All privacy, policy and GDPR documents are subject to updates and changes at the discretion of The Hi-Fi Hospital Ltd.
This privacy policy sets out how The Hi-Fi Hospital Ltd uses and protects any information that you give The Hi-Fi Hospital when you use this website.
The Hi-Fi Hospital is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.
The Hi-Fi Hospital may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 01/05/2018.
What we collect
We may collect the following information:
- Name
- Contact information including email address
- Post code and address
- Other information relevant to the supply of our repair and collection service.
What we do with the information we gather
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
- Internal record keeping.
- To provide the services requested by our customers to include but not limited to collection and return service by third party couriers.
- We may use the information to improve and provide our products and services.
- Subject to GDPR EU regulations we may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
- To ensure quality control and customer satisfaction we may use your information to contact you for quality assurance purposes. We may contact you by email, phone, fax or mail. We may use the information to customise the website according to your interests.
- If a customer requests a collection or return service their contact information may be shared with a third party courier company to provide this service.
Security
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
How we use cookies
The site may use cookies.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Controlling your personal information
We will not knowingly sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.
If a customer requests a collection or return service their contact information may be shared with a third party courier company to provide this service.
You may request details of personal information which we hold about you under the Data Protection Act 1998. A small fee will be payable. If you would like a copy of the information held on you please write to The Hi-Fi Hospital.
If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.
The Hi-Fi Hospital Ltd. GDPR Policy Document
**This document is available for inspection at our premises, on our website and via upon request
Index of contents
- Fair processing policy
- Storage and access policy
- Personal data audit & retrieval process
- Destruction of data
- Employees
Fair processing policy
What data to we collect?
- Name
- Postal address
- Telephone number(s).
- Email address.
- Transcript of the summary details of any contact between you and us.
- Closed circuit video image.
- Credit card data.
- Telephone messages.
- Telephone conversations.
How do we collect it?
All the following data gathered is initiated by you the customer;
- Telephone call.
- Web site contact form.
- In person at our premises or concession stand.
- Inbound electronic mail, social media or IMS.
- SIP voice recorder, voicemail services or answering devices.
- Patrons are required to read and accept the terms of service when booking a service using our online presence. All tick boxes are configured for positive opt in functionality.
Why do we need your data?
- We use your data exclusively to keep you informed about your current contract(s).
- We never disclose your data to third parties without your explicit permission and only then for the purposes of supporting the current contract(s).
- In order to provide a collection and return service your contact details are required. This information may then be shared with a third party courier company to provide the service requested.
- We will never sell your data.
- The nature of our business (service, maintenance) requires that we retain concise details of all interactions with our customers. These details refer to the reports, advice and actions carried out by us. They include requests, instructions and comments made by our customers, suppliers and current and historical clients. They do not include personal preferences, affiliations, belief systems, gender, sexuality or political persuasions of any kind.
- Details of any disputes however arising are retained for a period of seven years. This is in accordance with the statuary requirements.
- Compliance with Revenue, Companies registration office, Central statics office or any other statutory bodies.
Fair processing policy continued
What data do we delete?
- Credit card data;
Our, AIB operated, credit card machine prints two copies of each receipt. The customer copy is transferred to the customer in person, via post or courier where possible. If it is not possible to transfer the customer copy it is destroyed using the destruction of data policy. The merchant copy is attached to a copy invoice and retained for audit purposes.
We do not retain any other record of credit card numbers once the transaction is complete. Each sequential transaction requires repeat acquisition of the data.
- Closed circuit television images;
For insurance purposes our monitoring system records all visitors to our premises. Images are captured at a resolution of 1920 x 1080 with a frame rate of 12 frames per second 16 bit colour. Images are deleted on a rolling FIFO (First In First Out) basis with a 14-day period. In the event of security incident images are downloaded from the CCTV server to portable media for the purposes of a Garda investigation. Media is stored in the H.264 codec.
Images are captured in three primary locations;
- Parking area in front of the building.
- Doorbell
- Reception
On occasion patrons request use of the private WC. In these circumstances a forth image is captured in the hallway outside the WC.
In addition, there are cameras located in all offices, common areas, workshops, rear lane and warehouses. However, there is no public access authorised in these areas.
Voice
- We may on occasion record inbound or outbound telephone conversations for the purposes of training or quality control. These recordings are performed on a local server in the G.729 codec. They are deleted on a FIFO (First In First Out) basis on a 14-day period. We may retrieve certain calls or messages as they relate to a dispute, contract or permission. All parties are made aware of the presence of recording equipment in advance of any interaction.
Storage and access policy
Soft data
Infrastructure
We operate a secure IT infrastructure at our premises with the following security features;
- Up to date firewall.
- Segmented WIFI VLAN with 128-bit WPA and 256-bit AES.
- User level password protected workstations.
- VPN with IPsec.
- Thin client type data store with no personal data stored on workstations.
