Kangaroo Self Storage
Feedback

Privacy Policy

We take your privacy very seriously and we ask that you read this privacy policy carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and how to contact us and supervisory authorities in the event you have a complaint.

WHO WE ARE

Kangaroo Self Storage Ltd (“we”, “us”) is the operator of the website www.kangarooselfstorage.co.uk. We collect, use and are responsible for certain information about you. When we do so, we are regulated under the General Data Protection Regulation which applies across the European Union (including the United Kingdom) and we are responsible as 'controller' of that personal information for the purposes of those laws.

THE PERSONAL INFORMATION WE COLLECT AND USE

Personal information provided by you

In the course of operating our self storage business, we collect personal information when you provide it to us, such as your name, postal address, email address, phone numbers, date of birth and payment details.

We also collect personal information from you if you apply for a job with us or work for us for any period of time. In this context, personal information we gather may include: contact details, financial and payment details, details of education, qualifications and skills, marital status, nationality, NI number, job title, and CV.
Our website also uses cookies (see our Cookies Policy) and collects IP addresses (which means that we can uniquely identify a specific device using our site.

Personal information provided by third parties

Occasionally we may receive information about you from other sources (such as credit reference agencies), which we will add to the information we already hold about you in order to help us provide services to you and to improve and personalise our service to you. If you apply for a job with us, we may receive information from the people who provide references.

Personal information about other individuals

If you give us information on behalf of someone else as an alternate contact, referee or next of kin, you confirm that the other person has agreed that you can:

  • give consent on his/her behalf to the processing of his/her personal data;
  • receive on his/her behalf any data protection notices; and
  • if relevant, give consent to the transfer of his/her personal data abroad.

Sensitive personal information

We will not usually ask you to provide sensitive personal information. We will only ask you to provide sensitive personal information if we need to for a specific reason, for example, if we believe you are having difficulty dealing with your account due to illness. If we request such information, we will explain why we are requesting it and how we intend to use it.

Children

We do not knowingly collect personal data relating to children under the age of 16. If you are a parent or guardian of a child under the age of 16 and think that we may have information relating to that child, please contact us. We will ask you to prove your relationship to the child but if you do so you may (subject to applicable law) request access to and deletion of that child’s personal data.

HOW AND WHEN DO WE COLLECT INFORMATION FROM YOU?

We gather information directly from you face to face if you come to our site for information or to sign a storage agreement and over the telephone if you ring us to make an enquiry. We collect personal information via our website and other technical systems. We collect this when you use our website to sign up to, participate in or receive a service from us, such as requesting a quote online or entering a live chat. Our website also uses cookies (see “Use of cookies” section below) and collects IP addresses (which means a number that can uniquely identify a specific computer or other device on the internet).  We also collect personal information when you contact us, send us feedback, sign up to newsletters, complete customer surveys and participate in competitions.
We may monitor and record communications with you (such as telephone conversations and emails).  We may do this for a number of reasons, such as to check the quality of our customer service, for training purposes, to prevent fraud or to make sure we are complying with legal requirements.

If you visit our storage facility, some personal data may be collected from monitoring devices and systems such as closed circuit TV (CCTV) and door entry systems at the site.

Use of cookies

A cookie is a small text file which is placed onto your computer (or other electronic device such as a mobile telephone or tablet) when you use our website. We use cookies to track and profile customers such as action tags and pixel tracking on our website to assist our marketing. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify you individually. We use analysis software to look at IP addresses and cookies to improve your experience as a user of our website. We do not use this information to develop a personal profile of you. If we do collect personally identifiable information, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it and you will be able to opt in to receive this.

You can set your browser not to accept cookies and the websites below tell you how to remove cookies from your browser. However, some of our website features may not function as a result.

For further information on our use of cookies, please see our website cookie policy

For further information on cookies generally visit www.aboutcookies.org

REASONS WE CAN COLLECT AND USE YOUR PERSONAL INFORMATION

We rely on a different lawful basis for collecting and using personal data in different situations.

Contracts

Where you make enquiries about storing with us before you become a customer, we need to collect personal information about you so that we can take steps to enter into a contract with you.  Once you have become a customer, we need to collect and use personal information to provide services to you and to claim our right to be paid in return for our services under our standard terms of business/contract with you.  This includes collecting and using your personal information to:

  • enable us to follow up on enquiries made by you in relation to storing with us in accordance with industry guidelines and to give you our quote;
  • do a credit check—see 'Credit checking' section below;
  • prepare a storage agreement with you and arrange insurance cover if required;
  • manage any accounts you hold with us;
  • contact you for reasons related to the service you have signed up for or to provide information you have requested;
  • deal with payment for our services;
  • notify you of any changes to our website or to our services that may affect you; and
  • resolve disputes or collect overdue payments.

