Site Access Privacy and Information Security Policy

1. Purpose

The purpose of this policy is to outline COOMBES’ privacy policy and approach to information security management and to enable all employees to understand their responsibility concerning the use of IT equipment and the company’s network.

2. App ‘Site Access’ Privacy Policy

COOMBES Group is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application ("COOMBES Site Access app"). By using the COOMBES Site Access app, you agree to the collection and use of information in accordance with this policy.

‍

‍Information We Collect

‍2.1 Personal Information

Location Data: We collect precise location data from your device to monitor and log your location for safety purposes. This collection occurs both when the app is in use (foreground) and when running in the background. This is necessary to provide real-time tracking and support in case of emergencies.

2.2 Non-Personal Information

Usage Data: We may collect non-personal information about how the COOMBES Site Access app is accessed and used. This may include information such as your device's Internet Protocol (IP) address, device type, operating system version, and usage statistics.

‍

‍3. Location Data

‍3.1 Collection of Location Data

The COOMBES Site Access app collects precise location data from your device when the app is running in the foreground or background. This is necessary to monitor and log your location for safety purposes, ensuring we can provide real-time tracking and support in case of emergencies.

3.2 Use of Location Data

The location data we collect is used for the following purposes:Safety Monitoring: To ensure the safety of our employees and subcontractors by providing real-time location tracking. Logging and Reporting: To maintain a log of movements for compliance and safety audits. Emergency Response: To facilitate quick response in the event of an emergency.

3.3 Sharing of Location Data

We do not share your location data with third parties, except in the following circumstances:With Your Consent: We may share location data with third parties if you have given us explicit consent to do so. For Legal Reasons: We may disclose location data if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency). For Safety and Security: To protect the safety and security of our employees, subcontractors, and the public.

3.4 Retention of Location Data

We retain location data only for as long as necessary to fulfil the purposes outlined in this policy, or as required by law. Once location data is no longer needed, we will securely delete or anonymize it.

3.5 Security of Location Data

We implement appropriate technical and organizational measures to protect the location data we collect and process. This includes encryption, access controls, and regular security assessments.

3.6 Your Rights

You have the following rights regarding your location data:Access: You can request access to the location data we hold about you. Correction: You can request correction of any inaccurate location data. Deletion: You can request deletion of your location data, subject to legal and contractual restrictions.

3.7 User Control and Transparency

Users have control over their location data settings within the COOMBES Site Access app. You can enable or disable background location tracking through the app’s settings at any time. We will provide clear and prominent disclosures about our location data practices, including how and why we collect, use, and share this data.

4. User Consent

Before collecting location data, we will obtain your explicit consent. This consent will be collected through a clear and non-deceptive request, ensuring you understand the purpose of the data collection and how it will be used.

5. Compliance with Legal Requirements

We ensure that our data collection practices comply with all relevant local and international laws and regulations regarding data privacy and protection.

6. Contact Us

For any questions, please contact us through the following methods:Name: COOMBES Group

Address: Unit 6 New Buildings Farm, Winchester Road, Petersfield, GU32 3PB

Email: enquiries@coombesgroup.com

Website: www.coombesgroup.com

Phone: 01730 231761

7. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the effective date at the top. You are advised to review this Privacy Policy periodically for any changes.

3. Security of IT Equipment and Data

• Employees must endeavour to safeguard   any IT equipment assigned to them and make every effort to prevent theft and damage
• Vandalism of, or otherwise intentionally interfering with the company’s computer network, equipment or data constitutes a gross misconduct offence and may result in disciplinary action
• Laptops must be kept in a secure place when taking away from the company premises. They must not, for example, be left in vehicles overnight or in other places where they are likely to be at risk of theft or damage
• Loss, theft or damage to IT equipment or data storage devises must be reported immediately to the company
• Employees have a responsibility for ensuring the safeguard of company data, which includes data relating to clients, suppliers and employees. Portable devices such as memory sticks or tablets should be kept in a secure place at all times, as they are likely to hold company data. The loss of data and IT equipment is a serious matter and employees must always ensure that safeguarding this is a priority
• Storage of data on local PC/Laptop drives is discouraged as these drives are not backed up and data could be lost in the event of a drive failure. Ensure important documents are served in the correct network location
• Technology assets provided by COOMBES upon or during employment must be returned in good working condition at the end of the end of that employment, with no information having been removed from devices without prior permission
• The following activities are expressly prohibited:

a)The introduction of network monitoring or password detecting software on any COOMBES user machine or part of the network

b)Seeking to gain access to restricted areas of the network

c)The introduction of any form of computer virus

d)Other hacking activities

e)Storage of personal files (documents, music, videos, photographs) on the network

f)Storing company information on, or sending it to, personal accounts, devices or unauthorised cloud services

g)Knowingly seeking to access data which you know, or ought to know, to be confidential and therefore would constitute as unauthorised access.

• Allowing a Third Party to remotely access the company network, your workstation, or any other device on the network is strictly forbidden without the authorisation of the CTO or a Director
• Your PC/workstation will be installed with the company’s choice of software to enable you to perform your role to the best of your ability. It is forbidden for employees to attempt to add, remove or modify software, systems, programs, information or data installed on their PC/workstation (except as authorised in the proper performance of your duties)
• Employees must ensure adequate care is taken when printing information which contains client, supplier or employee information and always be mindful of the General Data Protection Regulation (GDPR)
• Printouts containing sensitive information relating to employees, contracts or financial information must be stored securely and securely disposed of (shredded waste collection units) when no longer required
• You must not attach any device or equipment including mobile phones, tablet computers or USB storage devices to our systems without authorisation from your manager
• We monitor all emails passing through our system for viruses. You should exercise particular caution when opening unsolicited emails from unknown sources. If an email looks suspicious, do not reply to it, open any attachments or click any links in it.

‍