We have a moral and legal responsibility to look after the personal information we hold about our customers and suppliers. In this document we set out what information we hold, why we hold it, how we hold it and how we keep it safe. This is sent to anyone who requests it.
What we do
Gas and heating repairs and installation. Construction. We work for letting agents, private landlords and private customers.
Our data protection officer (DPO) is Joanne Willars. Our directors are Sham Singh and Louis White.
We store details of tenants, landlords and private customers on our online system – Commusoft. The information we hold is their names, addresses, phone numbers, and email addresses.
We are given tenants details by their landlord or letting agent. We use this information to contact them to gain access to carry out work, as well as to log jobs against the addresses. The work history (as well as appliance details) are associated with the address and not the tenant. This means that when tenants move, their details can be deleted and the new tenant’s details added.
Landlords and private customers give us their own details. This means we can contact them to approve any work needed to be carried out as well as sending them quotes and invoices. We have a form for landlords and private companies to complete to obtain consent for us to hold their information.
One of the features of Commusoft is that the data we put into it is ours and ours alone. This means that no one will sell the data of the tenants, landlords or private customers that we hold. It also means that if the business was ever to be sold we alone would be in control of the data.
The data we hold on Commusoft is checked and updated each time a job is given to us from an agent or landlord. This means that tenants who have moved will not have their data stored by us.
We use WhatsApp for communication between employees using our work phones. The information exchanged is usually only addresses and what parts or repairs they need. A tenant or landlord’s name and phone number may occasionally be exchanged to gain access to a property to carry out work, or for permission from a landlord to carry out work. All messages and calls using WhatsApp are secured with end-to-end encryption, which means WhatsApp and third parties can’t read or listen to them.
Emails are our main way of receiving tenant, landlord, or private customer’s information. This is for the purpose of carrying out repairs and installation of gas and heating, or construction. The email addresses we use are firstname.lastname@example.org, and staff email addresses (for example email@example.com). Each employees email address is accessible by the employee only. Info@crsgas.co.uk is accessible by Joanne and Sham only. Any email involving personal information of tenants or landlords must be and is only shared ‘in house’, within CRS.
We receive tenant’s details through work requests from letting agents. We have contacted the agents we work with and they have assured us that they gain each tenant’s permission to give out their details to relevant third parties (i.e. CRS).
Should a tenant feel unsure about what information we hold for them, our engineers will carry a printed document to give to them with an overview of the type of information we hold on tenants. If they want to know specifics we tell them either by letter, email or on the phone. Commusoft makes it quick and easy to delete anyone’s information if they want us to.
Sometimes we subcontract work. For example, when we take on a job for the construction side of CRS, such as a kitchen extension. To do this work, we need to call on the services of an electrician and a plasterer. We keep all communication with the client ‘in house’ and only give the subcontractors the necessary information, for example the address at which the work is being carried out. All the subcontractor’s invoices and quotes go through us.
If we need to hand over the contact details of a tenant or private customer, we ask them first, either by post, email or verbally.
All employees sign to say they understand that the tenant, landlord or private customer’s details they carry on their work phones via the Commusoft app, WhatsApp or emails, should be protected and not shared with anyone outside CRS. A person’s details are never saved on an employee’s personal phone, emailed to anyone outside of CRS, or written anywhere other than CRS official places (WhatsApp on their work phone, Commusoft, CRS email addresses or printed documents like invoices, etc., for accounting purposes). The work phone is the employee’s responsibility to keep safe. They must use a PIN to unlock the screen. If it’s lost or stolen they must report it to Sham or Joanne immediately. There is a copy of the employee form at the end of this document.
Any data breaches need to be reported to 03031231113.
An example of a breach is us sending someone’s details to the wrong person. Another example is someone from outside CRS getting hold of our data about the tenants and landlords, either by seeing it on our computers, finding a lost work phone and looking at the Commusoft app, emails or WhatsApp, or hacking us. They might use the personal information for unsolicited calls or attempt some sort of fraud, so it is important to rectify any breaches no matter how small they seem. As a small business, the risk of a breach is very low. However, if it did happen it could seriously damage the business, so it’s important that we take our responsibility seriously.
For accounting and record purposes, some information will need to be printed. Usually invoices. These are held at our office for the minimum time needed and then shredded and disposed of.
If, for any reason, anyone wishes to discuss anything involving our GDPR adherence, they should contact us using the details at the top of this document.