Job Applications

If you apply for a job with us, we will collect and use personal information to process your application and check references.  If you take a job with us, we will collect and use your personal information to enter into an employment contract with you and to administer the employment relationship, including making payments to you, accounting for tax, ensuring safe working practices, monitoring and managing staff access to systems and facilities, monitoring absences and performance and conducting assessments.

Legal obligations

We collect and use personal information from our customers and staff to comply with our legal obligations.  For example, we will take copies of documents that identify you so that we can comply with anti-money laundering and counter-terrorist financing requirements.

Legitimate business interests

Our priority is to make sure we give a high quality and secure service to customers and to follow up effectively on enquiries even though we accept that not all enquiries will lead to a business relationship or contract.  We collect personal information to:

  • follow up on enquiries in accordance with industry guidelines and provide quotes for storage/details of offers;
  • conduct research and analyse website visitor behaviour patterns;
  • customise our website and its content to your particular preferences;
  • improve our services;
  • detect and prevent fraud;
  • prevent offensive, inappropriate or objectionable content being sent to or posted on our websites or to stop any other form of disruptive behaviour

CCTV Recordings

It is a key feature of our storage service that we operate CCTV within the storage facility.  We collect and process CCTV images

  • so we can fulfil our contractual obligation to deliver a secure self storage environment;
  • to establish whether you are doing something that breaches your contract with us; and
  • to assist in the establishment or defence of any crime or other investigation.

Credit Checking

We may do a credit check on you so that we can make credit decisions about you and people or businesses associated with you. These checks may also be used to help prevent and detect fraud and money laundering.

Our search will be recorded on the files of the credit reference agency.

We may also disclose information about how you conduct your account to credit reference agencies and your information may be linked to records relating to other people living at the same address or who are financially linked to you.

Other credit businesses may use your information to make credit decisions about you and the people with whom you are financially associated, trace debtors, and prevent and detect fraud and money laundering.

If you provide false or inaccurate information to us and we suspect fraud, we will record this.

If you want to see your credit file, please contact our central office to obtain the contact details of the credit reference agency which we use.

When will we contact any other person about you?

If you provide us with details of any other person we can contact to discuss your account, we may contact that person and discuss and share the details of your account with that person and deal with that person in relation to your account as if that person was you.  We may particularly want to do this if we are unable to get in touch with you for any reason. If you change your mind, you can email or write to us and have this person taken off your account as an alternate contact person (see ‘How can you contact us?’ below).

If you provide us the details of a person who we can contact for a job reference, we may contact that person in connection with your job application.

Marketing.

We will also communicate with you information about other services we can offer you and update you about our activities and promotions which may be of interest to you. If you would like to stop receiving these email newsletters, you can also click on the “unsubscribe” button at the bottom of the email newsletter. It may take a few days for this to take place. See 'What rights do you have?’ below for further information. If you ask us to stop contacting you in this way, you can also ask us to start again at any time.

If we propose to use your information for any other uses we will ensure that we notify you first. If we need your consent to use your information for these other purposes, we will give you the opportunity to opt in or to refuse.  If you opt in, you will be able to opt out at any time.

Who your information might be shared with.

We will not sell or use your information to any other company or third party for marketing use.
We may disclose your personal data to:

  • service providers under contract with us to support our business operations, such as fraud prevention, debt collection, payroll, technology services]
  • credit reference agents—see 'Credit checking' above;
  • our insurers and insurance brokers if you take out insurance cover through us;
  • trade associations of which we are a member;
  • law enforcement or government agencies in connection with any investigation to help prevent or detect unlawful activity;
  • any person or agency if we need to share that information to comply with the law or to enforce any agreement we may have with you or to protect the health and safety of any person;
  • any person who you have named as a person we can contact to discuss your account;
  • any person who is your agent or representative, such as the holder of a power of attorney, a legal guardian or person administering a will;
  • any person who we are negotiating with as a potential buyer of our business or property or if we are proposing to merge our business with another business;
  • credit card associations if specifically required;

If we pass data on to insurers, they may enter your data onto a register of claims which is shared with other insurers to prevent fraudulent claims. If we use an outside party to process your information, we will require them to comply with our instructions in connection with the services they provide for us and not for their own business purposes.

