The protection of Personal and Non-Personal (Technical) data is recognised as being important and therefore will be managed protected and secured. All personal data will be treated confidentially in accordance with the EU General Data Protection Regulation (EU 2016/679) under the control of
1-2-C Master Chimney Sweep Ltd. t/a STOVA.
Hardcopy data will be secured within a locked environment at all times when in transit or storage and access will be granted to authorised persons only.
Electronic data will be stored on hard drives, protected by password protection, also secured within a locked environment when in transit (in vehicle) or use (office location). Only authorised personal will be granted access. Stova will ensure that it maintains appropriate and current software protection on all electronic devices that it utilises.
Authorised People and Data Sharing
Only people authorised by Sascha Meding, the proprietor of 1-2-C Master Chimney Sweep Ltd t/a Stova will be granted access to data. Claudia Meding will be the nominated individual responsible for data protection.
Personal Data may be shared with third party financial advisors and statutory bodies (HMRC) as part of the proof of invoicing and income required for accounts generation and tax audit purposes.
Personal and technical data regarding services provided or appliance status data may be shared with the individual commissioning a service (landlord or agent) in the event that the resident is not the recognised owner or their authorised agent. It may also be shared with the Guild of Master Chimney Sweeps as part of its professional monitoring activities.
Personal Data must be shared in the event of you placing an order with Stova, where third party suppliers are involved.
Data Retention and Deletion
Only the data necessary for the provision of the requested services and/or goods will be collected. It will be retained within the UK for the purposes of administering and managing customer and supplier accounts, and as required under statutory obligations.
The data retention period will be determined by applicable legislation, in particular the requirement to provide evidence for tax audits 7 years after the end of the financial year to which the information applies.
If not determined by legislation, hard copy data will be destroyed 2 years after the end of the enquiry or service/goods provision to which it applies.
Data will be securely destroyed and/or disposed of after the end of the defined retention period.
Electronic data will be kept indefinitely on a secure hard drive with access given to authorised personnel only. Please notify us at any time by e-mail to email@example.com or phone 020 8770 1630 if you wish your data to be deleted.
Data Breach Monitoring
Under the GDPR there are strict requirements for the notification in the event of a data breach. If there is reasonable grounds to believe that any personal data has been lost, the applicable GDPR notifications will be made as required to the ICO and/or the individual data subject.
Stova will act on any notification that personal data may have been breached, and separately will undertake periodic review to ensure all hardcopy data remains secured.
Transparency of Data Processing and Data Subjects Rights
Under the GDPR all personal data should be processed lawfully, transparently and fairly. To ensure that data subjects are aware of their rights, 1-2-C Master Chimney Sweep Ltd t/a Stova will provide individuals with Privacy Notices which set out what personal data is processed, for what purposes and why, and who it is shared with. In addition, they will be advised of their rights including their right to see, amend, and have erased their personal data.
In support of this, individuals have the right to make a personal data Subject Access Request that will be responded to with one month as per the GDPR requirements.
Where required, individual consent will be required for any activities that require consent, such as direct marketing for instance if undertaken.