Data Retention Policy

Data Retention Policy

1.    Introduction

  • 1.1.    RAM Tracking (“the Company”) is committed to protecting the privacy and security of our customers’ personal information.  
  • 1.2.    The Company has developed policies and practices which describe how we collect and use personal information about customers during and after their relationship with us, in accordance with the General Data Protection Regulation (GDPR).
  • 1.3.    The Company is a “data controller”.  This means that we are responsible for deciding how we hold and use personal information about customers.  We are required under data protection legislation to notify our customers of this information which is contained within a privacy notice sent out to them.
  • 1.4.    It is important that all company personnel read this policy, together with any other data protection policies in place or which are implemented in the future, so that they are aware of what personal data is collected, where it is retained and the period the Company will retain it for.

2.    Data Protection principals

  • 2.1.    The Company will comply with data protection law.  The law states that any personal information we hold on an individual must be:
  • 2.1.1.    Used lawfully, fairly and in a transparent way.
  • 2.1.2.    Collected only for valid purposes that we have clearly explained to the individual and not used in any way that is incompatible with those purposes.
  • 2.1.3.    Relevant to the purposes we have told the individual about and limited only to those purposes.
  • 2.1.4.    Accurate and kept up to date.
  • 2.1.5.    Kept only as long as necessary for the purposes we have told the individual about.
  • 2.1.6.    Kept securely.

3.    The type of information that we hold about customers

  • 3.1.    Personal data, or personal information, means any information about an individual from which that person can be identified.  It does not include data where the identity has been removed (anonymous data).
  • 3.2.    There are “special categories” of more sensitive personal data which require a higher level of protection.
  • 3.3.    The Company will collect, store, and use the following categories of personal information about individuals (not all will be applicable to each individual):
  • 3.3.1.    Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses.
  • 3.3.2.    Date of birth.
  • 3.3.3.    Company information.
  • 3.3.4.    Bank account details and VAT registration.
  • 3.3.5.    Location of employment or workplace.
  • 3.3.6.    Identification documents.
  • 3.3.7.    Public liability Insurance.
  • 3.3.8.    Recordings of telephone calls.
  • 3.3.9.    Credit scores.
  • 3.3.10.    Photographs.
  • 3.4.    The Company may also collect, store and use “special categories” of sensitive personal information obtained from tracking devices (this may not be applicable to each individual).
  • 3.5.    Such information, as set out in this clause 3, is collected either from online referrals, under a customer’s contract with the Company, through electronic, written or verbal communication.  
  • 3.6.    We only use an individual’s personal information when the law allows us to.  Most commonly, we will use personal information as per the privacy notice and in the following circumstances:
  • 3.6.1.    Where we need to perform the contract we have entered into with the customer.
  • 3.6.2.    Where it is necessary for our legitimate interests (or those of a third party) and an individual’s interests and fundamental rights do not override those interests.

4.    Where is customer information stored?

  • 4.1.    In line with the Company’s Information Security Policy, we undertake regular data mapping and risk assessments in line with the personal data that we hold to ensure we are compliant with our obligations under the GDPR.  
  • 4.2.    Personal data is stored both electronically and in paper format.  In particular, personal data is stored as follows:-
  • 4.2.1.    Electronically with Sales Force a CRM solution;
  • 4.2.2.    Electronically on the Company’s server;
  • 4.2.3.    Electronically on Outlook 365;
  • 4.2.4.    Paper format.

5.    How long will the Company use customer information for?

  • 5.1.    The Company will only retain customer personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
  • 5.2.    To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of an individual’s personal data, the purposes for which we process an individual’s personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
  •  
  • 5.3.    In some circumstances we may anonymise personal information so that it can no longer be associated with an individual, in which case we may use such information without further notice to that individual. Once the individual in question is no longer a customer of the company we will retain and securely destroy their personal information in accordance with applicable laws and regulations.
  • 5.4.    In particular, we will retain a customer’s personal information for the length of time needed to complete the initial request and for a maximum of three years should the individual terminate their request (subject to any legal requirement).

6.    Data sharing

  • 6.1.    The Company will share an individual’s personal information with third parties where required by law, where it is necessary to administer the working relationship with the customer or where we have another legitimate interest in doing so.
  • 6.2.    “Third parties” includes third-party service providers (including contractors and designated agents).  The following activities are carried out by third-party service providers:
  • 6.2.1.    IT services including web development and hosting companies, email and information technology platforms;
  • 6.2.2.    Secure servers;
  • 6.2.3.    Installation engineers;
  • 6.2.4.    Financial and leasing companies; and
  • 6.2.5.    Customer relationship management platforms.
  • 6.3.    All of our third party service providers are required to take appropriate security measures to protect personal information in line with our policies.  For further information please refer to our Information Security Policy.
  • 6.4.    The Company may share a customer’s personal information with other third parties, for example in the context of the possible sale or restructuring of the business.  The Company may also need to share personal information with a regulator or to otherwise comply with the law.  

7.    Data Security

  • 7.1.    The Company has put in place appropriate security measures to prevent customer personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to customer personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process an individual’s personal information on our instructions and they are subject to a duty of confidentiality. Details of these measures are contained within our Information Security Policy.
  • 7.2.    The Company has put in place procedures to deal with any suspected data security breach and will notify an individual and any applicable regulator of a suspected breach where we are legally required to do so.