General Data Protection Regulations 2018

General Data Protection Regulations 2018

The General Data Protection Regulations 2018 come into effect on Friday 25th May 2018. Please read our Policy Document to confirm how Mr Fire Safety Ltd hold and process your data.

General Data Protection Regulations 2018

Mr Fire Safety Ltd

Unified Policy Document



This policy document serves to incorporate all matters related to the General Data Protection Regulations 2018 (GDPR), in so far as they are applicable to our business. As a small business we are expected to comply with the Regulations which come into force on 25th May 2018, and we have produced this policy document which we believe to be a reasonable interpretation of the requirements.

The Information Commissioner’s Office is encouraged to consider the light touch approach to Regulation and Enforcement as a reasonable interpretation and application of the Regulations.


Data Privacy Policy / Notice

Personal data is any information about a living individual, which allows them to be identified from that data. This might include any one of the following, or a combination of them:

  • Name
  • Photographs or videos
  • Email addresses
  • Home addresses.
  • Other data


The processing of personal data is covered by the GDPR 2018 and other legislation, including the Human Rights Act.


Mr Fire Safety Ltd is considered to be a “data controller” under the Regulations. A data audit has identified that in the course of our business we may process the following personal data:

  • Names and titles of individuals
  • Contact details, including telephone numbers, email addresses and business addresses.
  • Bank details of customers and suppliers.



In controlling your data Mr Fire Safety Ltd will comply with data protection law which states that the data we hold must be:

  • Used lawfully, fairly and in a transparent way
  • Collected only for valid purposes
  • Relevant only to the purpose it is collected for
  • Accurate and up to date
  • Retained only for as long as necessary
  • Retained securely
  • Destroyed securely


We use personal data only for the following purposes:

  • Communicating with appropriate customer representatives, whether by post, email or telephone.
  • To maintain accounts and process relevant financial transactions.
  • To identify “responsible individuals” related to fire safety legislation.
  • To send you information and reminders about our services
  • On our website and in advertising, but only with your express consent.


Mr Fire Safety Ltd will not process any personal data defined in legislation as “Sensitive personal data” or “special category data”. These include criminal convictions, age, sexual orientation, religion etc.


Because only low risk data will be stored and processed, we consider that appropriate security measures are:

  • Only to store personal data on password protected devices including lap top computers.
  • Where personal data is stored on mobile telephone devices these will be limited in number, password or biometrically secured.
  • Long term storage will be “cloud based”.
  • No personal data will be held on portable devices, for example CD, DVD, memory stick etc.


Lawful basis

We must have a lawful basis for processing your personal data. The lawful basis for us to retain, control and process data is:


Contract – processing is necessary for us to conduct business with you.


Vital interests – the processing is vital to protect lives. Our business is based on saving life through fire safety, and some personal data indicates those with legal responsibilities under fire safety legislation.


The new Regulations specifically require individuals to “opt in” to allow data processing. Owing to the nature of our business we make the reasonable assumption that any prospective or existing customer contacting Mr Fire Safety Ltd infers that they “opt in” by providing their name and contact details. They may of course “opt out” but that would effectively end the likelihood of any contract with us.


Data sharing

Mr Fire Safety Ltd will not share your personal data with any third party, other than to conduct our business with you, for example, we may provide a name and address to a contractor for them to complete work on our behalf.


Any sharing of data beyond this will only take place with your express permission.


The exception to this would be if we are required to divulge data to an appropriate legally constituted agency (police or fire authority) as a part of a civil or criminal investigation.


Data retention

Mr Fire Safety Ltd will retain data for no more than 2 years after our last contract with you, except where there is legal requirement to retain for longer, for example, accounting systems.


Your rights as a data subject

You have the right to access personal data we hold on you

You have the right to have us correct or amend personal data we hold on you

You have the right to have personal data we hold on you permanently erased

You have the right to object to our processing personal data we hold on you, or to restrict processing to certain purposes

You have the right to personal data portability (you can ask us to move it to somebody else).

You have the right to withdraw your consent.

You have the right to lodge a complaint with the Information Commissioners Office on 0303 123 1113 or via email to:


Subject access policy

Data subjects have the right to access personal data held on them by Mr Fire Safety Ltd.

Any request should be made in writing to the data controller, Martin Timmis at our business office, Rent-a-Space, The Market Place, Battlefield Road, Shrewsbury, SY1 4AN.

We may need to verify your identity.

A response will be made to you within one month of receipt of your request.

There will be no charge to you, unless we believe the request to be unreasonable, repetitive or vexatious.



This unified policy is published on our website . A hard copy can be requested from the data controller.

Mr Fire Safety Ltd has not written to all of our clients as we consider this an unreasonable burden on any small business. We will, however, direct any queries to our website or data controller.



This unified policy document will be reviewed when necessary.

The next routine review is scheduled for May 2020.