What information do we collect?
We collect information from you when you place an order, fill out a form or make a payment. When contacting us on the phone, we may record your call for training and quality control purposes. When contacting us from this site you may be asked to enter your name, e-mail address or phone number as appropriate. You may, however, visit our site anonymously. For placing orders online we require you to use our booking engine. We implement a variety of security measures to maintain the safety of your personal information when you place an order:
Lawful basis for processing your personal data
Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. If customers do not provide the information required for processing transactions, then we will be unable to provide a service to the customer. Processing of your personal data Description of processing
Supreme Concierge will no longer be holding data which we have not gained contractual obligations for after 30 days, depending on the sensitivity of this data, it will be deleted instantly. Ranks of sensitivity will be outlined below, as well as some exceptions where data may be held longer lawfully. Where personal data is held Supreme Concierge holds personal data in a few different locations, these can include: Our own database servers, email accounts, desktops, employee owned devices, paper files and backup storage. Procedures in place for deletion Accounts related data that is processed via our two database servers are subject to a 90 day non-usage review of the account, followed up by a 6 month review before the erasure or separation of any personal or sensitive data. Also upon request by the authorised account holder data will be deleted from both database servers within 30 days of the request followed up by a privacy notification and confirmation of the deletion. This can be done by contacting the DPO at Supreme Concierge on +48 222701000 or firstname.lastname@example.org Data processed via email are subject to the Apple Software on board retention policy, this includes the purging of unfiled mail after 30 days. Employee and mobile users including sub-processors who process data on behalf of our company are subject to a systematic 30 days deletion policy after the completion of a contractual obligation. This is achieved via our Ground Alliance Software which is downloaded onto mobile devices. On board encryption is also enabled on all our mobile devices which are set to delete all information on the device after multiple failed password attempts. Exceptions where data may be held longer than our 30-day retention period Financial data stored on our accounts server or stored as hard copies are held for up to 7 years before disposal due to TAX and VAT legalities. Ranks of sensitive data – Different retention periods Security criticality of sensitive or personal data which we process will be described and provided for in section 3.1 below, this policy contains requirements for the deletion of any data we process either personal or sensitive ranked 'low', 'medium' and 'high'.
System data ranking
Your rights as a data subject
We have a robust process for dealing with costumer queries and subject access request is in place, this includes but not limited to the right to withdraw any processing of your personal data and to remove any personal or sensitive data. The request can be made via email or telephone to the DPO at Supreme Concierge on +48 222701000 or email@example.com Our consumer query process is also used to monitor our customers, our data partner and our product/processes. Root cause analysis is applied to every enquiry, allowing us to identify if further action is required. Your right to request from the controller restriction of processing of personal data can be applied upon request by the authorised account holder. You have a right to lodge a complaint with a supervisory authority in regards to how your information has been handled. Please contact the Information Commissioner's Office (ICO). https://ico.org.uk/concerns/handling/ Client account data is stored in SQL tablespaces & data file formats which can be exported into either a Microsoft excel spreadsheet or Adobe PDF which is then encrypted with a password before sending out electronically. Immediate access to account details is available to clients with web access to our online booking platform which allows the client to update or change the account records, this functionality is secured using a Secure Socket Layer (SSL). Childrens Online Privacy Protection Act Compliance We are in compliance with the requirements of COPPA (Childrens Online Privacy Protection Act). We do not collect any information from anyone under 13 years of age. Our website, products and services are all directed to people who are at least 13 years old or older.