How Personally Identifiable Information is Processed

1. To agree that privacy means “data protection” and this privacy notice is kept under regular review and shall be improved from time to time.
2. To agree that if the improvements are significant, a prominent notice shall be posted on this Loxtra Auto Locksmith website for a reasonable time to notify visitors of these improvements.
3. To agree that unless and until a person objects using the Contact Us application, phone, email or post, all improvements shall apply to the existing information about that person that is already stored and the Personally Identifiable Information collected from the effective date of the revised privacy notice.
4. To encourage people to periodically review this Loxtra Auto Locksmith website in order to ensure that they are aware of the current Privacy Notice because when a person uses this website following the effective date of any improvement, that shall constitute acceptance of the current Privacy Notice.
5. To state that this privacy notice is what a person should expect when this Loxtra Auto Locksmith website collects Personally Identifiable Information and to act as evidence of compliance with UK laws such as General Data Protection Regulations article 5(2) accountability.
6. To confirm that this Loxtra Auto Locksmith web service is registered with the Information Commissioners Office with data protection registration number PZ9322564.

3. Glossary
1. PII means “Personally Identifiable Information” that may also be called personal data.
2. GDPR means “General Data Protection Regulations” as the legal obligation that all UK companies must comply with.
3. CUA means “Contact Us Application” as an online message service for visitors and approved people.
4. RFM means “Request Fulfilment Management” as the first and Second Level Support teams working 24*7 to resolve queries from visitors, registered and approved people.

4. People who are visitors
1. To state that when someone visits this Loxtra Auto Locksmith website, the “Visitor Analytic Service” (VAS) is used to collect standard internet log information and details of visitor behaviour patterns.
2. To know that analytics find out things such as the number of visitors to the various parts of this Loxtra Auto Locksmith website and this information is only processed in a way which does not identify anyone.
3. To state that no attempt is made to find out the identities of those people visiting this Loxtra Auto Locksmith  website.
4. To state that when Personally Identifiable Information needs to be collected, then the policy is to be honest, open and transparent in that personal information is being collected with an explanation of the purpose that the information is needed.
5. To know that this Loxtra Auto Locksmith website logs gather information such as IP address, computer type, screen resolution, OS version, domain name, location, timestamp, time spent on page, previous website name and an indication of transaction times.

5. People using cookies
1. To state that normal cookies stored in a computer browser are used to manage a persons requests in an effective way.
2. To be aware that cookies do not store any Personally Identifiable Information (PII) and only store encrypted information that cannot be used by others.
3. To be aware that session cookies are erased when a person signs out or closes their browser.
4. To state that persistent cookies are stored for a longer period to remember a persons preferences and options.
5. To grant people have the right to configure their browser to decline cookies and that would mean that a the persons preferences would not be remembered.

6. People using the search facility
1. To state that this Loxtra Auto Locksmith website has a “Public Search Facility” (PSF) where search queries and results are logged anonymously to help improve the website and search functionality.
2. To know that no person-specific data is collected by the search facility.

7. Security notice
1. To state that this Loxtra Auto Locksmith website is protected with a “Public Security Service” (PSS) to help maintain the security and performance of the website.
2. To deliver this service, the IP addresses of visitors to this Loxtra Auto Locksmith website are processed.
3. To know that Personally Identifiable Information is only transacted using encrypted communications and is only stored using replicated encrypted data stores.

8. Published Content notice
1. To state that a policy is to dynamically publish content from an internal “Published Content Service” (PCS) to minimize the threat of corruption.
2. To know that for privacy reasons and to prevent data leaks, the names of people and organisations are normally not published.
3. To minimize the use of first person “we” and “our” because privacy of business information is a asset shared between trusting parties.
4. To assert that the objective of privacy is to prevent identity theft, but it is understood that some people will trade their privacy for fame in an egotistical moment, but this private website should minimize such a threat.

9. Links to other websites notice
1. To state that a policy is to rarely provide links to other websites because it is not possible to control what other websites do or say.
2. To have an objective to deploy a complete and correct service with internal links to a large number of safe and secure web pages with no dependency on other websites that may not always be operational.

10. Legal Jurisdiction notice
1. To state that this Loxtra Auto Locksmith website is subject to the laws of England and does not represent or warrant that this Loxtra Auto Locksmith website is appropriate or available for use on any other jurisdiction.
2. To state that those people that choose to use this Loxtra Auto Locksmith website do so on their own initiative and at their own risk, and are responsible for complying with all local laws, rules and regulations.
3. To state that from time-to-time, it may become necessary to limit access to any person, geographic area or jurisdiction for legal reasons.

