OUR CONTACT DETAILS
Our head office address is:
Unit 3, Ulysses House, Ulysses Park
Heron Road, Exeter
EX2 7PH
Our Data Protection Officer is Jody Kennard and she can be contacted at jody.kennard@situ.co.uk.
WHAT PERSONAL DATA DO WE COLLECT ABOUT YOU? HOW WILL WE USE THAT PERSONAL DATA?
When you visit our premises, we require you to sign in using a SwipedOn visitor management system. We ask for your full name, vehicle registration number, photo and who you are visiting. This data is recorded in our own SwipedOn account.
We will pass this data to a public authority representative if required, such as the fire service in the event of a fire, or police in the event of a security incident.
Whilst you are on our premises, you may be asked or may want to give a member of our team further personal data, such as your email address or phone number. For example, you may be a prospective client and want to follow up on the meeting. At this point, we would cease to treat you as a visitor for the purposes of data privacy. We treat different people’s data differently, depending on who they are. Each group has a different Fair Processing Notices so if you would like information on how we classify different people please contact dataenquiries@situ.co.uk. We will also be able to provide you with a copy of the relevant FPN.
It may be necessary for us to collect medical data from you, which is classified under GDPR as “Special Category”. For example, if you may be pregnant or are a wheelchair user requiring a ground floor meeting room. If this is the case, then we will take the information from you verbally and will not record it without your explicit consent. For further information please email our secure email address: dataenquiries@situ.co.uk.
SITU does not operate or control CCTV in any of our premises.
WHAT IS OUR LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA?
We need a legal basis in order to process your personal data. Most of our processing is done because we have a legitimate interest in doing so.
We will process the following personal data because you have consented for us to do so:
- we process your health data with your consent if you make us aware of something when discussing special requirements
We will process the following personal data because we believe that we have a legitimate interest in doing so:
- your personal data provided when you sign in to one of our buildings. Our legitimate interest is regarding the security of our staff, our premises and our visitors.
You have the right to object to our processing your data using legitimate interest. Please speak to us if you have any concerns.
DO WE USE ANY AUTOMATED DECISION MAKING?
We do not use any automated decision making.
WHO DO WE SHARE YOUR PERSONAL DATA WITH?
We share your personal data with:
- our visitor management app provider (SwipedOn).
DO WE TRANSFER YOUR PERSONAL DATA OUTSIDE OF THE EU OR EEA?
SwipedOn is our chosen visitor management supplier. They are based in New Zealand and use servers in the USA.
HOW LONG DO WE KEEP YOUR PERSONAL DATA FOR?
We will hold your data for as long as the visitor management app is being used, but not longer that two years.
YOUR RIGHTS AS A DATA SUBJECT
The GDPR gives you rights as a data subject. You have:
1. The right to request from us access to your personal data;
2. The right to request from us the rectification of your personal data;
3. The right to request from us the erasure of your personal data;
4. The right to request from us restriction of processing your personal data;
5. The right to object to our processing of your personal data;
6. The right of data portability;
7. If we are processing your personal data based on your consent, you have the right to withdraw your consent at any time. This does not affect the lawfulness of processing based on your consent before you withdrew it; and
8. You have the right to complain to the ICO.