KEEPING YOUR PERSONAL INFORMATION SECURE

We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way.  We limit access to your personal information to those who have a genuine business need to know it.  Those people processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.  

We will use technical measures to safeguard your personal data, for example:

  • access to your customer account is controlled by a verification process
  • we store your personal data on secure servers; and
  • payment details are encrypted on the secure server

We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable supervisory body of a suspected data breach where we are legally required to do so.

While we will use all reasonable efforts to keep your personal data safe, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that is transferred from you or to you via the internet. If you have any particular concerns about your information, please contact us (see ‘How to contact us’ below).

Our website contains links to websites and applications owned and operated by other people and businesses. These third party sites have their own privacy policies and use their own cookies and we recommend that you review them before you provide them with personal information.  They will tell you how your personal information is collected and used whilst you are visiting these other websites.  We do not accept any responsibility or liability for the content of these sites or the use of your information collected by any of these other sites and you use these other sites at your own risk.

If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

TRANSFERS OF YOUR PERSONAL INFORMATION OUT OF THE EEA

We may transfer your personal data to the United States of America for the purpose of data storage when using MailChimp (privacy policy can be seen here). Rest assured that we will always ensure any transfer is subject to appropriate security measures to safeguard your personal data. If you would like further information, please contact us (see “How to contact us” below).

HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION?

We will usually hold your personal information as a customer or employee on our system for the period we are required to retain this information by applicable UK law, currently 6 years from the end of our contract or 6 months after any unsuccessful job application, unless you have told us you want us to delete the information earlier (see section “What rights do you have” below).

WHAT RIGHTS DO YOU HAVE?

Under the General Data Protection Regulation you have a number of important rights. These include the following rights:

  • request a copy of your information which we hold (subject access request);
  • require us to correct any mistakes in your information which we hold;
  • require the erasure of personal information concerning you in certain situations
  • require us to stop contacting you for direct marketing purposes;
  • object in certain other situations to our continued processing of your personal information;
  • restrict our processing of your personal information in certain circumstances;
  • object to decisions being taken by automated means which produce legal effects concerning you or which affect you significantly; and
  • receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations.

Further information on each of these rights is available from the Information Commissioner’s Office.

If you would like to exercise any of these rights, please:

  • email, call or write to us (see ‘How to contact us’ below)
  • let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
  • let us know the information to which your request relates, including any account or reference numbers, if you have them

We will not charge any fee for any of these services in most cases.

HOW TO CONTACT US

We hope that we can resolve any query or concern you raise about the way we use your personal information Please contact us if you have any questions about this privacy policy or the information we hold about you.

If you wish to contact us, please send an email to headoffice@kangarooselfstorage.co.uk or write to us at 21 Sidegate, Haddington, East Lothian, EH41 4BZ or call us on 0800 012 1528.

The General data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority. The supervisory authority I the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone 0303 123 1113

CHANGES TO THE PRIVACY POLICY

This Privacy Notice was published on 11th May 2018 and last updated on 11th May 2018. We may change this Privacy Notice from time to time. You should check this policy occasionally to ensure you are aware of the most recent version.

DO YOU NEED EXTRA HELP?

If you would like this policy in another format (for example: audio, large print, braille) please contact us (see ‘How can you contact us?’ above).

 

Cookies Policy

What is a cookie?

Most websites you visit will use cookies in order to improve your user experience by enabling that website to ‘remember’ you, either for the duration of your visit (using a ‘session cookie’) or for repeat visits (using a ‘persistent cookie’).

  • Cookies do lots of different jobs, like letting you navigate between pages efficiently, storing your preferences, and generally improving your experience of a website.
  • Cookies make the interaction between you and the website faster and easier. If a website doesn’t use cookies, it will think you are a new visitor every time you move to a new page on the site.
  • Some websites will also use cookies to enable them to target their advertising or marketing messages based for example, on your location and/or browsing habits.
  • Cookies may be set by the website you are visiting (‘first party cookies’) or they may be set by other websites who run content on the page you are viewing (‘third party cookies’).

What is in a cookie?

A cookie is a simple text file that is stored on your computer or mobile device by a website’s server and only that server will be able to retrieve or read the contents of that cookie. Each cookie is unique to your web browser. It will contain some anonymous information such as a unique identifier and the site name and some digits and numbers. It allows a website to remember things like your preferences or what’s in your shopping basket.

What to do if you don’t want cookies to be set?