11. People who use the Contact Us Application
1. To know that this Loxtra Auto Locksmith website collects information volunteered by members of the public using the “Contact Us Application” (CUA).
2. To know that a message may be directed to a specific Officer such as the Data Protection Officer or may be a more general request to the Request Fulfilment Management team.
3. To be aware that these messages are encrypted so they cannot be stolen and replicated so they cannot be lost.
4. To suggest that it is safe and secure to include private, confidential and sensitive information when using the Contact Us Application because messages are only disclosed to the Request Fulfilment Management team who only processes personal information in line with documented instructions and have committed themselves to privacy with a service agreement.
5. To know that the Contact Us Application has a built-in escalation facility to bring the message to the attention of an Officer if the message is not responded to within 25 hours, and that unless there are legal reasons not to do so, online messages are automatically erased inline with the retention notice.

12. People who use email
1. To confirm that any email sent to this Loxtra Auto Locksmith website, including any attachments, shall be monitored and used for reasons of security in compliance with the electronic communications policy.
2. To be aware that Email monitoring or blocking software, including Sender Policy Framework, Domain Keys Identified Mail and Domain-based Message Authentication Reporting and Conformance (DMARC) shall be used.
3. To be aware that any email will be copied and uploaded as a new message into the Contact Us Application where it can be processed by the Request Fulfilment Management team in the normal way.
4. To confirm that once an email becomes an online message the email is erased so that by the end of every day, all emails shall have been automatically erased.
5. To confirm the no email can exist for more than a few hours.
6. To recommend that private, confidential and sensitive business information is never leaked by an email message and the Contact Us application is recommended to keep business information private.
7. To be aware that the sender has a responsibility to ensure that any email sent is not offensive and is within the bounds of the law.
8. To assume that all emails are phishing attacks until the sender provides evidence to the contrary because an approved person would use the Contact Us application and would not wish to leak business information by email.

13. People who use the phone
1. To confirm that when a person phones the “First Level Support” (FLS) team the message is recorded and Caller Line Identification (CLI) information is collected. To protect the First Level Support term from intimidation and impersonation by minimizing interaction and simply collecting a message.
2. To know that the phone message shall be transcribed as a new message into the “Contact Us Application” where it shall be processed by the “Request Fulfilment Management” team in the normal way.
3. To confirm that once the information collected by “First Level Support” team has been transcribed as an online message that information shall be automatically erased within 24 hours.
4. To recommend that private, confidential and sensitive business information is not leaked by a phone message and to recommend that the contact Us message application is deployed.
5. To be aware that the caller has a responsibility to ensure that any message is not offensive and is within the bounds of the law.
6. To assume that all phone calls are phishing attacks until the caller provides evidence to the contrary because an approved person would use the Contact Us Application rather than leak business information in a phone call.
7. To protect and as a duty of care to people answering the phone from abuse, intimidation and impersonation, “First Level Support” team do not have access to any private website data and cannot access any personal information.
8. To grant the “First Level Support” team access to a vast library of published web pages that offer advice and guidance on how application services may be used, but are not responsible for education.

14. People who use the post
1. To confirm that any postal communication shall be scanned as attachments to a request using the “Contact Us Application” where it shall be processed by the Request Fulfilment Management team in the normal way.
2. To confirm that once a letter becomes an online message it is shredded so that by the end of every day, all paper documents will have been shredded.
3. To be aware that the author has a responsibility to ensure that any letter is not offensive and is within the bounds of the law.

