Best Business Services Ltd t/a Best Reception Fair Processing Notice

Please see below for details of Best Reception’s Fair Processing notice and confirmation of compliance re GDPR.

Last Update: 01/05/2018

Data Protection Officer: Andy McKenna

Statement of Compliance:

1) Personal Data: We do hold and process personal data on behalf of our customers

2) Databases: We do NOT supply any databases

3) We are based in the UK (29 Tamworth Road, Hertford, SG13 7DD)

4) Joint Processors:

  1. With the exception of clients to whom we provide a 24/7 service, there are no joint data processors.
  2. For our clients who DO require a 24/7 service, calls outside of our standard working hours are handled by All Day PA (Isher House, Isher Business Park, Peel Cross Road, Manchester, M5 4DT, U.K. Reg No: 03908228)
  3. For clarity, if you have a 24/7 service, you will be aware of this already and will have expressly requested this additional service.

5) Special categories of data: Given the broad nature of our service provision, dependent on your specific requirements, it is possible that we may be processing Special Categories of data on your behalf.

6) Data Security: We have appointed a Data Controller, who is responsible for ensuring that we are meeting the requirements of GDPR, and that measures are in place to minimise the risk of a data breach

7) In the unlikely event of a data breach, we have a documented process in place to;

  1. Notify the controller (i.e. you) without undue delay
  2. Notify the ICO (if applicable)

8) Data Subject Rights: We have a documented policy and procedure for handling subject access requests (SARs) and we will assist you with any reasonable request to comply with the above.

9) Erasure and Rectification: As stipulated in our terms, we will delete or return personal data unless it is required by law to retain such personal data or has some other good and sufficient justification for retaining such personal data.  Additionally;

  1. We are currently working with our call handling software provider to enable anonymisation of data
  2. Data obtained in handling your calls will be used solely for the purpose in which it is intended (i.e. communicating with you and your organisation). We will NEVER use data that we obtain from handling your calls for any other purpose than providing a service to you.

10) International data.  With the exception of communicating with our Customers who are based outside of the UK, no data is transferred outside of the UK.  Only data relating to the customer’s service will be transferred and the only recipient will be the Customer or specific individuals upon the request of the Customer.

11) Our Suppliers and Sub-Contractors.  We require the same high levels of compliance from our suppliers.  We will ensure that all our Suppliers who have potential access to any data covered GDPR have confirmed their compliance.  We will restrict access to any suppliers who are not able to confirm.