Call NOW: 0845 6262 777
Tech. Support Line: 0845 6262 777
Privacy and Cookie Policy
Fire Systems Consultancy Ltd Data Protection and Privacy Policy

Context and Overview

Key Details
• Policy prepared by: Charlotte Haynes
• Approved by Directors on: 30/04/18
• Policy became operational on: 01/05/18
• Next review date: 30/04/19

Fire Systems Consultancy Ltd (FSC) need to gather and use certain information about individuals.
These can include customers, suppliers, business contacts, employees and other people the organisation has a relationship with or may need to contact.
This policy describes how this personal data must be collected, handled and stored to meet the company’s data protection standards, and to comply with the law.

Why this policy exists
This data protection policy ensures that FSC:
• Complies with data protection law and follows good practice
• Protects the rights of staff, customers and partners
• Is open about how it stores and processes individuals’ data
• Protects itself from the risks of a data breach

Data Protection Law
The Data Protection Act 1998 describes how organisations must collect, handle and store personal information.
These rules apply regardless of whether data is stored electronically, on paper or on other materials.
The Data Protection Act is underpinned by eight important principles. These say that personal data must:
1. Be processed fairly and lawfully
2. Be obtained only for specific, lawful purposes
3. Be adequate, relevant and not excessive
4. Be accurate and kept up to date
5. Not be held for any longer than necessary
6. Processed in accordance with the rights of data subjects
7. Be protected in appropriate ways
8. Not be transferred outside the European Economic Area (EEA), unless that country or territory also ensures an adequate level of protection

People, Risks and Responsibilities
Policy Scope
This policy applies to:
• All customers of FSC
• All staff of FSC
• All contractors, suppliers and other people working on behalf of FSC
It applies to all data that the company holds relating to identifiable individuals, including:
• Names of individuals
• Postal addresses
• Email addresses
• Telephone numbers
• Any other information relating to individuals

Data protection risks
This policy helps to protect FSC from some very real data security risks, including:
• Breaches of confidentiality
• Failing to offer choice, for instance, individuals should be free to choose how the company uses data relating to them.
• Reputational damage

Everyone who works for or with FSC has some responsibility for ensuring data is collected, stored and handled appropriately.
However, these people have key areas of responsibility:
• The Directors of FSC are ultimately responsible for ensuring that the company meets its legal obligations.
• The Data Protection Officer is responsible for:
o Keeping the board updated about data protection responsibilities, risks and issues.
o Reviewing all data protection procedures and related policies.
o Arranging data protection training and advice.
o Handling data protection questions from staff and anyone else covered by this policy.
o Dealing with requests from individuals to see the data FSC holds about them.
• The IT Manager is responsible for:
o Ensuring all systems, services and equipment used for storing data meet acceptable security standards.
o Performing regular checks and scans to ensure security hardware and software is functioning properly.
o Evaluating any third-party services the company is considering using to store or process date.

General Staff Guidelines
• The only people able to access data covered by this policy should be those who need it for their work.
• Data should not be shared informally. When access to confidential information is required, employees can request it from their line managers.
• FSC Ltd will provide training to all employees to help them understand their responsibilities when handling data.
• Employees should keep all data secure by taking sensible precautions i.e. strong passwords should be used and never shared.
• Data should be regularly reviewed and updated if it is out of date.
• Employees should request help from their line manager or the data protection officer if they are unsure about any aspect of data protection.

Data Storage
These rules describe how and where data should be safely stored.
When data is stored on paper, it should be kept in a secure place where unauthorised people cannot see it.
• When not required, the paper or files should be kept in a locked drawer or filing cabinet.
• Employees should make sure paper and print outs are not left where unauthorised people could see them, like on a printer.
• Data print outs should be shredded and disposed of securely when no longer required.
When data is stored electronically, it must be protected from unauthorised access, accidental deletion and malicious hacking attempts.
• Data should be protected by strong passwords that are never shared between employees.
• Data should only be stored on designated drives and servers and should only be uploaded to an approved cloud computing service.
• Data should be backed up frequently.
• Data should never be saved directly on to laptops or other mobile devices.
• All servers and computers containing data should be protected by approved security software and a firewall.

Data Use
Personal data is of no value to FSC unless the business can make use of it. However, it is when personal data is accessed and used that it can be at the greatest risk of loss, corruption or theft:
• When working with personal data, employees should ensure the screens of their computers are always locked when left unattended.
• Personal data should not be shared informally.
• Personal data should never be transferred outside of the European Economic Area.
• Employees should not save copies of personal data to their own computers.