15. People who make a complaint
1. To confirm that when this Loxtra Auto Locksmith website receives a complaint it is processed via the “Contact Us Application” by the “Request Fulfilment Management” team to process in the normal way.
2. To expect a complaint to contain the identity of the complainant and any other individuals involved in the complaint.
3. To expect personal information collected shall only be used to process the complaint and to check on the level of service provided.
4. To expect the “Request Fulfilment Management” team usually have to disclose the complainants identity to whoever the complaint is about.
5. To expect this to be inevitable where, for example, the accuracy of a persons record is in dispute.
6. To ask that when a complainant does not want identifying information to be disclosed, the “Request Fulfilment Management” team will try to respect that, however, it may not be possible to handle a complaint on an anonymous basis.
7. To know that complaint information is retained in line with the enclosed retention notice and that complaints are retained in secure data centre environments and access is restricted according to the “need to know” principle.
8. To confirm that a person is able to make a complaint to the Information Commissioners Office and similarly, where inquiries are submitted, the Request Fulfilment Management team will only use the information to deal with the inquiry and any subsequent issues.
9. To confirm that periodically statistics are compiled and published showing information like the number of complaints received, but not in a form which identifies anyone.
10. To set an objective to meet the highest standards of data protection when collecting and using personal information where people are encouraged to send an online message if they think that collection or use of information is unfair, misleading or inappropriate.
11. To welcome suggestions for improving these procedures.
12. To confirm that this privacy notice was drafted with brevity and clarity in mind and does not provide exhaustive detail of all aspects of collection and use of personal information.
13. To ask that where additional information or explanation needed, please make a request using the Contact Us Application that is safe and secure.
14. It may be necessary to disclose Personally Identifiable Information to a third party;
    (1) if it is required to do so by law,
    (2) to comply with a legal process,
    (3) to comply with governmental requests,
    (4) to prevent, investigate, detect or prosecute criminal offenses or attacks on the technical integrity of this Loxtra Auto Locksmith website or network,
    (5) to enforce terms and conditions or
    (6) to protect the rights, privacy, property, business or safety of this Loxtra Auto Locksmith website, its people or the public.

16. Disclosure notice
1. To know that it may be necessary to share some personal information with other parties such as suppliers and vendors when broking a price for a service.
2. To confirm that any personal information disclosed shall be explained to that person in advance and subject to their formal consent that may be withdraw at any time.
3. To understand that some people have traded their privacy for fame and are comfortable for identity thieves to know their date of birth and birth of their children.

17. Retention notice
1. To confirm that this Loxtra Auto Locksmith website uses an “Expired Information Erasure” (EIE) Service that ensures that Personally Identifiable Information is only retained for as long as it is necessary to fulfill the purposes that it was provided.
2. To confirm that unless required for legal reasons, information is automatically erased seven years after the information process was last used.
3. To comply with GDPR article 5(1e) storage limitation is deployed with this retention notice and automated services to erase expired information without human decision making or forgetfulness.

18. Cross Border Transfer notice
1. To deploy an objective that Personally Identifiable Information shall not be transferred across any national border and outside the UK.
2. To guarantee data sovereignty because all Personally Identifiable Information is pseudonymised and replicated encrypted data making it unintelligible, meaningless and worthless.
3. To plausibly state that Personally Identifiable Information is not stored (in any meaningful way) and so it cannot be transferred.
4. To comply with GDPR articles 44 to 50 by not storing any data that can be identified as personal because all stored data is encrypted.

19. Adult notice
1. To set an objective that Personally Identifiable Information is only processed for people who are an adult (of legal responsibility) and will not process any information about a child or young person that needs the consent of a guardian.
2. To minimize the cost of doing business, the special legal processing for people who are not an adult has been eliminated.
3. To contract all staff and business associates to confidentiality with a service agreement, that they must be an adult who are legally able to commit to such an agreement.
4. To require all customer, supplier and business associate contact people who consent to the processing of their personal data must be an adult who is legally able to consent to such processing.
5. To know that it would be contrary to GDPR article 5(1c) as excessive to store a persons date-of-birth just to verify that the person is an adult so the only purpose to store a persons date-of-birth would be to discriminate against them based on their age – that would be illegal and the person could claim damages for ageism.
6. To confirm that where an Intern is hired before the age of 18, the persons guardian must consent and counter-sign the persons service agreement. To be aware that people who are below the age of 18 are discriminated against with a lower income and the need to have another person act as their legal guardian.

20. People who request a document
1. To confirm that this Loxtra Auto Locksmith website is uses a “Document Subscription Service” (DSS) to send electronic messages and documents to people.
2. To use the term “subscription” in this context means that people must consent to opt-in and subscribe; and may withdraw their consent with opt-out and unsubscribe.
3. To provide the “Document Subscription Service” ensures that a person must formally opt-in and consent to access a message before that message is accessed.
4. To know that the “Document Subscription Services” ensures that every message includes an “unsubscribe” link for a person to opt-out and withdraw their consent to being sent such a message.
5. To gather statistics around email opening and links using industry standard technologies including clear images to help monitor and improve message and document flow.
6. To store encrypted Personally Identifiable Information for the people who have requested the service in order to provide this service, however, this Loxtra Auto Locksmith website only use these details to provide the service the person has requested and for other closely related purposes.

