Published: May 2018
Contents
- Overview
- Data Controller
- Information We Collect (Clients)
- Information We Collect (Staff And Suppliers)
- CCTV
- How We Process Information
- Our Data Retention Policies
- Information Disclosure
- Information Storage
- Information Security
- Accessing And Changing Your Information
- Automated Processes
- Data Breaches
1. OVERVIEW
Orion Business Centres Ltd (we, us, our) need to collect and use certain types of information about Individuals or Service Users (you, your) to carry out our business. These individuals and service users comprise: our clients and their staff, our staff and our suppliers.
Personal information is collected and dealt with appropriately whether it is collected on paper, stored in a computer database, or recorded on other material or systems; we have implemented safeguards to ensure the security of this information..
2. DATA CONTROLLER
Mr A D McAnally, a director of the Company, is our Data Controller, which means that he determines what purposes your information held will be used for. His contact details are: gdpr@orionbusinesscentres.co.uk or 01780758500.
3. INFORMATION WE COLLECT (CLIENTS)
3.1 Sales Enquiries. New enquiries sources will come from an agent or a direct approach by the client.
We will obtain, or be provided with, the following information from the agent and/or client:
Data Required | Why We Need This |
---|---|
Name | To communicate with you. As part of our checks to comply with AMLR. |
Company name (if relevant) | |
Email address | To communicate with you. |
Telephone number | |
Website address | As part of our checks to comply with AMLR. |
If a potential client declines to provide this information, then we will be unable to progress the enquiry and any details we already possess will be deleted in accordance as described elsewhere in this document.
3.2 Sale Conversion. When an enquiry proceeds to sale, we will ask the client for the AL3 following information for persons with significant control of the company (him/herself and directors of the company) and beneficial owners:
Data Required | Why We Need This |
---|---|
Home address | As part of our checks to comply with AMLR. |
Date of birth | |
Place of birth | |
Evidence of your identity (eg passport) | |
Evidence of your address (eg utility bill) | |
Company information: | |
Registration number | |
Address | |
VAT number | |
Email addresses | To communicate with you. |
Phone numbers | |
Information on company beneficial owners: | As part of our checks to comply with AMLR. |
Name(s) | |
Company address | |
Company phone number | |
Company registration number | |
Company website address | |
Company bank information: | To allow us to produce a standing order mandate for you to process through your bank and as part of our checks to comply with AMLR. |
Bank name | |
Bank address | |
Account name | |
Account number | |
Sort number |
If a client declines to provide the above information, then we will terminate our business relationship and any details we already possess will be deleted as described elsewhere in this document (subject to the requirements to maintain records for HMRC purposes as described elsewhere in this document).
3.3 Post-Sales information. When setting up a new client we will ask the client and the client’s staff for the following personal information:
Data Required | Why We Need This |
---|---|
Name | To allow us to communicate with the client’s staff members to fulfil our contractual arrangements with the client. |
Email address | |
Mobile phone number | |
Fingerprint and/or contactless card number (residents only) | To enable us to register the client’s staff members on our building security systems. |
If a member of the client’s staff declines to provide this information, then we will be unable to meet our contractual obligations fully; this may have an adverse impact on the client’s business. If a staff member does decline, then we will have to delete any information we already possess on that individual from our systems.
4. INFORMATION WE COLLECT (STAFF AND SUPPLIERS)
4.1 Orion Staff. When a candidate applies to work for us we will ask for the following personal information:
Data Required | Why We Need This |
---|---|
Name | To allow us to communicate with the applicant. |
Email address and/or phone number | |
Mobile phone number | |
Curriculum Vitae | To enable us to assess your suitability for employment with us. |
Successful candidates will be asked to provide the following additional information/ documentation:
Data Required | Why We Need This |
---|---|
Date of birth | To allow us to administer your pay and to report tax etc to HMRC. |
Home address | |
P45 | |
Fingerprint and/or contactless card number | To enable us to register you on our building security systems. |
The above information is required to enable us to administer your employment with us (including payroll). If you decline to provide this information, then we will be unable to employ/continue to employ you; we will also delete any information we already possess from our systems, except where required to meet statutory obligations.
We will also ask you to provide details (name and contact number) for your next-of-kin. This is to allow us to provide a duty of care in the event of you becoming ill or incapacitated whilst at work. The provision of this information is optional.
4.2 Suppliers/Contractors. When we establish a business relationship with a supplier/contractor we may ask for some, or all, of the following:
Data Required | Why We Need This |
---|---|
Name | To allow us to administer your pay and to report tax etc to HMRC. |
Company name | |
Email address | |
Phone number | |
VAT number | |
Bank details: | To pay your invoices. |
Bank name | |
Account name | |
Account number | |
Sort number |
If you decline to provide this information, then we will have to cease trading with you and delete any information we may hold on our systems (subject to the requirements to maintain records for HMRC purposes as described elsewhere in this document).
