ANTHA PRIVACY AND DATA SECURITY POLICY
Antha provides liquid fuel and additional fuel related services to Domestic, Commercial and Public sector customers across the UK. As a responsible company it is our duty to ensure that all of the activities we conduct are in accordance with both British and European Law to protect our customers, our prospective customers, our staff members and our company as a whole.
The following Privacy and Data Security Policy has been written in accordance with The Privacy and Electronic Communications (EC Directive) Regulations 2003 and the new EU General Data Protection Regulations 2018.
Data Processing, Storage and Security
What data do we process?
In Antha we collect and process a wide range of data for the purpose of the sale and supply of liquid fuel products and associated equipment and services (including tanks, and boiler servicing), to comply with legal obligations and to improve our products and services.
Some of this data we process is classified as personal data as it is used to identify an individual.
The types of data we store include:
- Contact information (name, telephone, email etc)
- Address information
- Historical transactional information
- Financial information (e.g. Credit information and information required for direct debits)
During our marketing activities we regularly follow a process to remove “old” and “bad” data which either a) holds no purpose or b) is incorrect. This includes “bounced” email addresses.
At Antha we do not store what is commonly classed as “sensitive personal data” such as religious beliefs, trade union membership, political options, genetic data, biometric data or data relating to an individuals sexual orientation.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Why do we store this data?
We store enough data to be able to operate our business. We do not store needless data such as a customers birth date or detailed information on their type of residence etc as this is not necessary to carry out our activities. At a quarterly meeting we review the data that we store and decide if the stored/processed data is still necessary.
How long do we hold data?
We are bound by HMRC to store all historical sales data of liquid fuel for 7 years.
Prospective customer data is deactivated when the data processor identifies that there is not an opportunity for the sale of our goods
How do we keep this data secure?
Our systems are protected by a double firewall and our on premise server is kept in a locked environment, the only member of staff to have access to this environment is our Technical Manager and our Commercial Director.
Excluding company directors and managers, staff are unable to access our transactional systems both remotely and outside of set company hours.
All staff passwords are changed on a regular basis to keep an individuals system secure and staff members are instructed not to share their password with any other member of staff.
We have initiated a policy to ensure that all equipment that can be updated with the latest security protocols (provided by Microsoft and other vendors) are regularly kept updated.
A continuously updated log of all of our core ICT equipment which can access data is kept. This log includes the make, model and serial number of all of these devices and includes such things as laptops, servers, mobile phones etc.
To carry out our operations it is from time to time necessary to share our data with other suppliers who provide a service to our company. For example our delivery vehicles use an in-cab system to work out a schedule of deliveries. Data must be transferred from our core system to their system to be able to undertake this function. As part of preparation for GDPR all of our third party data processors have been contacted to confirm that they have their own GDPR policies in place, this has been documented.
In relation to the transfer of data, under no circumstances do share our database to any third party for third party sales and marketing purposes unless explicitly agreed by the data subject.
All of the our websites in Antha Ltd (and the wider group of companies) all have a Secure Sockets Layer (SSL) level of encryption.
We recognise that one of the easiest ways to fall fowl of proper data security is at a humans hand. With this in mind staff are trained to understand the importance of data security and how to perform their duties in a secure way.
This web site uses session cookies to allow you to carry information across pages of our site and avoid having to re-enter information. These cookies expire at the end of your visit to our web site. You have the ability to accept or decline cookies by modifying the settings in your browser. However, you may not be able to use all the interactive features of our site if cookies are disabled.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Google Chrome, Netscape Navigator, FireFox, Microsoft Edge or Internet Explorer) settings. Each browser is a little different, so look at your browser Help menu to learn the correct way to modify your cookies. If you turn cookies off, you may not have access to some features that make your experience on our website more efficient and some of our services may not function properly.
We may collect some information about you using web technology, so it may not be readily apparent to you that it is being collected. For instance, when you come to our site your IP address is collected so that we know where to send information you are requesting (web pages). An IP address is often associated with the place from which you enter the Internet like your ISP (Internet service provider), your company, or your school. This information is not personally identifiable.
What is our lawful basis to process this data?
The existing customer data that we process is done so under a combination of the “fulfilment of contract”, “consent of the individual” and “legitimate interest”.
Prospective customers’ data is processed by either “consent of the individual” or “legitimate interest”.
What happens in the event of a data breach?
Although all activities are to be taken to prevent a data breach in the first place, Antha acknowledges the requirement to report all data breaches within 72 hours to the Information Commissioners Office.
Data Processing Map
The core processing principles of the data processed within Antha are shown below.
Data Subjects Rights
How can your data be updated or amended?
At Antha we want to make sure that the information we process on a data subject is accurate. If a data subject wishes to update their data (for example, with a new contact number or a change of surname) this can be done with ease by contacting our Customer Experience team.
The right to be forgotten
A key part of the new General Data Protection Regulations is “the right to be forgotten”. Due to our HMRC obligations we have interpreted this part of the legislation as an in essence “full unsubscribe” for customers. This means the “closing of an account” and the cessation of all further sales and marketing activities.
Throughout all of our digital marketing activities we make the ability to unsubscribe from further communications readily available. It is not our companies desire to provide sales and marketing messaging to individuals who do not wish to receive it.
What is our policy on a data subjects request for information (subject access request)?
At Antha we acknowledge that if a subject access request is issued by the data owner we have up to one month to process this request and this cannot be chargeable.
The ability to extract a customer’s data for this very purpose has been incorporated into our core systems.
If you have a question about this privacy and data security policy you can contact our Information Officer by the following methods:
Telephone: 0800 038 4437
Mail: Information Officer
The Craggs Country Business Park