21. People who are job applicants, current and former employees
1. To confirm that when people apply to work, they can apply directly to the applicable Officer using the “Contact Us Application” that is always available.
2. To confirm that the Personnel Director team will only use Personally Identifiable Information to process the application and to monitor recruitment statistics.
3. To know that where the recruitment procedure needs to disclose information to a third party, for example when to take up a reference or obtain a “disclosure” from the Disclosure and Baring Service (DBS); the recruitment procedure will not do so without informing thee person beforehand (unless the disclosure is required by law).
4. To know that personal information about unsuccessful candidates will be held according to the retention notice after the recruitment procedure has been completed.
5. To know that de-personalised statistical information about applicants is retained to help improve recruitment activities, but no individuals are identifiable from that data.
6. To confirm that once a person has taken up employment, the Personnel Directors team will maintain encrypted information about that person in safe and secure electronic environments.
7. To secure the information stored so it is kept secure and will only be used for purposes directly relevant to that persons employment. To know that once their employment has ended, the personal data will be retained in accordance with the requirements of the retention notice.

22. People who access their own personal information
1. To set an objective to be open, honest and transparent in terms of giving people access to their own Personally Identifiable Information using a Digital Wallet Application.
2. To grant people the right to find out if their Personally Identifiable Information is stored by sending a “subject access request” via the Contact Us Application.
3. To confirm that when information is stored about a person then that person will be given an access code that grants them access:
    (1) To view their Personally Identifiable Information as GDPR Article 15 Right of Access.
    (2) To view a detailed description of that information.
    (3) To view why it is being held and when it will be erased.
    (4) To be told who it could be disclosed to.
    (5) To let them download a copy of the information in an intelligible form as GDPR Article 20 Right to data Portability.
    (6) To let people rectify any errors or omissions as GDPR Article 16 Right to Rectification.
    (7) To let people erase their own information when they withdraw consent for it to be used as GDPR Article 17 Right to Erasure (right to be forgotten).
    (8) To give people a means to complain as GDPR Article 21 Right to Object and GDPR Article 22 Right to Stop Profiling.

23. Direct Marketing notice
1. To set an objective as to rarely get involved in any direct marketing and not get involved with the distribution of any application software.
2. To eliminate the need for application programming to be involved.
3. To eliminate the need for software to be sold or distributed.
4. To be aware that all downloaded application software that is likely (certain) to have vulnerabilities and should never have been downloaded.

24. Legal Compliance notice
1. To set a policy to be be fully compliant with all UK laws for the provision of public website services including:
    (1) General Data Protection Regulations (GDPR)
    (2) Regulation of Investigatory Powers Act (RIPA)
    (3) Service Organisation Controls (SOC)

25. International Standards Compliance notice
1. To set a policy to be be fully compliant with applicable International standards for the provision of public website services including:
    (1) ISO 20001 Information Technology Infrastructure Library (ITIL)…
    (2) ISO 22301 Business Continuity Standard (BCS)…
    (3) ISO 31001 Risk Management Standard (RMS)…
    (4) ISO 14001 Environmental Management Standard (EMS)…
    (5) ISO 27001 Information Security Standard (ISS)…
    (6) ISO 45001 Occupational Health and Safety Management Standard (OHS)…
    (7) ISO 9001 Quality Management Standard (QMS)…

26. Evidence notice
1. To deploy a business requirement to be able to provide adequate evidence of data protection to ICO and interested parties.
2. To ensure that when a data subject challenges a company regarding consent or any data protection topic, the assumption is that the company is guilty until the company can provide evidence to the contrary and the data subject is innocent until evidence can be provided to the contrary.
3. To deploy Evidence management as a fundamental part of every public website service, even when it is called Task Management or Project Management.

27. Decentralized
1. To use the term decentralized to mean that each registered person is personally and exclusively responsible for their own part of the application.
2. To require each registered person to enter, maintain and eventually delete their own personally identifiable information so no other person needs to be granted permission to access any others persons personally identifiable information.
3. To be certain that each registered person is assigned their own unique private encryption key that is unknowable to any person and that all personally identifiable information that is entered into the application is encrypted with that encryption key so any personally identifiable information cannot be leaked to or processed by any other person.
4. To be aware that after a person has deleted their personally identifiable information they will no longer be able to sign in and will have no way to recover any encrypted documents that they have authored. To grant each registered person the right to be forgotten as if they never registered.
5. To be aware that after a person has lost their sign in credentials they will no longer be able to sign-in and will not be able to access any of their encrypted documents. To be aware that password recovery is not provided because it could be used by criminals impersonating a person.