tel - 0844 848 1440 | info@trafalgarfire.co.uk 
 
Fire Detection & Alarm Systems Fire Suppression Systems 
Emergency Lighting Fire Extinguishers • Fire Sprinklers  
• Dry Risers Systems Installation & Maintenance 
24/7 Emergency Call Out Cover 
 
Part of the Safesmart Group of Companies 
 
 
 
 
Trafalgar Compliance Services Limited 
Data Protection (GDPR) Company Policy 
 
 
Policy brief & purpose 
Our Data Protection company policy refers to Trafalgar's commitment to treat information of employees, customers, stakeholders or other interested parties with the utmost care and confidentiality. 
With this policy, we ensure that the company behaves in a fair and moral manner concerning the gathering, storing and handling of data. This process will be carried out with transparency and respect towards the rights of individuals who entrust it with their information. 
 
Scope 
This policy applies to all parties (employees, job candidates, customers, suppliers etc.) who provide any amount of information to the company. The policy will be followed by all employees of the company and its subsidiaries as well as contractors, consultants, partners and any other external entity. Generally, it refers to anyone who is in close collaboration with the company or acts on its behalf and may need occasional access to data. 
 
Policy elements 
The company will need to obtain and process information of people that will serve its business purposes. The information may refer to any offline or online information that makes a person identifiable such as names, addresses, places of employment, usernames and passwords, digital footprints, photographs, social security numbers, financial data etc. The company commits to collect this information in a transparent way and only with the full cooperation and knowledge of interested parties. Once this information is available to the company, the following rules are mandatory: The data will be collected fairly and for lawful purposes only 
The data will be processed by the company within its legal and moral boundaries the data will not be stored for more than the specified amount of time the data will be accurate and kept up-to-date. 
The data will not be distributed to any party other than the ones agreed upon by the owner of the data (exempting legitimate requests from law enforcement authorities) The data will not be transferred to organizations, states or countries that do not have adequate data protection policies The data will not be communicated informally. 
The data will be protected against any unauthorized or illegal access by internal or external parties In addition to ways of handling the data the company has direct obligations towards people to whom the data belongs. 
 
Specifically the company must: 
 Let people know which of their data is collected 
 Inform people about how their data will be processed 
 Inform people about who has access to their information 
 Allow people to request the modification, erasing, reduction or correction of the data contained in the company’s databases 
 Have provisions in cases of lost, corrupted or compromised data 
 Allow the right for an individual’s information to be deleted 
 
Actions 
To exercise data protection the company is committed to: 
 Develop transparent data collection procedures 
 Establish data protection practices (document shredding, secure locks, data encryption, frequent backups, access authorization etc.) 
 Build secure networks to protect online data from cyber attacks 
 Include contract clauses or communicate statements on how data will be handled 
 Inform individuals of the amount of time that their data will be preserved 
 Declare its data protection provisions publicly (e.g. on website) 
 Ensure all concerned parties have read the policy and adhere to it 
 Train employees in online privacy and security measures 
 Restrict and monitor access to sensitive data 
 Establish clear procedures for reporting breach of privacy or data misuse 
 
Disciplinary Consequences 
All principles described in this policy must be strictly followed. A breach of data protection guidelines will invoke disciplinary and possibly legal action. 
 
Security Structure 
Smartlog Servers are housed within a 24x7x365 manned security and monitoring data center which has proximity access control, restricted biometric access, internal and external CCTV, perimeter and motion sensor alarms with an onsite network operations center. 
The application is protected by SSL (Secure Socket Layer) encrypted link, with a 3 tier authentication process. 
Compliance with General Data Protection Regulations (GDPR) and registration with Information Commissioner’s Office (ICO) 
In line with the General Data Protection Regulation (GDPR) we are registered with the Information Commissioner’s Office as Safesmart Ltd. at the address below. 
All data is held on secure servers located within UK or EEA 
Data protection compliance manager is Paul Williams, requests for information relating to data held and processed should be sent to info@safesmart.co.uk 
Policy review term will be no more than 12 months from the date of previous review or when a significant event prompts an earlier review such as a change in legislation or regulation. 
 
Revision Log: 
 
20/08/2016 
V1.0 
Annual revision of policy 
MEW 
 
28/06/2017 
V1.1 
Addition of server location within EU 
PJW 
 
21/02/2018 
V2.0 
Change from DPA to GDPR 
PJW 
 
 
 
 
 
 
BAFE accredited
ISO Accredited
Notifier by Honeywell
Constructionline
Safe Contractor Approved
Fire Industry Association
 
Contact Form 
Designed and created by it'seeze
Our site uses cookies. For more information, see our cookie policy. ACCEPT COOKIES MANAGE SETTINGS