Astra Security Ltd is committed to protecting the privacy and security of your personal information. Astra Security is committed to maintaining compliance with current data protection legislation, any future legislation that comes into force as and when required, and to maintain transparency about how it processes personal data. Astra Security processes the personal data of both its own employees and its business contacts and works to robust information security policies to ensure that this data is kept secure and the risk of a data breach is reduced to a minimum. Astra Security Ltd holds Cyber Essentials Plus certification and undergoes annual penetration testing by an external body to search and mitigate vulnerabilities if identified.
This privacy notice describes how we collect and use personal information, how Astra Security Ltd processes your personal information, who has access to your personal information and details your rights as an individual to control how your personal information is processed.
By continuing to use Astra Security Ltd.’s services, you give Astra Security Ltd permission to process your personal data for the purposes identified as set out in this privacy notice.
Lawful basis for processing your information
To comply with the data protection requirements of the General Data Protection Regulation (GDPR), there must be a lawful basis to collect, process and store personal data that you provide Astra Security Ltd with. For Astra Security Ltd as a data controller, the lawful bases under which the personal data is processed include the following:
- The contractual agreement with each customer for the provision of the design, installation and maintenance of CCTV and Access Control Security systems. Personal information if applicable, that is collected during this process will be limited to what is necessary and processed for the purposes of fulfilling the contractual obligations.
- Where the processing is necessary for the purposes of legitimate interests pursued by Astra Security Ltd or by yourselves as a third party.
- Any active consent you may have given Astra Security Ltd in respect of the downloading, storage and destruction of CCTV footage in line with our retentions policy.
- Any active consent you may have given Astra Security Ltd to receive communications on particular services where another lawful basis does not apply. You will be asked to demonstrate your consent with affirmative consensual action, such as filling in your contact details for further action.
Collection of personal Information
When you access and browse the Astra Security Ltd website and then correspond with us by phone, post or email, you may give us information about yourself. This information can include your name, postal address, email address, phone numbers, and information about your position and well as other personal information.
This privacy notice applies to, but is not limited to, personal information that Astra Security Ltd collects from:
- Website visitors
- Job applicants and current or former employees
- Visitors to our head office (including passers-by)
- Associated third party organisations, suppliers and sub-contractors
- Complainants and other individuals in relation to a complaint or enquiry
- Individuals and or businesses that use Astra Security Ltd.’s services
How Astra Security Ltd uses your personal information
Where Astra Security Ltd collects your personal data, this information is used exclusively by Astra Security Ltd for providing the services you have requested or which are detailed in your contract. Astra Security Ltd will only pass your personal data to relevant third-party organisations or individuals either as a contractual requirement, with your explicit consent, or if specifically compelled to do so by law or court order or other legitimate reason.
Unfortunately, the transmission of information via the internet is not completely secure. Although Astra Security Ltd does its best to protect your personal data, it cannot guarantee the security of your data transmitted to the Astra Security Ltd website, any transmission is at your own risk. Once Astra Security Ltd has received your information, robust information security measures in place protect it and minimise the risk of unauthorised access.
Visitors to the Astra Security Website
Public Website Areas
You can visit the Astra Security Ltd website without revealing who you are or giving any information about yourself, except where you voluntarily choose to give Astra Security your personal details via an e-mail or by enquiring about any of our services.
Secure Website Areas
If you register interest to use the password protected areas of the website, you will be asked to provide Astra Security with certain data about yourself, such as your email address. This data is used to help control access to these protected areas, which are securely managed by Astra Security Ltd.
Cookies are small pieces of information that are stored by your browser on your computer’s hard drive. Astra Security Ltd will occasionally place a cookie on the visitor’s hard drive in order to provide more user-friendly browsing or useful features to the website visitor. Most browsers are initially set to automatically accept cookies. If you prefer, you can reconfigure your browser to reject cookies, but you may not be able to take full advantage of our website if you do so.
