We are committed to ensuring that all aspects of our IT system and data storage methods fully comply with all legislative requirements and GDPR. This includes the use of only authorised and licensed software.
It is the policy of Advance Auto Recovery not to release any customer or employee data to any third party without their prior written consent. The only exception to this would be in response to a formal request for information by a law enforcement or regulatory compliance body.
To ensure that all data held by Advance Auto Recovery is maintained in a secure manner at all times the company has adopted and implemented the principles set out in GDPR, the Computer misuse act and the Data protection act. Hard copy data records are locked away in a restricted access office and shredded after they are no longer required.
A robust daily data backup procedure has been implemented with Apex archive storage facilities. Customer details will only be stored and backed up on Apex.
It is company policy to retain all data and associated records indefinitely. Archived data, current working files and records shall only be destroyed following the approval of the company partners.
Access to all company IT systems is restricted to authorised personnel and this being controlled by user passwords and access permission levels. All offices where data is handled are locked and restricted to authorised personnel.
The IT system is protected with an internal firewall and proprietary anti-virus software. Software updates and associated security patches are uploaded promptly upon receipt to ensure optimised software operation and protection at all times.
All company phones are pin protected and have anti-virus / hacking software.
It is the company policy all completed jobs on company phones will be deleted at the end of each working shift and are automatically removed by Apex after four days.
Customer addresses will not be written on any job sheets & no customer financial details are held anywhere by the company.
Keeping data up-to-date
We request that suppliers, contractors and customers make best attempts to ensure data held by us is up to date and accurate. In the event of any changes to data or the discovery of any inaccuracies please email firstname.lastname@example.org.
Right to deletion
You have the right to request that all your personal data we hold is deleted. Such a request can be sent to the via post or email (details on Contact Us page), where we will confirm deletion or if not possible, explain the legitimate or lawful reasons why such a request cannot be actioned within 7 working days of receipt.
Right to access
You have the right to request at any time, confirmation of the actual personal data we hold for you, and how this has been processed. Such a request can be sent via post or email which will be actioned within 7 working days of receipt.
In the first instance, if you have any complaint about how we hold or process your personal data, then please contact us via post or email. If you are still dissatisfied with our response, then you have the right to contact the Information Commissioners Office (ICO) at the following website https://ico.org.uk/