Data Accuracy
The law requires FSC to take responsible steps to ensure data is kept accurate and up to date.
It is the responsibility of all employees who work with data to take reasonable steps to ensure it is kept as accurate and up to date as possible.
• Data will be held in as few places as necessary.
• Staff should take every opportunity to ensure data is updated, for example, confirming a customer’s details when they call.
• FSC will make it easy for data subjects to update the information FSC holds about them. For instance, via the company website.
• Data should be updated as inaccuracies are discovered.

Subject Access Requests
All individuals who are subject of personal data help by FSC are entitled to:
• Ask what information the company holds about them and why.
• Ask how to gain access to it.
• Be informed how to keep it up to date.
• Be informed how the company is meeting its data protection obligations.
If an individual contacts the company requesting this information, this is called a subject access request.
Subject access requests from individuals should be made by email, addressed to the data controller.
The data controller will always verify the identity of anyone making a subject access request before handing over any information.

Cookie Policy

Cookies are small text files that are placed on your computer's hard drive by your web browser when you visit any website. They allow information gathered on one web page to be stored until it is needed for use on another, allowing a website to provide you with a personalised experience and the website owner with statistics about how you use the website so that it can be improved.

Some cookies may last for a defined period of time, such as one day or until you close your browser. Others last indefinitely.

Your web browser should allow you to delete any you choose. It also should allow you to prevent or limit their use.

Our website uses cookies. They are placed by software that operates on our servers, and by software operated by third parties whose services we use.

When you first visit our website, we ask you whether you wish us to use cookies. If you choose not to accept them, we shall not use them for your visit except to record that you have not consented to their use for any other purpose.

If you choose not to use cookies or you prevent their use through your browser settings, you will not be able to use all the functionality of our website.

We use cookies in the following ways:

  • to track how you use our website
  • to record whether you have seen specific messages we display on our website
Google Analytics        __ga
- Tracking user behaviour on site    Expiry: 24 months

Wistia Distillery           __distillery
- Tracking user behaviour in videos   Expiry: 12 months

Google DoubleClick for Publishers __gads
- This cookie is associated with the DoubleClick for Publishers service from Google. Its purpose is to do with the showing of adverts on the site, for which the owner may earn some revenue.           Expiry: 12 months

Wistia data collection muxData
- Tracking user behaviour in videos   Expiry: 240 months

WordPress test ookie wordpress_test_cookie
- Tests if cookies is enabled in the browser           Expiry: session

PHP session ID           PHPSESSID
- Preserves user state across page requests. Expiry: session

Google Analytics        __gat
- Tracking user behaviour                 Expiry: session

Cookie pop up notice pro_eucip_cookies_box_state
- Stores whether the user has accepted cookies or not  Expiry: 1 month

Google Analytics revisit cookie        __utma
- Collects data on the number of times a user has visited the website and the dates of first and last visits. Used by Google Analytics.         Expiry: 24 months

Google Analytics timestamp __utmc
- Registers a timestamp with the exact time when the user leaves the website. Used by Google Analytics to calculate how long a visit to the website items.     Expiry: session

Google Analytics referrer cookie     __utmz
- Collects data on where the user came from, what search engine was used, what link was clicked and what keywords that were used. Used by Google Analytics.          Expiry: 6 months

Google Analytics time cookie           __utmb
- Registers a timestamp with the exact time when the user enters the website. Used by Google Analytics to calculate how long a visit to the website items.     Expiry: session

Google Analytics queries cookie     __utmt
- Used to throttle the speed of the number of queries to the server.
Expiry: session
wordfence_verifiedHuman – Cookie set by the Wordfence Security WordPress plugin to protect the site against malicious attacks.

7.          Personal identifiers from your browsing activity

Requests by your web browser to our servers for web pages and other content on our website are recorded.

We record information such as your geographical location, your Internet service provider and your IP address. We also record information about the software you are using to browse our website, such as the type of computer or device and the screen resolution.

We use this information in aggregate to assess the popularity of the webpages on our website and how we perform in providing content to you.

If combined with other information we know about you from previous visits, the data possibly could be used to identify you personally, even if you are not signed in to our website.

Disclosure and sharing of your information

8.          Information we obtain from third parties

Although we do not disclose your personal information to any third party (except as set out in this notice), we sometimes receive data that is indirectly made up from your personal information from third parties whose services we use.

No such information is personally identifiable to you.

9.          Third party advertising on our website

Third parties may advertise on our website. In doing so, those parties, their agents or other companies working for them may use technology that automatically collects information about you when their advertisement is displayed on our website.

They may also use other technology such as cookies or JavaScript to personalise the content of, and to measure the performance of their adverts.

We do not have control over these technologies or the data that these parties obtain. Accordingly, this privacy notice does not cover the information practices of these third parties.