Some people find the idea of a website storing information on their computer or mobile device a bit intrusive, particularly when this information is stored and used by a third party without them knowing. Although this is generally quite harmless you may not, for example, want to see advertising that has been targeted to your interests. If you prefer, it is possible to block some or all cookies, or even to delete cookies that have already been set; but you need to be aware that you might lose some functions of that website.

How do we use cookies?

We use cookies to track and profile customers such as action tags and pixel tracking on our website to assist our marketing.

We also use cookies that are strictly necessary to enable you to move around the site or to provide certain basic features and to enhance the functionality of the website by storing your preferences. We also use cookies to help us improve the performance of our website to provide you with a better user experience.

If you visit our website when your browser is set to accept cookies, we will interpret this as an indication that you consent to cookies and other similar technologies as listed in this website cookies policy. If you change your mind in the future about letting us use cookies, you can modify the settings of your browser to reject or disable cookies completely.

We have also included information on how you can opt out. Remember, these cookies are not harmful to your computer and they hold no personal or sensitive information about you, however you can still opt out of them if you wish.
The table below shows all of the cookies we and third parties use on our website. It explains what these cookies are, what they do and which third party company issues them.

Description of cookies on this website

Google Analytics

These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. Click here for an overview of privacy at Google.

Session Cookies

We use a session cookie to remember basic information related to your journey through the site i.e. that you have requested storage at a specific store. The cookie holds no personal information and expires once you close your browser.

Google Display Advertising Network Cookies

These companies use cookies to discover general information about the pages on our site that you visit and it also processes IP addresses to collect other non-personally identifiable information in order to place you in a "market segment". This includes data about the country, city or region where you are located and your domain name (e.g. what ISP you use). It then places advertisements onto pages you subsequently visit which it believes people in your market segment will find relevant. We also use cookies to assist in targeted advertising. We use cookies to more accurately target advertising to you, to show more relevant ads online. These cookies are anonymous. If you receive one of those cookies, we may then use it to identify you as having visited our site if you later visit other sites that are part of the Google advertising network, and will serve targeted advertising based on this information. User data is anonymous.

Who’s On Chat

Our website uses a third party plug in to provide us with a chat functionality. Please see our suppliers website for information on how your information is used https://www.whoson.com/privacy

We don’t sell the information collected by cookies, nor do we disclose the information to third parties, except where required by law (for example to government bodies and law enforcement agencies).

Opting out of Cookies

Most web browsers allow some control of non-essential cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them visit www.aboutcookies.org or www.allaboutcookies.org.

One thing to note: if you opt to not allow the saving of cookies using your browser, you are likely to see the Cookie Information pop-up every time you visit most websites, as it is likely your preference will not be saved.

To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.