Astra Security Ltd occasionally monitors the IP addresses of visitors to assess the usage of the site and for example, identify which pages are most popular. Astra Security does not link these IP addresses to personal data such as a visitor’s name and or email address etc. The data collected in this way is completely anonymised.
With regard to each of your visits to Astra Security’s website, Astra Security may also collect the following information:
- Technical information, including the internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating systems and platforms
- Information about your visit, including the full Uniform Resource Locators (URL) clickstreams to, through and from Astra Security’s website, information you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse overs), and methods used to browse away from that page.
People who email Astra Security Ltd
Astra Security Ltd may monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
People who contact Astra Security Ltd via social media
You can contact Astra Security Ltd via Linked In and Twitter by direct message if you wish to enquire about Astra Security services or wish to comment on Astra Security services. These communications are managed by Astra Security’s marketing department and are only ever shared internally at Astra, for providing you with the information you have requested. Should Astra Security wish to quote your name and company within NSI marketing literature or on the Astra website, you will be first contacted to ask for your explicit consent to do so.
Astra Security Ltd receives enquiries about services through the website, telephone and email. For general enquiries, a record is retained by Astra Security Ltd until the enquiry has been dealt with and no further follow up is needed or a contract is entered.
Recruitment, staff details and security screening
Applicants for roles at Astra Security Ltd are asked to provide their personal information for the application process, including their CV and covering letter, either directly or through a recruitment agency. This is used solely by management for the purpose of assessing the applicant’s suitability for the role, leading to possible invitation to interview.
Personal details of unsuccessful applicants are held by the HR manager for a period of six months. Applicants do have the right at any time to withdraw their details during the recruitment process, and HR will update the records accordingly.
Astra Security Ltd requires successful applicants to provide proof of identity, such as a passport or a birth certificate, to ensure the applicant is eligible to work in the UK, which is a legal requirement. Astra Security Ltd also requires the applicant’s full name, contact details, home address, bank details and name and contact details of their next of kin. Astra Security Ltd may also ask about any medical conditions, details of which remain strictly private and confidential for the attention of the Astra Security Ltd HR Manager only. A Staff Details form is given in the new starter pack along with the contract of employment. Astra Security Ltd collects personal data using this form for the purpose of setting up the employee on the payroll system, the pension scheme and to facilitate the security screening background checks. Astra Security Ltd will only share the employee’s details with the third parties providing these services to allow the service provision.
The contract of employment forms Astra Security Ltd.’s lawful basis to process employees’ personal data in order to fulfil its contractual obligations, plus any specific consent given by the employee for additional services or benefits. Information disclosed remains strictly private and confidential and under the control of the Astra Security Ltd.’s HR Manager, and only accessible by the Screening administrator and HR Manager. Should an employee wish to enquire about the personal information Astra Security Ltd holds about them, they can make a ‘subject access request’ to the HR Manager.
Successful applicants to Astra Security Ltd are required to complete a security screening check before commencing employment with Astra Security Ltd. This process is outsourced to the National Security Screening Agency Ltd (NSSA). The NSSA collect personal data for the purpose of carrying out background screening on behalf of Astra Security Ltd.’s employees. Successful applicants are asked to complete an NSSA security screening application form provided by the Astra Security Ltd HR Manager/screening administrator. Applicants are asked to provide their current passport or a birth certificate, a driving license and a utility bill or bank statement with their current home address stated. These forms are checked and counter signed by the Astra Security ltd.’s HR Manager/screening administrator and then forwarded to the NSSA. The NSSA will ask the applicant about their previous work experience, education, referee details, and for answers to the questions relevant to the role they have applied for. The NSSA will share the applicant’s name, date of birth and address history with third parties (the Criminal Disclosure and Barring Service and Equifax) where it is necessary to fulfil their contractual obligations to the applicant and to Astra Security Ltd, and where obliged to do so by law.
Once the preliminary screening is successful, the applicant can then commence their employment with Astra Security Ltd. Astra Security Ltd.’s HR Manager compiles a separate file relating to their employment containing the documentation listed above. Please note this file is kept separately to the employee’s HR file. The information contained in this is kept in a secure location by the Astra Security Ltd.’s HR Manager and only used for purposes directly relevant to that person’s employment.
