Our web site address is https://harlowonlineservices.co.uk
The Data Controller is Ian Bentall who can be contacted at Harlow Online Services Limited, 35 Latton Bush Centre, Southern Way Harlow CM18 7BL. Telephone 01279 260 600, email ian@harlowonlineservices.co.uk. We are a private limited company registered in England with registration number 10234322, VAT number GB348381576.
Employee data is maintained within our secure account area of 12Cloudpayroll.com which is an HMRC recognised Payroll service. All employee pay data is processed through this service.
Recruitment applications and CVs are stored for a maximum of 6 months from receipt should a suitable vacancy arise during this time. After this period they are deleted. Any postal applications are scanned and the paper copies shredded on receipt. This data is stored in a secure HR folder on the Server in folders for each month for ease of recovery and deletion when no longer required.
Newsletters – we will use Mailchimp to manage our newsletters / addresses / sign up. This information is used in house for marketing purposes only. No data is sold to outside bodies.
Client data is protected behind a firewall on a secure server. Contact name, address and business email / telephone numbers are stored on an internal server. Access to this is controlled by unique user name and password. All administrator access is controlled using 2 factor authentication. Credit card and banking details are not stored anywhere. This data is used internally to monitor current orders, review past orders and maintain purchase history for use with warranties and maintenance.
Client and Supplier data in the form of contact name, business address, telephone number and business email address is also stored in the form of PDF Invoices on an encrypted server folder for accounting purposes. This data is required to be stored for at least 7 years by government agencies.
Any credit card transactions are processed via PayPal. This will either be via the PayPal web site for online transactions or or via PayPal Here for telephone or face to face transactions. This data is only used as given and not stored.
Any supplier banking details are stored in our online bank account (currently Santander) for ease of payment. These are not stored anywhere on company servers.
Working files are stored on an encrypted solid state ‘data’ drive within the computer handling the data. This is backed up to local encrypted servers daily. The client will be given secure FTP access to their working files and their completed projects on the file server. This is via an AES-256 SSL encrypted login. Completed projects will be stored on our encrypted file servers for back up purposes.
The majority of client data is only used in PDF from so it can be viewed on screen only. This may be stored either on the encrypted ‘data’ drive locally or the encrypted file server. Where data is sent in physically this will, where possible, be scanned in and stored on the File Server and the original copy shredded. Where data can not be scanned and viewed on screen it is stored in a locked filing cabinet when not being used.
Business Accounts are maintained on Xero and MrPeasy. Google forms are used to gather feedback.
All client data will be deleted on request or within 12 months of end of the contract for design work and 36 months for assembly work. Where on going work is continuing with a client data will be retained until the appropriate time after this work is completed.
Off site back up of working files is maintained by Carbonite. This maintains a backup of working files using AES-256. Data is encrypted before transfer and encrypted on the data store. Personal client details including contact names, telephone numbers or business email addresses are not stored on the Carbonite backup servers.
