Privacy Notice
Effective date: 1st June 2024
Who are we?
We are Firemelon Ltd, registered at Companies House under number 03650601.
We are based at:
5th Floor, Moneda House
25-27 Wellington Place
Belfast
BT1 6GD
Our DPO can be reached by emailing DPO@firemelon.com
In the most part, Firemelon acts as a Processor only. That means when we process personal data, we are doing so purely on the instruction of another company (the Controller). That company is likely to be the one that you have taken out/or are planning to take out insurance with. To find out more about how your data is protected by them, you should contact them directly.
We are registered with the ICO as a fee payer under number ZA107210. We have chosen to appoint a Data Protection Officer because we process a lot of data on behalf of other companies and we want to ensure that we are protecting data at all times, in the course of our services.
Firemelon Ltd, does on occasion, act as a Controller. This is only for the data that we process for our day-to-day internal business operations. It is a small amount of data, and we keep to a minimum the information we hold about you. This privacy notice refers to the data we process as a Controller only. Our website is intended for existing/potential clients, suppliers and employees to browse. We don’t generate any logs or issue any cookies and we don’t capture or store any information of any kind through this website.
Your rights
As a data subject you have rights in respect of our processing of your personal data:
- Right of access: You can request access to a copy of the personal data which we hold about you, as well as details about why and how we use it;
- Right to rectification: You can ask us to change or complete any personal data we hold about you which is inaccurate or incomplete;
- Right to be forgotten/erasure: You have a right, under certain circumstances, to ask us to delete any personal data we hold about you. Please note that there may be situations where we must retain your personal data after a request for erasure where we have a lawful basis for doing so;
- Right of restriction: You can ask us to restrict (i.e. prevent) the processing of your personal data where you have objected to our use of it and we have no lawful basis to continue processing your personal data;
- Right of data portability: In certain circumstances, you can ask us to transfer the data we hold about you to another service. This would be sent in a structured, commonly used, electronic form;
- Right to object: You can object to us using your personal data for particular purposes; and
- Automated decision making: You have a right not to be subjected to automated decision making and profiling in certain circumstances.
If you want to exercise any of these rights, please just contact us on DPO@firemelon.com
You also have the right to lodge a complaint about our processing with a supervisory authority — in the UK that is the ICO whose details are here: https://ico.org.uk/global/contact-us/postal-addresses/
Data sharing and transfer
Like most companies, we use a number of other companies as part of our data processing, for example cloud services and technology services. We have Data Processing Agreements in place with these providers to ensure that your data is processed in compliance with the law and only upon our instruction. We never sell your data.
Where data is transferred outside of the UK and EEA, we ensure that appropriate protection and mechanisms are in place, for example EU Standard Contractual Clauses or the UK International Data Transfer Agreement/Addendum. When we rely on these, we also carry out due diligence and transfer impact assessments to ensure they provide enough protection within the local legal framework. If data is transferred from the UK to the EEA then it is done so on the basis of those countries having a comparable data protection regime to the UK (adequacy).
Automated decision making
We do not use your personal data in automated processes to make decisions about you.
Technical and operational security
At Firemelon all our employees are trained in data privacy on a regular basis. All our data and devices are encrypted. We maintain up to date anti-virus and anti-malware protection.
What happens if our business changes hands?
We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, depending on the lawful basis, be permitted to use that data only for the same purposes for which it was originally collected by us.
In the event that any of your data is to be transferred in such a manner, you will be contacted in advance and informed of the changes.
Changes to our Privacy Policy
We may change this Privacy Policy from time to time (for example, if the law changes). We recommend that you check this page regularly to keep up-to-date. If we make any material changes to the manner in which we process and use your personal data, we will contact you to let you know about the change.
Contact us
We are happy to talk to you about how we process and protect data, just email us on DPO@firemelon.com
Tell me more…
To see more about how we use your personal data, read the notice or notices which apply best to your relationship with us:
Employee or Potential Employee Privacy Notice
If you are an employee, please refer to the document section of the PeopleHR system for information about how we use your personal data, or email us on DPO@firemelon.com
Supplier Privacy Notice
What data we hold
In some circumstances we will hold the following information about you:
- Your name and work contact information
- Your payment details
This data will have been sourced from you.
Using your information
Managing our relationship with you
We will use your data to manage our relationship with you, and to enquire about/buy products and services from you.
We also need to use your details to enter into and perform contracts with you, as well as keeping track of what we have agreed. In this case, the lawful basis for processing is Contract.
Dealing with your enquiry
If you give us a ring or make contact by email, we will follow up on your enquiry and see if there is a way in which we can help you. We keep a record of enquiries received, so that we know what we have said to whom. It is also legitimate for us to keep track of what we said to you, so we can understand further business need and plan our strategy accordingly. In this case, the lawful basis for processing is [Legitimate Interest].
Retention periods
We hold your data for as long as we have a relationship with you or think we might want to buy products or services from you, or unless we are required by law to hold it for longer, e.g. litigation.
Client or Potential Client Privacy Notice
What data we hold and how we use it
As one of our clients, we hold information that is needed to onboard you to our systems and fulfil our contract with you. This will be: your name and work contact information. This data will have been sourced from you. In this case, the lawful basis is Contract.
As a client or a potential client, we will use your contact details, including your LinkedIn profile, to stay in touch with you during the course of everyday business and to manage our relationship with you. This data will have been sourced from you, from LinkedIn, or from someone in your company who has passed us your details. If we received your details from someone other than you directly, we will contact you and let you know how we have received them. The lawful basis for processing is Legitimate Interest to keep in touch and manage our relationship with you; due to the nature of our existing relationship or your role, we think you wouldn’t be surprised to hear from us.
As a potential client, if you give us a ring or make contact by email, we will follow up on your enquiry and see if there is a way in which we can help you. The data will be: your name and work contact information, and details about your enquiry. This data will have been sourced from you. We keep a record of enquiries received, so that we know what we have said to whom. The lawful basis for processing is legitimate interest for handling your enquiries and informing you about services we believe will be of interest to you; based on the nature of your enquiry or your role, we think you wouldn’t be surprised to hear from us.
Retention of your data
We hold your contact data for the length of time that you are a client of ours, then another 7 years in case of any dispute (which we are sure there won’t be!)
In the 8th year, contact data is purged as an annual event.
Contact us
If you are a member of the public rather than a business entity, please contact your insurance, claims or assistance company, who will be the Controller, for any further information.
If you are a business who is a client of ours and want to talk to us about this, please email us on DPO@firemelon.com
Privacy Notice for Data Subject Rights requests
What data we hold
If you contact us to exercise a one of your rights as a data subject, we will hold the following information about you:
- Your name, how and when you contacted us, the nature of your request
- Any of your personal data that we process in order to handle your request
This data will have been sourced from you.
Using your information
We use this data to process your request. In this case, the lawful basis for processing is Legal Obligation.
Retention periods
The length of time we need to keep this data will depend on the nature of the request and the data involved.
Privacy Notice for visitors to the Firemelon office
What data we hold
If you visit us at our office we will hold the following information about you:
- Your name and organisation you work for
This data will have been sourced from you.
Using your information
We use visitor book data to know who’s on site in the event of an emergency and to help manage security at the office. In this case, the lawful basis for processing is Legitimate Interest, for keeping our site secure and our visitors safe.
Retention periods
We hold visitor book data for one year after the last entry in the book.