This Privacy Notice explains the types of personal data that I may collect about you, how I’ll handle it, store it and keep it safe. Additionlly, this notice tells you about the rights that
you have in relation to your personal data. This notice also sets out my commitment to ensuring that any personal data processing that I carry out is in compliance with Data Protection Law.
“Data Protection Law” is defined as the Data Protection Act 2018, the General Data Protection Regulation (EU) 2016/679 and all other relevant European Union and UK data protection laws currently in force and as amended from time to time.
I hope the following sections will answer any questions you have but if not, please do get in touch with me.
It’s likely that I’ll need to update this Privacy Notice from time to time. Where appropriate, I’ll notify you of any significant changes, but you’re welcome to come back and check it whenever you wish.
2. Who am I?
The data controller in relation to your personal data is David Shannon, a sole trader trading as “Handy David” (hereinafter referred to as “I”). Based in Edinburgh, I provide handyman and property maintenance services to private individuals and businesses. I can be contacted in the following ways:
Phone: 07810 825089
3. What personal data do I process?
I will collect, store and use information about you if you are a:
• prospective client; or
• supplier (who is an individual person – excluding legal entities such as companies and partnerships).
This information may include your name, address, email address and telephone number.
4. Why do I process this personal data?
If you are a client, I will use your contact details to contact you about the work I am doing for you or to provide you with information (e.g. quotations or advice) in relation to services that you have enquired about. If you are a supplier, I will use your details to contact you in relation to the goods or services that you are supplying to me.
I have a legitimate interest to process this information in order to keep doing business. Where I am providing you with services, or receiving goods or services from you, I am entitled to process your personal data under the contract between us.
I may use these contact details to send information about other products and services to you from time to time, but you will always have the option of telling me not to contact you in this way. If you do not wish to receive this information please let me know using the contact details above.
5. Who I share your personal data with?
I will only share your personal data as is necessary to provide you with the services that you receive from me or where necessary from me to receive the goods and services that you provide to me. This will only be with third parties that are trusted and where appropriate arrangements have been put in place. This could include, for example, where I have to engage a specialist sub-contractor in order to carry out a particular piece of work you as part of the services I am providing to you.
6. Where and how is your personal data stored?
Your personal data is stored on my phone, email server and billing software. All personal data is stored digitally and is not printed or replicated. I am the only individual that has access to your personal data.
The personal data stored on my phone is secured by password and fingerprint ID. The personal data on my email server is secured by password and encryption. The personal data stored on the billing software used by me is secured by a double authentication system that requires both a password and an access code generated by a separate application.
7. Data retention
I will hold your contact details for as long as I am providing you with services or you are providing me with goods and services. If I no longer have this relationship with you I will delete your data after five years. I am required to retain your personal data for this length of time to comply with tax requirements. This is also the period of prescription (time bar) up till which a claim may be raised for services provided by me, or goods or services provided to me.
Following expiry of the five year retention period, your personal data will be securely deleted from all devices.
8. Your Rights
As a data subject, you have a number of rights in relation to your personal data. These are listed in brief below. You can find out more information on each of these rights on the website of the Information Commissioners’ Office (ICO) at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
You have the right to:
• access information about the personal data I am processing and to obtain a copy of it;
• require me to change incorrect or incomplete data;
• request that I erase or stop processing your data in certain circumstances;
• request that I restrict the processing of your data in certain circumstances;
• object to the processing of your data where I am relying on my legitimate interests as the legal ground for processing; and
• receive your personal data in a structured, common and machine readable form.
If you would like to exercise any of these rights, or if you have any concerns about how your personal data is being processed, please contact me on the contact details above.
If you still believe that I have not complied with your rights, you can complain to the Information Commissioner’s Office (ICO). Contact details are available at https://ico.org.uk/make-a-complaint/