Data Protection Policy

  1. Introduction
    1. We hold personal data about our employees, customers, suppliers and other individuals for a variety of business purposes.
    2. We take seriously our obligations under the General Data Protection Regulation (GDPR) and all other relevant regulation and legislation in relation to the personal data we hold.
    3. We have appointed Helen Bower as our Data Compliance Manager (DCM) to have overall responsibility for monitoring how we collect and use personal data, data security and compliance with data protection regulations and laws.
    4. This policy sets out how we seek to protect personal data and ensure staff understand the rules governing their use of personal data to which they have access in the course of their work. In particular, this policy requires staff to ensure that the DCM should be consulted before any significant new data processing activity is initiated to ensure that relevant compliance steps are addressed.
  2. Definitions
    1. It is important that you understand the following terms:
      1. Business purposes—the purposes for which personal data may be used by us, eg creating and administering customer accounts, personnel, administrative, financial, regulatory, payroll and business development purposes. These include the following:
        1. creating, and managing our contracts and accounts with our customers
        2. identification of new customers for anti-money laundering purposes
        3. contacting customers for reasons related to the services they have signed up for or to provide information they have requested
        4. contacting customers to notify them of any changes to our website or to our services that may affect them
        5. invoicing for and collecting payments due for services provided to customers
        6. collecting overdue payments
        7. compliance with our legal, regulatory and corporate governance obligations and good practice
        8. gathering information as part of investigations by regulatory bodies or in connection with legal proceedings or requests
        9. ensuring business policies are adhered to (such as policies covering email and internet use)
        10. operational reasons, such as recording transactions, training and quality control, ensuring the confidentiality of commercially sensitive information, security vetting, credit scoring and checking
        11. investigating complaints and resolving disputes
        12. checking references, ensuring safe working practices, monitoring and managing staff access to systems and facilities and staff absences, administration and assessments
        13. monitoring staff conduct, disciplinary matters
        14. improving services
        15. following up leads and marketing our business
      2. Personal data—information relating to identifiable individuals, such as customers, alternative contacts, suppliers, marketing contacts, job applicants, current and former employees, agency, contract and other staff. Personal data we gather may include: individuals' contact details, financial and payment details, details of education, qualifications and skills, marital status, nationality, job title, and CV.
      3. Sensitive personal data—personal data about an individual's racial or ethnic origin, sexual orientation, political opinions, religious or similar beliefs, trade union membership (or non-membership), physical or mental health or condition, criminal offences, or related proceedings, CCTV images and any other biometric data —any use of sensitive personal data should be strictly controlled in accordance with this policy.
  3. Scope
    1. This policy applies to all staff. You must be familiar with this policy and comply with its terms.
    2. We may supplement or amend this policy by additional policies and guidelines from time to time. Any new or modified policy will be circulated to staff before being adopted.
  4. Who is responsible for this policy?
    1. The DCM has overall responsibility for this policy and for ensuring this policy is adhered to by all staff.
  5. Legal responsibilities
    1. The GDPR imposes requirements that:
      1. we only hold data if we have a lawful basis for doing so, for example, where we have a contract with a customer, to administer the customer’s account and provide the services the customer requires, to comply with our legal obligations, if we have a genuine and legitimate business interest in processing that information or we have the consent of the person to whom the data relates
      2. we keep that data confidential and secure
      3. we use it only for authorised purpose(s)
      4. any data we hold is:
        1. adequate
        2. relevant
        3. not excessive
        4. accurate, and
        5. up-to-date
      5. we do not keep data for longer than is necessary
  6. Our procedures
    1. Fair and lawful processing – Privacy Notices
      1. We must process personal data fairly and lawfully in accordance with individuals’ rights. This generally means that we should not process personal data unless the processing is:
        1. necessary to perform legal obligations or exercise legal rights, or
        2. otherwise in our legitimate interests and does not unduly prejudice the individual's privacy
  7. In most cases this provision will apply to routine business data processing activities for our Business purposes.
      1. Our Privacy Notice is a notice to customers on data protection. The notice:
        1. sets out the purposes for which we hold personal data on clients (ie for the provision of legal services and related purposes including legal and regulatory compliance)
        2. highlights that we may be required to give information to third parties such as law enforcement agencies or need to share it with service providers such as insurers, credit reference agencies, debt collection agents and payroll providers, and
        3. provides that individuals have a right of access to the personal data that we hold about them
      2. Our Privacy Notice needs to be given to the customer at the first point of contact. Our website will direct customers to our Privacy Notice when they make an enquiry on-line.  If a customer makes an enquiry in the store or signs up a licence agreement in store, then you must give them a copy of our Privacy Notice at that time.  If enquiries are made by telephone, you will need to let them know we take the privacy of their data seriously and let them know that they can view our Privacy Notice on-line or we can send it to them by post or email.
    1. Sensitive personal data
      1. In almost all cases where we process sensitive personal data we will require the data subject's explicit consent to do this unless exceptional circumstances apply, or we are required to do this by law (e.g. to comply with legal obligations to ensure health and safety at work). Any such consent will need to clearly identify what the relevant data is, why it is being processed and to whom it will be disclosed.
    2. Accuracy and relevance
      1. We will ensure that any personal data we process is accurate, adequate, relevant and not excessive given the purpose for which it was obtained. We will not process personal data obtained for one purpose for any unconnected purpose unless the individual concerned has agreed to this or would otherwise reasonably expect this.