Applicable to our security alarm contractor only: we may also ask to provide fingerprints and/or contactless card numbers to enable us to register you and your staff on our building security systems.
5. CCTV
We use CCTV as part of our security arrangements in Orion House. The images captured are recorded on one of our computers and retained for 1 month from the capture date. Access to the images is restricted to ourselves only; any client request for access to the images must be made in writing to us. We will only share images of data subjects if we judge that there is a legitimate reason for doing so.
6. HOW WE PROCESS INFORMATION
Our data processes are depicted in our data processing maps, which can be requested if required.
In summary, we use the information we gather only to:
- Process an enquiry
- Process a sale
- Fulfil our contractual obligations
- Manage the security of our premises
- Meet our statutory obligations (usually limited to anti-money laundering regulations (AMLR) and business rates notification to the local authority)
- Manage our staff
- Manage our business relationship with suppliers/contractors
7. OUR DATA RETENTION POLICIES
We retain your data only for as long as necessary to fulfil our contractual, business and employer obligations and to comply with statutory obligations (eg AMLR).
Details of how long we store data are provided in our data processing maps, which can be obtained on request.
8. INFORMATION DISCLOSURE
We will never share your information with a third party without your explicit consent, except:
- In those circumstances where the law allows or requires us to disclose your data (eg when notifying the local authority about business rates).
- When conducting any legal proceedings, obtaining legal advice or defending any legal rights.
9. INFORMATION STORAGE
We store your data on all or some of the following systems:
System | Description |
---|---|
Relational databases | Electronic medium on our computers. |
Telephone system | Electronic medium on our telephone system. |
MS Outlook | Electronic medium on our computers. |
Accountancy software | Electronic medium on our finance director’s computer. |
Bank account | Electronic medium on our company bank account and accessed only by our directors. |
Google Drive | Electronic medium on cloud server and selectively synchronised to our computers. |
MS OneDrive | Electronic medium on cloud server and synchronised to our operations director’s computer. |
Fingerprint/contactless card number | Electronic medium on our intruder alarm system (residents only). |
Limited to company name only: Post franking machine Photocopier |
Electronic medium, limited to company name only, which might be abbreviated. |
Paper backup of contact information | Manual records held by our reception staff and directors. |
Information may be displayed openly as follows:
Data | Purpose |
---|---|
Company name: | Electronic medium stored on our Comms PC. and displayed on a monitor in our reception |
Individual names: | Electronic records stored on our Comms PC and displayed on our signing in/out register, as part of our building security. |
10. INFORMATION SECURITY
All our computers and devices are password protected; passwords are known only to us and, in limited instances, our ICT contractors.
The cloud storage systems we use are protected by passwords known only to us. Sensitive information is not accessible by our staff.
Electronic data is permanently deleted when it comes obsolete or the information expires (in accordance with our data protection policy).
Paper documents are always shredded when they become obsolete or the information expires (in accordance with our data protection policy).
11. ACCESSING AND CHANGING YOUR INFORMATION
The GDPR requires us to provide the information we hold on you when you request this.
If you find that any information we hold is inaccurate then please let us know and we will change this.
If you change your mind at any time and no longer wish us to retain your information, then please let us know. For any of the above, please email us at gdpr@orionbusinesscentres.co.uk.
12. AUTOMATED PROCESSES
The majority of our data processing is not automated.
The only automation we employ is:
12.1 When a potential sale does not progress. All client data will be automatically deleted as described elsewhere in this document.
- a. Email correspondence will be deleted 6 months after the originating date.
- b. Data held on our own databases will be redacted of personal information 6 months after the originating date.
12.2 During our business relationship with clients. All email correspondence between us will be archived 6 months after its originating date; the archive is electronic and cannot be readily accessed.
12.3 When we cease to have a business relationship with a client:
- a. Most data will be automatically redacted of personal information.
- b. MS Outlook data will be deleted automatically when the client terminates the agreement.
- c. Information required to comply with AMLR and HMRC tax records will be retained for a period of 6 years. This information will not be automatically processed, but we will retain your company name on our database to automatically prompt the requirement to delete this data.
13. DATA BREACHES
In the event of a data breach, the data controller will inform the Information Commissioner’s Office within 72 hours of becoming aware of the event. http://bit.ly/2BQtEi4
Start doing business.
Every day we help over 70 businesses do business. If you want to know more about how we can help, please get in touch.
Call us on 01780 758500
Contact usSmall business owners love us

Our Location
We are situated in a quiet location on Barn Hill, in the heart of the Stamford. On-site parking by arrangement, although we are only 2 minutes’ walk from nearby public car parks.
Orion House,Barn Hill,
Stamford,
Lincolnshire,
PE9 2AE
Monday - Friday: 9am - 5pm