Silver Saints Personal Data Policy
1.) Personal Data Statement
Silver Saints records and stores personal data given to it by customers in order to carry out its primary business only. The data is used to provide an efficient service, maintain statutory financial records and nurture an ongoing relationship with our customers and staff.
Silver Saints does not and will not use customer’s personal data for any commercial gain other to provide a service to its customers or maintain communication with its customers.
Silver Saints will take all the necessary steps to secure and protect its customer’s personal data.
1.1.) The Personal Data We Store:
- Customer’s Names
- Billing and Worksite addresses
- Contact names and telephone numbers relating to billing addresses and worksite addresses
- Email addresses
- Long payment card number and expire date. No payment card security details are ever recorded or stored.
1.2.) How we store & access our customer’s personal data
All customer detail is stored in a Secure Database on a Cloud Server and accessed through service management software and a technician smartphone App.
Customers are able to access their personal data through our website or customer booking App.
1.3.) Who has access to our customer’s personal data
Customer data is only available to existing customer service, management and technical staff members.
Access is restricted to listed fixed IP addresses and specific smartphone device IDs. Users also need to login using an administrator controlled password or pin.
1.4.) The use personal data for communication & marketing purposes
Silver Saints sends most of its communication regarding new bookings, work-orders, quotes and invoices via email and sms messages.
As part of its normal business Silver Saints conducts feedback surveys, special offers and credit control functions via email.
2.) Database Security, data transfer protection and data breach monitoring.
2.1.)How is your database secured from a data breach?
There are various layers of protection to the database in place including:
• Ensuring SQL server security and OS patches are kept up to date
• Complex and non-conventional Username/Password standards
• Disabling weak ciphers and protocols
• Restricting access to specific ports
• Restricting access to the database to whitelist IP addresses only
2.2.)How the transfer of data between the website and app to the database protected?
• Passwords between the website/app/database are hashed
• Traffic is forced over HTTPS to encrypt the transfer of data. Only TLS 1.2 is enabled and allowed.
• Disabling of weak and insecure ciphers.
• Protection against XSRF/CSRF (Cross-site request forgery)
• Protection against open redirect attacks and preventing Cross-site scripting
2.3.) How is monitoring for a data breach of the database or interception of data transfer carried out?
Frequent log file checking, carried out with regular maintenance for any suspicious activity on both firewall and hosting severs.
3.) Control of your personal data
3.1.) How do I request a copy of my personal data you hold?
For an electronic copy of your personal data please email us on firstname.lastname@example.org. We will then carry out an identity verification process before releasing a copy of your personal data.
3.2.) How can do I request my personal data is deleted?
If you want us to delete your personal data please email us on email@example.com. We will then carry out an identity verification process before deleting your personal data.
4.) Agreement and Consent
By you submitting your personal data via phone call or electronically to Silver Saints Ltd we accept the obligation to protect your data and be transparent about the safety and use of your personal data.
This means that Silver Saints commits to never passing on any personal data it controls to any 3rd party data controller or processor for financial or commercial gain that is not directly related to the provision of our primary service to you or maintaining our direct relationship with you.
You in turn consent to Silver Saints controlling and processing your personal data in line with our primary service relationship.
5.) Implied consent for customers entered before 25/05/2018
Agreement and consent for all customers who have used our service prior to 25/05/18 is assumed. Should any customer which to withdraw consent they should email a request for withdrawal of personal data consent to firstname.lastname@example.org