      2. Individuals may ask that we correct inaccurate personal data relating to them and we need to respond to them within one month. If any person makes a request to correct inaccurate information, you must inform the DCM immediately giving details of the request. If you believe that information is inaccurate you should record the fact that the accuracy of the information is disputed and pass this on to the DCM when you report that the request has been made.
    3. Right to stop direct marketing
      1. You should abide by any request from an individual not to use their personal data for direct marketing purposes and notify the DCMabout any such request.
      2. Do not send direct marketing material to someone electronically (e.g. via email) unless the person has given their consent to this.  You will need to follow industry guidance on following up on people who have made enquiries or asked for a quote for storage. [Please see our Policy on following up potential customers.]
      3. Please contact the DCM for advice on direct marketing before starting any new direct marketing activity.
    4. Right of access to personal data – subject access requests
      1. Please note that under the Data Protection regulations, individuals are entitled (subject to certain exceptions) to request access to information held about them.
      2. If you receive a subject access request, you should refer that request immediately to the DCM. We may ask you to help us comply with those requests.
      3. Please contact DCM if you would like to correct or request information that we hold about you. We will respond to your request within 30 days. There are also restrictions on the information to which you are entitled under applicable law.
    5. Right to be forgotten or to restrict use of personal data
      1. Please note that under the Data Protection regulations, individuals are entitled (subject to certain exceptions) to request that we restrict how we use the personal information we hold about them or that we delete it altogether.
      2. If you receive a request of this kind, you should refer that request immediately to the DCM. We may ask you to help us comply with those requests.
    6. Your personal data
      1. You must take reasonable steps to ensure that personal data we hold about you is accurate and updated as required, e.g. if your personal circumstances change then please inform the DCM so that they can update your records.
    7. Data security
      1. You must keep personal data secure against loss or misuse. This means you should comply with our security guidelines and policies set out in the Information Security Schedule below.
      2. Where other organisations process personal data as a service on our behalf (e.g. payroll or outsourcing companies), the DCM will establish what, if any, additional specific data security arrangements need to be implemented in contracts with those third-party organisations.
    8. Data retention
      1. We must retain personal data for no longer than is necessary. What is necessary will depend on the circumstances of each case, taking into account the reasons that the personal data was obtained, but should be determined in a manner consistent with our Data retention guidelines.
    9. Transferring data internationally
      1. There are restrictions on international transfers of personal data. You must not transfer personal data internationally at all without first consulting the DCM.
  8. Reporting breaches
    1. All members of staff have an obligation to report actual or potential data protection compliance and data security failures. This allows us to:
      1. investigate the failure and take remedial steps if necessary
      2. maintain a register of compliance failures
      3. notify the regulatory authorities if we are required to do where any compliance failures are material either in their own right or as part of a pattern of failures.
    2. If you suspect or become aware of any data security breach or that we have failed to do something which may be a breach of our data compliance obligations, you should report these facts or your suspicions immediately to the DCM.
  9. Training
    1. All staff will receive training on this policy. New employees will receive training as part of the induction process. Further training will be provided at least every two years or whenever there is a substantial change in the law or our policy and procedure.
    2. Training will cover:
      1. the law relating to data protection
      2. our data protection and related policies and procedures
    3. Completion of training is compulsory.
    4. The DCM will continually monitor training needs but if you feel that you need further training on any aspect of the relevant law or our data protection policy or procedures, please contact the DCM.
  10. Monitoring
    1. Everyone must observe this policy. The DCM will take steps to ensure it is being adhered to.
    2. The DCM will review this policy at least annually to ensure it remains fit for purpose and compliant with the applicable legislation.
  11. Consequences of failing to comply
    1. We take compliance with this policy very seriously.
    2. Failure to comply puts both you and the business at risk.
    3. The importance of this policy means that failure to comply with any requirement may lead to disciplinary action under our procedures, which may result in dismissal.
  12. If you have any questions or concerns about anything in this policy, do not hesitate to contact the DCM.
  13. INFORMATION SECURITY SCHEDULE
  14. Introduction
    1. We are committed to the highest standards of document and information management and security and treat confidentiality and data security extremely seriously.
    2. One of the purposes of this policy is to:
      1. protect against potential breaches of confidentiality and failures of integrity or availability of information
      2. ensure our information assets and IT facilities are protected against damage, loss or misuse
      3. ensure all staff are aware of and comply with UK law and our own procedures applying to the processing of data
      4. increase awareness and understanding in the business of the requirements for information security and the responsibility of staff to protect information they handle
    3. The IT Support Company will review security event logs and error logs on a monthly basis and is responsible for downloading and installing any necessary software, security patches or system updates.
  15. Our procedures
    1. Information management
      1. Records and information are owned by the business and not by any individual or team.
      2. Keeping accurate and up-to-date records is an integral part of all business activities.
      3. Complete and accurate records must be securely stored in the appropriate locations and be easily identifiable and accessible to those who need to see them. This means:
        1. files must be kept in accordance with our normal file management protocols and must be kept organised and up-to-date
        2. substantive matter related emails and notes of telephone or other conversations must be placed on file and must not be stored solely in personal mailboxes
        3. files must not be removed from the office except as permitted under this policy
      4. Information includes information stored anywhere on our IT system, as well as paper records and CCTV images.
      5. Information will be held only as long as is required and disposed of in accordance with our Information retention and destruction policy.
      6. All staff must ensure that any information and data gathered is accurate and, where appropriate, kept up-to-date.
    2. Human resources information
