2.1. Under the EU General Data Protection Regulations (GDPR) FGS Plant is obliged to provide individual customers and individuals identifiable from data that we hold relating to our corporate or local authority customers, with certain information relating to FGS Plant and how we collect and use their ‘Personal Data’.
2.2. Why do we process your Personal Data?
2.2.1. We need to hold basic Personal Data so that we can provide our services to you in accordance with our terms of business entered into with you.
2.2.2. Without this Personal Data FGS Plant would be unable to provide its contracted services to you or your business.
2.2.3. We only collect and process Personal Data that we need in order to provide you with, and to manage, FGS Plant’s contracted services.
2.3. What type of Personal Data do we process?
2.3.1. Account Data: this includes details such as your name and email address;
2.3.2. Profile Data: this would include, in addition to your name, your address, telephone number, gender, date of birth and possibly, employment details/job title;
2.3.3. Transaction Data: this covers Personal Data provided in the course of using FGS Plant’s services and may include details of the transaction you have entered into with us and the payment methodology you used (including payment card details); and
2.3.4. Notification Data: this information you provide to us for the purposes of subscribing to FGS Plant’s email or newsletter notifications.
2.4. Where is your personal data processed and by whom?
2.4.1. Your Personal Data is only processed by FGS Plant staff located in the United Kingdom.
2.4.2. No one else has access to your Personal Data unless FGS Plant has a legal obligation to provide that third party with your Personal Data (eg: it is reasonably necessary to do so to obtain or maintain insurance coverage) or your give us your consent to do so.
2.4.3. It is likely that we will need to share your Personal Data with FGS Plant’s suppliers or contractors in order, for example, to distribute our newsletter or to maintain our database software.
2.5. What is the legal basis for FGS Plant processing your Personal Data?
2.5.1. Legal Obligation: FGS Plant processes some Personal Data in order to comply with a legal obligation for example under the requirements of the Waste Duty of Care obligations imposed by Section 34 of the Environmental Protection Act 1990; and/or
2.5.2. Contractual Obligation: FGS Plant also processes Personal Data where it is necessary in order to perform a contract with you for the delivery of FGS Plant’s services or in order to enter into such a contract with you; and/or
2.5.3. Legitimate Interest: FGS Plant also processes Personal Data where it is necessary in order to pursue a legitimate interest such as for the proper administration of our business, for example, by updating you on our activities and other services we can offer you; and/or
2.5.4. Insurance Risk: FGS Plant may process Personal Data where necessary for obtaining or maintaining insurance coverage, managing risk or obtaining professional advice, the legal basis for doing so is the proper protection of our business against risk.
2.5.5. Your Consent: if your Personal Data is used for anything other than the above reasons, FGS Plant will always obtain your consent to such use first.
2.6. How secure is your Personal Data?
2.6.1. FGS Plant takes all reasonable steps to ensure that your Personal Data is processed securely.
2.6.2. FGS Plant has implemented technology and security policies, rules and measures designed to protect your Personal Data under our control.
2.6.3. Other than on-line data, all your Personal Data is restricted to our offices and only FGS Plant employees have access to this data. There are exceptions to this as outlined in paragraph 2.4.3 and in these cases the third party receiving your Personal Data for these limited circumstances is the subject of a non-disclosure agreement with FGS Plant.
2.7. How long do we keep your Personal Data?
2.7.1. Your Personal Data may be kept for 2 or 3 years to comply with Waste Duty of Care obligations (depending on whether the waste we manage for you is non-hazardous (2 years) or hazardous (3 years)).
2.7.2. If your Personal Data relates to the accounting or financial records of FGS Plant that may be available for inspection by HMRC, we are obliged to keep this data for a minimum of 6 years.
2.7.3. All Personal Data falling within the categories in paragraphs 2.7.1 and 2.7.2 above will be destroyed after these time periods if not longer required for any lawful purpose.
2.7.4. If you have provided your consent to the processing of your Personal Data for marketing purposes, this will be kept until such time as you notify us that you no longer wish to receive information from FGS Plant.