CMA Systems
CMA Systems
  • Home
  • Solutions
    • Metering
    • Systems Integration
    • Control & Automation
    • Functional Safety
    • Consultancy
    • SCADA Systems
  • Capabilities
    • Approval & Appraisal
  • Projects
    • Abu Dhabi LNG Terminal
    • UK Compressor Sites
    • Water Pumping Stations
    • Biomethane to Grid
    • Tank Overfill Protection
    • Compressor Station
    • Magnet and Sensor Install
  • Contact Us
  • More
    • Home
    • Solutions
      • Metering
      • Systems Integration
      • Control & Automation
      • Functional Safety
      • Consultancy
      • SCADA Systems
    • Capabilities
      • Approval & Appraisal
    • Projects
      • Abu Dhabi LNG Terminal
      • UK Compressor Sites
      • Water Pumping Stations
      • Biomethane to Grid
      • Tank Overfill Protection
      • Compressor Station
      • Magnet and Sensor Install
    • Contact Us
  • Home
  • Solutions
    • Metering
    • Systems Integration
    • Control & Automation
    • Functional Safety
    • Consultancy
    • SCADA Systems
  • Capabilities
    • Approval & Appraisal
  • Projects
    • Abu Dhabi LNG Terminal
    • UK Compressor Sites
    • Water Pumping Stations
    • Biomethane to Grid
    • Tank Overfill Protection
    • Compressor Station
    • Magnet and Sensor Install
  • Contact Us

Cookies and Privacy Policy

 Cookies Policy:


Use of Cookies: The CMA Systems website uses only one cookie which counts the number of unique visitors to our website so we know how many people visit the website.  This is reported to us using our website dashboard.  The cookie is not used for anything else beyond this.  It does not use or store any personally identifiable information.  By visiting our website, we assume your consent to the use of this cookie.  CMA Systems does not record, store or process any personal data gained from this website.


GENERAL DATA PROTECTION REGULATIONS / DATA PROTECTION POLICY


General Statement of Duties and Scope


CMA Systems  is required to process relevant personal data regarding members of staff and customers as part of its operation and shall take all reasonable steps to do so in accordance with this Policy.


CMA Systems is not required to be registered with the Information Commissioners Office (ICO)


Data Protection Officer


Due to the nature of our business, we are not required to process large amounts of data classified within the special categories and therefore are not required to appoint a Data Protection Officer (see https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/data-protection-officers/).


The Managing Director of CMA Systems will endeavour to ensure that all personal data is processed in compliance with this Policy and the Principles of the General Data Protection Regulation (GDPR). The Freedom of Information Act 2000 and the Protection of Freedoms Act 2012 are also relevant to parts of this policy.


The Principles


CMA Systems shall so far as is reasonably practicable comply with the Data Protection Principles (the Principles) contained in the GDPR to ensure all data is:-


  • Fairly and lawfully processed
  • Processed for a lawful purpose
  • Adequate, relevant and not excessive
  • Accurate and up to date
  • Not kept for longer than necessary
  • Processed in accordance with the data subject’s rights
  • Secure
  • Not transferred to other countries without adequate protection


Definitions


  • Data Subject

An individual who is the subject of the personal data.


  • Personal Data

Personal data covers both facts and opinions about an individual where that data identifies an individual. For example, it includes information necessary for employment such as the member of staff’s name and address and details for payment of salary or an employees training records / exam results. Personal data may also include sensitive personal data as defined in the Act.  The processing of sensitive data is only relevant to our employees and relates only to the information necessary to manage HR functions within the business i.e. return to work, sickness and absence records etc.


  • Processing of Personal Data

Consent may be required for the processing of personal data unless processing is necessary for the performance of the contract of employment. Any information which falls under the definition of personal data and is not otherwise exempt, will remain confidential and will only be disclosed to third parties with appropriate consent.


  • Sensitive Personal Data

CMA Systems may, from time to time, be required to process sensitive personal data. Sensitive personal data includes data relating to medical information and criminal records and proceedings. This will only be used for performing business HR functions.


  • Business Data

Refers to the information required to conduct business operations.  This will include contact names and addresses of clients, banking details, quotation and market intelligence / customer relationship management information.  This data is gathered by ongoing business operations and consent for the storage of such data is implied by the data subject through the continuance / ongoing business transaction.


Right to opt out / destruction of information


Data subjects have the right to opt out of further correspondence with CMA Systems and should do so by emailing emilyscott@cmasystems.co.uk stating GDPR Opt Out in the subject field. Furthermore, in some instances, a data subject may make a reasonable request that data held by CMA Systems is destroyed.  This request should be made in writing to emilyscott@cmasystems.co.uk stating GDPR Destruction in the subject field.


Rights of Access to Information


Data subjects have the right of access to information held by CMA Systems, subject to the provisions of the GDPR and the Freedom of Information Act 2000. Any data subject wishing to access their personal data should put their request in writing to the Managing Director. CMA Systems will endeavour to respond to any such written requests as soon as is reasonably practicable and in any event, within the timescales stated within the GDPR.  There will be an administration fee payable to CMA Systems for the processing of this information.


Exemptions


Certain data is exempted from the provisions of the GDPR which includes the following:-


  • National security and the prevention or detection of crime
  • The assessment of any tax or duty
  • Where the processing is necessary to exercise a right or obligation conferred or imposed by law upon the company, including Safeguarding and prevention of terrorism and radicalisation


Accuracy


CMA Systems will endeavour to ensure that all personal data held in relation to all data subjects is accurate. Data subjects must notify the company of any changes to information held about them. Data subjects have the right in to request that inaccurate information about them is erased. This does not apply in all cases, for example, where records of mistakes or corrections are kept, or records which must be kept in the interests of all parties to which they apply.


Enforcement


If an individual believes that CMA Systems has not complied with this Policy or acted otherwise than in accordance with the GDPR, the member of staff should utilise the company grievance procedure and should also notify the Managing Director.


Data Security


CMA Systems will take appropriate technical and organisational steps to ensure the security of personal data. All staff will be made aware of this policy and their duties under the GDPR. CMA Systems and therefore all staff are required to respect the personal data and privacy of others and must ensure that appropriate protection and security measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to all personal data. An appropriate level of data security must be deployed for the type of data and the data processing being performed. In most cases, personal data must be stored in appropriate systems and be encrypted when transported offsite.


External Processors


CMA Systems will ensure that data processed by external processors, for example, service providers, Cloud services including storage, web sites etc. are compliant with this policy and the relevant legislation.


Secure Destruction


When data held in accordance with this policy is destroyed, it must be destroyed securely in accordance with best practice at the time of destruction.


Retention of Data


CMA Systems may retain data for differing periods of time for different purposes as required by statute or best practices. Other statutory obligations, legal processes and enquiries may also necessitate the retention of certain data.


Employee personal data will be retained for 6 years past the last day of employment.


Business data will be retained for 7 years or as dictated by HMRC or other statutory body


Issue Date: 08 October 21

  • Contact Us
  • Privacy Policy

CMA Systems Limited

Unit 2, Cherry Tree Business Park, Estate Road No. 5, Grimsby, DN31 2TX

Copyright © 2023 CMA Systems - All Rights Reserved.

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept

Appraisal & Approval

CMA Systems can now offer Software Engineering Appraisal & Approval.

Learn more