      1. Given the internal confidentiality and sensitivity of personnel files, access to such information is limited to the Group Operations Manager, Management Accountant and the CEO. Except as provided in individual roles, no other staff are authorised to access that information.
      2. Any staff member in a management or supervisory role must keep personnel information confidential.
      3. Subject to the provisions of the GDPR and associated codes of conduct, staff may ask to see their personnel files at any time by request to the DCM.
    3. Access to offices and files
      1. At the end of each day, or when desks are unoccupied, all files, backup systems and devices containing confidential information must be securely locked away or access disabled in case of temporary absence.
      2. All office access doors must be kept secure at all times and customers and visitors must not be given keys or pass-codes other than those they need to access their storage units.
      3. If you are dealing with a customer at reception or it becomes necessary for you to see customers in your own or another office area, then no customer files or other client information should be visible which do not relate to that customer.
      4. Customers and visitors should never be left alone in areas where they could have access to confidential information.
    4. Computers and IT
      1. Computers must be password protected and those passwords must be se-up and changed in accordance with requirements issued by the DCM’s from time to time. Passwords should not be written down or given to others.
      2. Computers and other devices should be locked when not in use to minimise the risk of accidental data loss or disclosure.
      3. The use of memory sticks and other removable media is prohibited. No confidential information is to be copied onto floppy disk, removable hard drive, CD or DVD or memory stick/thumb drive without the express permission of the DCM and even then it must be encrypted.
      4. Data copied to any of these devices must not be uploaded to out IT system until the device has been checked and cleared by our IT manager.  Once this has happened, relevant Data should be stored on our computer network in order for it to be backed up and the Data on the removable device should be deleted.
    5. Backup of data
      1. All electronic data must be securely backed up at the end of each working day.
      2. Backup media must be encrypted.
      3. Backup media that is retained on site prior to being sent for storage at a remote location must be stored securely in a locked safe and at a sufficient distance away from the original data to ensure both the original and backup copies are not compromised.
      4. A recording mechanism is in place and maintained by our IT manager to record all backup information including any failures or other issues.
    6. Communication and transfer
      1. Confidential information must not be removed from our offices without permission from the DCM.
      2. Postal, fax and email addresses and numbers should be checked and verified before information is sent to them. Particular care should be taken with email addresses where auto-complete features may have inserted incorrect addresses.
      3. All sensitive or particularly confidential information should be encrypted before being sent by email, or be sent by recorded delivery.
      4. Sensitive or particularly confidential information should not be sent by fax unless you can be sure that it will not be inappropriately intercepted at the recipient fax machine.
    7. Personal email and cloud storage accounts
      1. Personal email accounts, such as yahoo, google or hotmail and cloud storage services, such as dropbox, icloud and onedrive are vulnerable to hacking. They do not provide the same level of security as the services provided by our own IT systems.
      2. Do not use a personal email account or cloud storage account for work purposes. Do not plug in or attach your personal devices to the business’s IT system – charge from a wall plug socket.
      3. If you need to transfer a large amount of data, contact our IT manager or the DCM for help.
    8. Home Working
      1. No confidential or other information should be taken to your home without the permission of the DCM and only then if they are satisfied that you have appropriate technical and practical measures in place to maintain the continued security and confidentiality of that information.
      2. No confidential information is to be stored on your home computer (PC, laptop or tablet).
      3. Files and confidential information must be kept in a secure and locked environment where they cannot be accessed by family members or visitors.
      4. For more guidance, consult the DCM for details of our remote working and removable media policy.
  16. Cybercrime prevention and management
    1. All staff are required to be aware of and comply with our Cybercrime prevention strategy and incident management plan, which incorporates our Password policy and criteria for remote working.
  17. IT system management and development
    1. Our IT systems are managed by suitably trained staff who are responsible for overseeing day-to-day operation and to ensure continued security and integrity.
    2. The IT Support Company is responsible for ensuring we have procedures for the secure configuration of network devices. These will vary from time to time but are likely to include:
      1. ensuring all network devices have up to date fire walls
      2. encryption of hard drives
      3. ensuring all devices are password protected
    3. The IT Support Company and the CEO are responsible for the management of user accounts and will implement procedures to ensure:
      1. appropriate permissions are set for different types of user accounts, eg administration, standard or guest
      2. all members of staff have the correct type of user account
      3. users run with a minimal set of permissions whenever possible
      4. user accounts are suspended or deleted promptly where required, eg if a member of staff leaves the firm
    4. Access controls will be maintained at appropriate levels for all systems by ongoing and proactive management. Any changes to permissions must be approved by the IT Support Company or the CEO.
    5. New IT systems, or upgrades to existing systems, must be authorised by the CEO or the Group Operations Manager and the authorisation process must take account of security requirements. The information assets associated with any proposed new or updated systems must be identified and a risk assessment undertaken.
    6. Any new equipment must have appropriate levels of resilience and fault tolerance and must be correctly maintained.
    7. Software and applications must be managed to ensure their smooth day-to-day running and to preserve data security and integrity. The purchase or installation of new or upgraded software must be planned and managed and any information security risks must be mitigated. Specifications for new software or upgrades of existing software must specify the required information security controls.
  18. Business continuity
    1. The business has in place a Business Continuity Plan. That plan has been designed to ensure continued data security and to maintain confidentiality. You will be trained on what to do if this plan needs to be put into place.
  19. Reporting breaches
    1. If you suspect or become aware of any data security breach or that we have failed to do something which may be a breach of our data compliance obligations, you should report these facts or your suspicions immediately to the DCM.