- Our public office (Reception) workstation has a lock screen timeout of 180 seconds.
On-site storage
All personal data is retained on a NAS (Network Attached Storage) device with the following security measures.
- Raid 5.
- 256bit AES encryption.
- NAS located in a comms rooms rack with a locking front door.
- Comms room is protected by a locking door with self-closing feature.
Off-site storage
We use Dropbox’s cloud business service. This allows for the following backup features;
- Double encryption is deployed.
- All back up sets are first encrypted on site using 256-bit AES.
- Transported via WAN to a fully encrypted cloud folder with 256-bit AES.
- Administrator only access privileges.
Portable devices
- We operate various portable devices from smartphones to laptop computers.
- Portable devices do not store personal data.
- Each device connects to the office network using a secure VPN (IPsec).
- Each device is controlled under a remote administration policy which provides for remote deletion of all log on data.
- Each device stores log on data in an encrypted folder.
- An audit log is retained for all devices connecting to the network. This log details user authentication, inbound IP address, date stamp for connection, date stamp for disconnection, location data and total payload.
- Each device employs a 6-digit pin with a lock screen timeout of 15 seconds.
Hard data
Document storage
All hard data is stored in level arch files, cabinets or banker’s boxes. We have a central records room. This room is located on site. The room is protected by a locked door with self-closing feature. There is only one access point to the room. The public have no access to this room.
Paperwork in the following forms are retained;
- Supplier invoices.
- Customer invoices.
- Outbound marketing material.
- Inbound marketing material.
- Legal documents.
- Any document pertaining to compliance requirements with Revenue, Companies registration office, Central statics office or any other statutory bodies for the prevailing compliance period.
This is not an exhaustive list.
Personal data audit & retrieval process
All staff receive continuous training in the handling, acquisition and retrieval of personal data.
A custom designed relational database is deployed to manage all soft personal data. It has the following features;
- Datasets are in the .db form and allow for incremental updates.
- Daily checksum calculations confirm integrity of dataset
- Each record requires a mandatory automatically generated unique ID.
- All entry fields are searchable independent of one another.
- Data is acquired from the data store in real time, no local caching is possible.
- All printed materials relating to each record display the unique ID.
- Hard copies are stored in a contagious manner ordered by date of acquisition.
We have developed the following processes to retrieve single datasets. The nature of our data store facilitates these processes in a timely manner and well within the mandated 30-day period.
Personal data request process;
Step 1. Verify the bona fides of the applicant using the unique data on file.
Step 2. Input the search parameters into the database (name, address, phone number, email etc.).
Step 3. Export results to a CSV (Comma Separated Values) spreadsheet.
Step 4. Generate a PDF document from a prescribed template detailing each field in easy to read clear text using the CSV file.
Step 5. Deliver the PDF to the applicant.
Step 6. Confirm receipt.
Personal data update or correction process;
Step 1. Verify the bona fides of the applicant using the unique data on file.
Step 2. Request written details (Email, postal service) of the changes required from the applicant.
Step 3. Input the search parameters into the database (name, address, phone number, email etc.) for the relevant dataset.
Step 3. Make all amendments requested to all relevant datasets.
Step 4. Export the new results to a CSV (Comma Separated Values) spreadsheet.
Step 4. Generate a PDF document from a prescribed template detailing each field in easy to read clear text using the CSV file.
Step 5. Deliver the PDF to the applicant.
Step 6. Confirm receipt and request verification of accuracy.
Personal data ‘right to be forgotten’;
Step 1. Verify the bona fides of the applicant using the unique data on file.
Step 2. Input the search parameters into the database (name, address, phone number, email etc.) for the relevant dataset.
Step 3. Export the results to a CSV (Comma Separated Values) spreadsheet.
Step 4. Carry out the deletion function of the database (requires administrator level privileges).
Step 5. Repeat step 2 to verify all data has been deleted.
Destruction of data
Soft data
- Encrypted backup sets are updated on an incremental basis each day. A verbose set is created every 14 calendar days. The old backup set is deleted during the over write process.
- EOL life hardware is formatted, defaulted and recycled under the WEEE regulations.
- In the event of a contract cessation and termination of service with cloud-based providers all files are deleted, all indexes removed, and accounts deleted.
Hard data
- All documents no longer required are shredded in a machine compliant with current regulations.
- Shredded materials are deployed as packing or recycled.
Employees
- All staff are required to read, understand and accept the company training manual in advance of commencing employment.
- The manual includes a copy of the company privacy policy.
- Training is provided on an ongoing basis to all staff members in the acquisition, processing, editing and deletion of personal data in compliance with the company privacy policy.
- All staff payment information is retained in a secure online banking system operated by AIB. Access is only available to administrator level privileges with triple security features.
- We do not retain any hard or soft copies of employee financial details on site.
- The company does not employ the use of biometric data to provide access, time keeping, security or log on details.
- Portable devices are issued with user level authentication.
E&OE