GDPR and Complaints

 

Complaints

 

The complaints procedure is available by email or hard copy via post on request to the contact address below

Bee Power is committed to providing excellent customer service and maintaining a healthy customer relationship with all clients. This policy has been devised to ensure that all complaints are handled as efficiently and effectively as possible.

As a customer of Bee Power, you are entitled to make a complaint to us, the following outlines policy and procedure for dealing with verbal and written complaints.

We want to resolve your complaint as soon as possible. Please contact Bee Power via the web site link, www.beepower.uk, via email at peter@beepower.uk or by letter to Bee Power, Unit 16829, PO Box 6945, London, W1A 6US or by telephone to 07877 851 048. We will do our best to resolve any issues that you have encountered as soon as possible.

On receipt of a complaint Bee Power will acknowledge receipt of the complaint within 2 working days

We will keep you informed of the progress of the complaint, proposed actions and expected time frame for resolution

 

Our aim is to resolve complaints in a timely manner, and we will generally try to resolve issues within 28 days. Complex complaints may take longer to resolve. In these cases you will receive regular updates on the progress and likely time frame for resolution.

We will advise you of the outcome of your complaint, where you have requested us to do so we will advise you in writing.

Making a complaint is free. It will be recorded and the records of such will be kept in line with our GDPR police

All complainants will be treated with courtesy and respect and our objective is to resolve all complaints at first contact

If you so wish you may authorise a representative or advocate to interact with us on your behalf during the process. In such cases, signatory proof will be required.

Bee Power is a sole trader, as such all complaints will be dela with by the sole trader, Peter Conisbee

When your complaint is resolved we will inform you within 10 working days

If your complaint is not resolved to your satisfaction by us, or still unresolved after 8 weeks, you may refer your complaint to the Ombudsman.


GDPR Compliance

Commitment

I am committed to ensuring the security and protection of the personal information that is processed, and have provided a compliant and consistent approach to data protection. There is a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. 

I am dedicated to safeguarding the personal information under my remit and have developed a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the regulations.

Information audit – I have carried out an audit to identify and assess what personal information is held, where it comes from, how and why it is processed and if and to whom it is disclosed

Policies and Procedures – Data protection policies and procedures meet the requirements and standards of the GDPR and any relevant data protection laws, including;

Data Protection – The main policy and procedure

 

  • Information Audit -an audit was carried out to identify and assess what personal information I hold, where it comes from, how and why it is processed and if and to whom it is disclosed.

  • Policies & Procedures - Data protection policies and procedures meet the requirements and standards of the GDPR and relevant data protection laws, including: -

    • Data Protection – the main policy and procedure document for data protection has been overhauled to meet the standards and requirements of the GDPR. Accountability and governance measures are in place to ensure that I understand and evidence my obligations and responsibilities; with a dedicated focus on privacy by design and the rights of individuals.

    • Data Retention & Erasure – the retention policy has been updated to ensure compliance with ‘data minimisation’ and ‘storage limitation’ principles and that personal information is stored, archived and destroyed compliantly and ethically. An erasure procedure is in place to meet the new ‘Right to Erasure’ obligation and are aware of when this and other data subject’s rights apply; along with any exemptions, response timeframes and notification responsibilities.

    • Data Breaches – the breach procedures ensure that there are safeguards and measures in place to identify, assess, investigate and report any personal data breach at the earliest possible time.

    • Subject Access Request (SAR) – SAR procedures accommodate the revised 30-day timeframe for providing the requested information and for making this provision free of charge.

 

  • Legal Basis for Processing - each basis is appropriate for the activity it relates to. Where applicable, records of the processing activities are maintained, ensuring that obligations under Article 30 of the GDPR and Schedule 1 of the Data Protection Bill are met.

  • Privacy Notice/Policy – I have revised the Privacy Notice to comply with the GDPR, ensuring that all individuals whose personal information is processed will have been informed of why we need it, how it is used, what their rights are, who the information is disclosed to and what safeguarding measures are in place to protect their information.

  • Obtaining Consent – I have revised the consent mechanisms for obtaining personal data, ensuring that individuals understand what they are providing, why and how I use it and giving clear, defined ways to consent to the processing of their information. There is a stringent process for recording consent, making sure that an affirmative opt-in can be evidenced, along with time and date records; and an easy to see and access way to withdraw consent at any time.

  • Data Protection Impact Assessments (DPIA) – where I process personal information that is considered high risk, involves large scale processing or includes special category/criminal conviction data; a stringent procedure for carrying out impact assessments that comply fully with the GDPR’s Article 35 requirements is in place.

 

Retention of Data

Data will be held for 2 years after a contract has expired or until such time as the individual requests erasure of their data.

Should there be no further instruction of work to the at the end of the 2 years the information will either be destroyed or if still necessary/required, I will seek consent to update/maintain that data.

 

Data Subject Rights

In addition to the policies and procedures mentioned above that ensure individuals can enforce their data protection rights, I can provide easy to access information via my website, and during agreement of terms and conditions, of an individual’s right to access any personal information that I process about them and to request information about: -

  • What personal data I hold about them

  • The purposes of the processing

  • The categories of personal data concerned

  • The recipients to whom the personal data has/will be disclosed

  • How long I intend to store your personal data for

  • If I did not collect the data directly from them, information about the source

  • The right to have incomplete or inaccurate data about them corrected or completed and the process for requesting this

  • The right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from me and to be informed about any automated decision-making that I use

  • The right to lodge a complaint or seek judicial remedy and who to contact in such instances

 

Information Security & Technical and Organisational Measures

I take the privacy and security of individuals and their personal information very seriously and take every reasonable measure and precaution to protect and secure the personal data that I process. I have robust information security policies and procedures in place to protect personal information from unauthorised access, alteration, disclosure or destruction.

 

GDPR Roles

Peter Conisbee is the Data Protection Officer