Disclaimer

Kangaroo Self Storage Limited, a company registered in Scotland with number SC273494, and having its registered office at 21 Sidegate, Haddington, East Lothian, EH41 4BZ; and 'User' means any user of this web site.

WEBSITE CONTENTS

The contents of this web site (the 'Web Site Contents') are provided for general information only and should not be relied upon for any specific purpose, including but not limited to entry into any contract. Kangaroo Self Storage accepts no responsibility for the accuracy of any information or statement forming part of the Web Site Contents and the User uses and relies upon such Contents entirely at its own risk. For the avoidance of doubt and without prejudice to the foregoing generality the User acknowledges that the Web Site Contents may contain technical inaccuracies or typographical errors.

The Web Site Contents may be amended by Kangaroo Self Storage at any time, without notice, whether by way of correction, update or otherwise.

NON-AVAILABILITY IN CERTAIN COUNTRIES

The Web Site Contents may include details of or references to Kangaroo Self Storage products and/or services which Kangaroo Self Storage is not permitted in law or able in practice to advertise in or supply to a User in certain countries, states or other jurisdictions. Accordingly, the appearance on this web site of such details shall not be construed as an advertisement aimed at, or an offer to sell products or supply services to, a User in any such country, state or jurisdiction. Please contact Kangaroo Self Storage for confirmation of the availability of any of its products or services in a given country, state or jurisdiction.

HYPERTEXT LINKS

This web site may from time to time contain links to third party web sites or services. Such links are provided for the User's convenience only, and their inclusion does not constitute an authorization by Kangaroo Self Storage to the User to access such third party web sites, nor an endorsement of the content of such third party web sites by Kangaroo Self Storage.

The User acknowledges and agrees that Kangaroo Self Storage shall not be liable for any damage, loss, costs or expenses suffered or incurred by the User as a result of its use of any such third party web site.

EXCLUSION OF LIABILITY

The user acknowledges and agrees that Kangaroo Self Storage, its officers, employees, agents and advisers shall not in anyway be liable for any damage, loss, data and content hosted on our servers, costs or expenses arising directly or indirectly from the user’s downloading of any of the web site contents, or the user’s reliance on our use of any such contents for any purpose, or otherwise from the user’s use of this website.

Without prejudice of the foregoing generality Kangaroo Self Storage hereby excludes, insofar as permitted by law, all warranties and representations, express or implied, in respect of any of the web site contents, including but not limited to any warranties of satisfactory quality, fitness for a particular purpose or non-infringement of third party rights.

GENERAL

If any element of this Disclaimer should be determined to be illegal, invalid or otherwise unenforceable by reason of the laws of any state or country in which this Disclaimer is intended to be effective, then to the extent and within the jurisdiction in which that element is illegal, invalid or unenforceable, it shall be severed and deleted from this Disclaimer and the remaining provisions of this Disclaimer shall survive, remain in full force and effect and continue to be binding and enforceable.

 

         

Site Map
Privacy Policy
Cookies Policy
Data Protection Policy
Disclaimer

Blog
Dundee Google+
Glasgow Google+
Follow us on Twitter Find us on Facebook © Kangaroo Self Storage 2012
Feedback