Skip links

Privacy & GDPR Policy

LCM Privacy & GDPR Policy

LCM provides commercial and public sector customers across the UK, with a range of fuel management services to minimise the risks associated with using and storing large volumes of fuel. As a responsible company, it is our duty to ensure that all of the activities we conduct are in accordance with both British and European Law to protect our customers, our prospective customers, our staff members and our company as a whole.

The following Privacy and Data Security Policy has been written in accordance with The Privacy and Electronic Communications (EC Directive) Regulations 2003 and the new EU General Data Protection Regulations 2018.

 

Data Processing, Storage and Security

What data do we process?

In LCM we collect and process a wide range of data for the purpose of the sale and supply of liquid fuel products and associated equipment and services (including tanks, and boiler servicing), to comply with legal obligations and to improve our products and services.

Some of this data we process is classified as personal data as it is used to identify an individual.

The types of data we store include:

Contact information (name, telephone, email etc)

Address information

Historical transactional information

Financial information (e.g. Credit information and information required for direct debits)

During our marketing activities, we regularly follow a process to remove “old” and “bad” data which either a) hold no purpose or b) is incorrect. This includes “bounced” email addresses.

At LCM we do not store what is commonly classed as “sensitive personal data” such as religious beliefs, trade union membership, political options, genetic data, biometric data or data relating to an individual’s sexual orientation.

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

 

Why do we store this data?

We store enough data to be able to operate our business. We do not store needless data such as a customer’s birth date or detailed information on their type of residence etc as this is not necessary to carry out our activities. At a quarterly meeting, we review the data that we store and decide if the stored/processed data is still necessary.

 

How long do we hold data?

We are bound by HMRC to store all historical sales data of liquid fuel for 7 years.

Prospective customer data is deactivated when the data processor identifies that there is not opportunity for the sale of our goods.

 

How do we keep this data secure?

Our systems are protected by a double firewall and our on-premise server is kept in a locked environment, the only member of staff to have access to this environment is our Technical Manager and our Commercial Director.

Excluding company directors and managers, staff are unable to access our transactional systems both remotely and outside of set company hours.

All staff passwords are changed on a regular basis to keep an individual’s system secure and staff members are instructed not to share their password with any other member of staff.

We have initiated a policy to ensure that all equipment that can be updated with the latest security protocols (provided by Microsoft and other vendors) is regularly kept updated.

A continuously updated log of all of our core ICT equipment which can access data is kept. This log includes the make, model and serial number of all of these devices and includes such things as laptops, servers, mobile phones etc.

To carry out our operations it is from time to time necessary to share our data with other suppliers who provide a service to our company. As part of preparation for GDPR all of our third-party data processors have been contacted to confirm that they have their own GDPR policies in place, this has been documented.

In relation to the transfer of data, under no circumstances do share our database with any third party for third-party sales and marketing purposes unless explicitly agreed by the data subject.

All of our websites in LCM Ltd (and the wider group of companies) have a Secure Sockets Layer (SSL) level of encryption.

We recognise that one of the easiest ways to fall fowl of proper data security is at a human hand. With this in mind, staff are trained to understand the importance of data security and how to perform their duties in a secure way.

 

Do we use cookies and do we collect data via web technology?

This website uses session cookies to allow you to carry information across pages of our site and avoid having to re-enter information. These cookies expire at the end of your visit to our website. You have the ability to accept or decline cookies by modifying the settings in your browser. However, you may not be able to use all the interactive features of our site if cookies are disabled.

Cookies are pieces of information that a website sends to your computer while you are viewing the LCM website. These pieces of information allow the website to remember important information that will make your use of that site more useful. Internet companies use cookies for a variety of purposes. We use cookies to help improve your visit.

You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Google Chrome, Netscape Navigator, Firefox, Microsoft Edge or Internet Explorer) settings. Each browser is a little different, so look at your browser’s Help menu to learn the correct way to modify your cookies. If you turn cookies off, you may not have access to some features that make your experience on our website more efficient and some of our services may not function properly.

We may collect some information about you using web technology, so it may not be readily apparent to you that it is being collected. For instance, when you come to our site your IP address is collected so that we know where to send the information you are requesting (web pages). An IP address is often associated with the place from which you enter the Internet like your ISP (Internet service provider), your company, or your school. This information is not personally identifiable.

 

What is our lawful basis to process this data?

The existing customer data that we process is done so under a combination of the “fulfilment of contract”, “consent of the individual” and “legitimate interest”.

Prospective customers’ data is processed by either “consent of the individual” or “legitimate interest”.

 

Data Processing Map

The core processing principles of the data processed within LCM are shown below.

Data Subjects Rights

How can your data be updated or amended?

At LCM we want to make sure that the information we process on a data subject is accurate. If a data subject wishes to update their data (for example, with a new contact number or a change of surname) this can be done with ease by contacting our Customer Experience team.

 

The right to be forgotten

A key part of the new General Data Protection Regulations is “the right to be forgotten”. Due to our HMRC obligations, we have interpreted this part of the legislation as an in essence “full unsubscribe” for customers. This means the “closing of an account” and the cessation of all further sales and marketing activities.

Throughout all of our digital marketing activities, we make the ability to unsubscribe from further communications readily available. It is not our company’s desire to provide sales and marketing messaging to individuals who do not wish to receive it.

 

What is our policy on a data subject’s request for information (subject access request)?

At LCM we acknowledge that if a subject access request is issued by the data owner we have up to one month to process this request and this cannot be chargeable.

The ability to extract a customer’s data for this very purpose has been incorporated into our core systems.

 

Contacts

If you have a question about this privacy and data security policy you can contact our Information Officer by the following methods:

Telephone: 0808 164 4570

Email: hello@lcmenvironmental.com

We store enough data to be able to operate our business. We do not store needless data such as a customer’s birth date or detailed information on their type of residence etc as this is not necessary to carry out our activities. At a quarterly meeting, we review the data that we store and decide if the stored/processed data is still necessary.