If the employment is terminated or an employee resigns, Astra Security Ltd.’s retains both the security screening and HR file for each individual file for 7 years before destruction. Astra Security Ltd will inform any third parties processing the data to remove it subject to data protection requirements.
Subcontractors are subject to the same screening process as Astra Security Ltd.’s employees. Each individual is asked to sign a contractual agreement and complete the relevant documentation before they commence their relationship with Astra Security Ltd. Personal data requested will be limited to what is appropriate for the role and kept confidential at all times. Records are kept by Astra Security Ltd for 7 years after cessation of the contract.
CCTV and visitors
Astra Security Ltd has detector-activated CCTV cameras installed around the Head Office in Bristol for the purposes of crime prevention and public safety. Astra staff, visitors to Astra or passers-by may be recorded on these cameras. The footage is stored by Astra Security Ltd for a limited time before it is overwritten. Astra Security may monitor the footage in the event of a security breach. Astra Security will only ever share the footage with the local Police force in the event of a criminal investigation. The contact number for CCTV enquiries is stated on signage around the building.
Visitors to Astra Security are asked to sign in using the Visitors Book in the Reception area. Information requested includes name, company and vehicle registration. In the unlikely event of a fire, this information is used to perform a roll call and ensure all visitors have evacuated the building. The Astra Security car park is private property and is available for use by Astra Security staff and visitors only, and by providing your registration number Astra Security is able to identify your vehicle. This information remains at Astra Security Head Office and is not shared with any other party.
Under the General Data Protection Regulation (GDPR) and the Data Protection Act 1998 (DPA), Astra Security recognises and respects that you have rights as an individual providing personal data:
You have the right to know exactly how your personal data will be processed by Astra Security. Astra Security commits to processing your data fairly, lawfully and transparently, details of which are set out in this Privacy Notice.
You have the right to request access to the personal data that Astra Security holds about you.
You have the right to request changes to the data held about you if the data is incorrect or requires additional information.
You have the right to request erasure of your data or the right to be forgotten completely, where there is no legitimate reason for your data to continue to be processed.
You have the right to request that processing of your data is restricted so that the data remains stored but is not further processed by Astra Security Ltd.
You have the right to request a copy of your data in a portable format.
You have the right to object to your data being processed, if the processing is for a legitimate interest without compelling grounds, or for direct marketing.
You may notify Astra Security of any request to change how your personal data is processed or to update your records by telephone, email or post ( see ‘How to Contact Us’).
Astra Security retains the right to continue processing personal data if there are compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the individual, or the processing is for the establishment, exercise or defence of legal claims.
Subject Access Requests
If you wish to make a free Subject Access Request to access a copy of the personal data Astra Security stores about you, or understand how it is processed and why, please follow the instructions below:
Contact your Astra Security Head Office contact (email preferred).
Include details of your request – which information about you do you wish to have access to?
Provide sufficient evidence about yourself for Astra Security to verify your identity. (Astra Security may have to contact you otherwise.)
Astra Security Ltd will deal with your request without undue delay, within 1 month of the receipt of your request. Astra Security will notify you if it is unable to provide the information within 1 month, detailing the likely timescale. If Astra Security is unable to grant you access to your data for a specific reason you will be notified immediately. In certain circumstances, such as where a large amount of data is requested which may require extensive time or resource to gather and collate the data, Astra Security reserves the right to charge a fee to account for this activity.
Changes to this privacy notice
This Privacy Notice is regularly reviewed and may change from time to time. This Privacy Notice was last updated on the 10th May 2018.
How to contact us.
If you wish to contact Astra Security Ltd for further information about this Privacy Notice, you can call, email us or write to us at:
Astra Security Ltd, Units 7 & 8 Northavon Business Centre, Dean Road, Yate, Bristol, BS37 5NH
Telephone 0345 521 0580 Email email@example.com