation, and legal record-keeping.
  • Legitimate Interests: To manage our business operations, improve our services, and protect our customers and employees.

5. Data Protection Principles

We are committed to upholding the following principles under the GDPR:

  • Lawfulness, fairness, and transparency: We will always inform individuals about how their data will be used.
  • Purpose limitation: We will only collect data for specified, legitimate purposes.
  • Data minimisation: We will only collect and retain data that is necessary for the purposes outlined.
  • Accuracy: We will take steps to ensure that the data we hold is accurate and up-to-date.
  • Storage limitation: We will only retain personal data for as long as necessary.
  • Integrity and confidentiality: We will implement appropriate technical and organisational measures to protect personal data from unauthorised access, loss, or destruction.

6. Data Subject Rights

Individuals have the following rights under the GDPR:

  • Right to Access: Individuals have the right to request access to their personal data held by the Company.
  • Right to Rectification: Individuals have the right to request that inaccurate or incomplete data be corrected.
  • Right to Erasure: Individuals can request the deletion of their personal data under certain conditions.
  • Right to Restrict Processing: Individuals can request a restriction on the processing of their data in certain circumstances.
  • Right to Data Portability: Individuals can request their data in a structured, commonly used, and machine-readable format.
  • Right to Object: Individuals can object to the processing of their data for marketing purposes or on legitimate interest grounds.
  • Right to Withdraw Consent: If processing is based on consent, individuals have the right to withdraw that consent at any time.

7. Data Security

We have implemented robust security measures to protect personal data from unauthorised access, disclosure, alteration, or destruction. These include:

  • Secure storage of personal data.
  • Regular training of staff on data protection.
  • Encryption of sensitive data when required.
  • Regular security audits and assessments.

8. Third-Party Data Sharing

We will not share personal data with third parties, except when required by law or as necessary to fulfil our contractual obligations. Third parties with whom we share data are required to comply with the GDPR and take appropriate measures to protect personal data.

9. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Personal data will be deleted or anonymised when no longer required, in accordance with applicable laws.

Call Recordings: These are retained for as long as necessary for training, monitoring, and dispute resolution purposes, after which they will be securely deleted.

10. Data Breach Notification

In the event of a data breach that poses a risk to individuals’ rights and freedoms, we will notify the Information Commissioner’s Office (ICO) within 72 hours. Affected individuals will be informed where the breach is likely to result in a high risk to their rights.

11. Staff and Employee Responsibilities

All employees of Parkgate Mobility are responsible for ensuring the protection of personal data within their roles. This includes:

  • Following this policy and any related procedures.
  • Reporting any data protection concerns or breaches promptly.
  • Receiving regular training on data protection best practices.
  • Awareness of Call Recordings: All employees are fully informed of the reasons for recording calls. These recordings are made for training, monitoring, and dispute resolution purposes, to protect staff and the Company from any false allegations, particularly from elderly or confused customers.

12. Vehicle Tracking

To ensure safety, security, and accountability, all Company vehicles are equipped with GPS tracking systems. The trackers are linked to the driver’s name, and all drivers are fully aware of the tracking system at the time of employment or assignment. This system is in place to monitor vehicle usage and ensure compliance with Company policies and safety protocols.

13. Acknowledgement and Employee Confirmation

All employees are required to acknowledge that they have read, understood, and agree to comply with this policy. This acknowledgement can be provided electronically via SharePoint or through a signed form. Regular training and reminders will be provided to ensure ongoing compliance.

14. Contact Information

If you have any questions or concerns about how we handle personal data or wish to exercise your rights, please get in touch with us at:

Parkgate Mobility

Email: tracy@parkgatemobility.co.uk

Phone: 07949 243095

Website: www.parkgatemobility.co.uk

15. Changes to this Policy

We reserve the right to update this policy periodically to reflect changes in our practices or legal obligations. The latest version will be available on our website.