top of page

Privacy & Data Security Policy

1. Policy Statement

Electrocall Ltd is committed to protecting the privacy, confidentiality, and security of all personal information that we process in the course of our business.
We comply fully with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, ensuring that all personal data is handled lawfully, fairly, and transparently.

This policy explains how we collect, use, store, share, and protect personal data relating to our employees, customers, suppliers, and other business contacts.

​

2. Scope

This policy applies to:

  • All Electrocall Ltd employees, contractors, agency workers, and anyone acting on behalf of the company.

  • All personal data processed by Electrocall Ltd, whether held electronically, on paper, or in any other format.

  • All business activities carried out in the United Kingdom and Wales.
     

3. Our Data Protection Principles

Electrocall Ltd adheres to the following principles as required by UK GDPR:

  1. Personal data shall be processed lawfully, fairly, and transparently.

  2. It shall be collected only for specified, explicit, and legitimate purposes.

  3. It shall be adequate, relevant, and limited to what is necessary.

  4. It shall be accurate and kept up to date.

  5. It shall not be kept longer than necessary.

  6. It shall be processed securely to prevent unauthorised or unlawful use, loss, or damage.
     

4. Types of Personal Data We Process

Depending on the relationship, Electrocall Ltd may process:

a) Employee data – names, addresses, contact details, payroll information, tax and NI details, right-to-work documentation, emergency contacts, and training or certification records.

b) Customer data – names, contact details, addresses, project and billing information, and communication records.

c) Supplier and contractor data – company names, contact persons, bank details for payment, and qualification or compliance documentation.

d) Website and system data – technical logs, IP addresses, and online form submissions (used for communication and system security).

​

5. Lawful Basis for Processing

We process personal data only when one of the following lawful bases applies:

  • Contract: to perform or enter into a contract with you (e.g. customer or employment contracts).

  • Legal obligation: to comply with UK law or regulatory requirements.

  • Legitimate interest: to operate our business effectively and safely, provided such interests are not overridden by individual rights.

  • Consent: where specific, informed, and unambiguous consent has been given (e.g. marketing communications).

  • Vital interests: to protect someone’s life or safety.
     

6. Data Security

We maintain strong physical, technical, and organisational measures to protect data, including:

  • Password-protected and encrypted IT systems.

  • Secure access controls – only authorised personnel can access sensitive information.

  • Regular backups and secure off-site storage.

  • Up-to-date antivirus, firewalls, and software patches.

  • Secure disposal or shredding of physical documents.

  • Mandatory employee training on cybersecurity and data protection awareness.

Any suspected or actual data breach must be immediately reported to the Data Protection Officer (DPO) or Managing Director.

​

7. Data Sharing and Third Parties

We will only share personal data when necessary and under strict conditions:

  • With service providers or contractors who process data on our behalf (e.g. payroll, IT support), subject to signed data protection agreements.

  • With regulatory authorities, law enforcement, or insurers when required by law.

  • With clients or business partners where necessary for legitimate operational purposes and only with consent when required.

We never sell or trade personal data to third parties for marketing or any other commercial purpose.

​

8. Data Retention

Data will be retained only for as long as necessary for business or legal reasons.
Retention periods are determined by:

  • Legal and regulatory requirements (e.g. HMRC tax records: 6 years).

  • Contractual obligations.

  • Legitimate business needs.

Once no longer needed, data is securely deleted or destroyed in accordance with company procedures.

​

9. Individual Rights

Under the UK GDPR, individuals have the following rights:

  • Right to access – request a copy of personal data held.

  • Right to rectification – correct inaccurate or incomplete information.

  • Right to erasure (“right to be forgotten”).

  • Right to restrict processing in certain circumstances.

  • Right to data portability – receive personal data in a structured format.

  • Right to object to certain processing (e.g. direct marketing).

  • Right not to be subject to automated decision-making without human oversight.

Requests can be made by emailing electrocalloffice@gmail.com or by writing to the Managing Director.
We aim to respond to all legitimate requests within one month, as required by UK law.

​

10. Data Breach Management

In the event of a personal data breach, Electrocall Ltd will:

  • Act promptly to contain and assess the breach.

  • Notify the Information Commissioner’s Office (ICO) within 72 hours if the breach poses a risk to individual rights.

  • Inform affected individuals when required.

  • Record all incidents and corrective actions taken.
     

11. Roles and Responsibilities

  • Managing Director / Data Protection Officer (DPO): Oversees compliance and ensures this policy is implemented and reviewed.

  • Managers and Supervisors: Ensure all staff follow this policy and receive necessary training.

  • All Employees and Contractors: Must protect personal data, follow company procedures, and report any concerns or incidents immediately.
     

12. Policy Review

This policy will be reviewed annually, or earlier if there are significant legal, organisational, or technological changes.
The latest version will be made available to all staff and clients upon request.

bottom of page