Policies

WHAT ARE THE ASSURED GROUP OF COMPANIES DOING TO BE GDPR COMPLIANT ?

The guidance and policies you will find on this site apply to data protection activities across all companies, divisions and brands which trade as part of the Assured Group of Companies. These include, but are not limited to:

• Assured Group Limited
• Airport Valet Company Limited
• Assured Valeting Ireland Ltd
• Acerta Limited
• Assured Fleet Solutions Limited
• Logic 360 Limited
• Spotless Limited

As part of our continuous focus on information security and data privacy our GDPR compliance is being a managed through programme of activities in the following areas:

Privacy by Design

Integrating data protection, privacy, and security requirements into our products and services as required, in all our business activities. We continually strive to improve what we do and so will evaluate and build better offerings to translate data protection compliance into actions and tangible improvements.

Third Party Management

Ensuring that Assured Group Of Companies’ valued customers and suppliers are best able to meet their obligations with respect to data privacy and establishing transparent arrangements through appropriate information sharing agreements. When we work with new suppliers or with long established strategic partners we look to apply standards that safeguard personal information.

Policies and Procedures

Reviewing standards and processes to define the personal information lifecycle and help ensure data transparency, accuracy, accessibility, completeness, security and consistency. Our Privacy Policy reflecting GDPR requirements sets the context for how we obtain, store and use information relating to our customers and our own people.

Information Security

Reviewing and improving our company wide information security framework, ensuring that incident response process remains effective and that confidentiality, integrity and availability of personal information is assured through appropriate technical and organisational measures

Information Governance

This is about mapping our data and identifying what we have, what we are doing with it, where it is, where it flows, and who has access to it. We classify data based on risk and sensitivity in context. That risk is data-led / person-led allowing us to focus on the outcome and purpose of processing leads to a better and more holistic risk profile and informs the commitment of data privacy that we make to our customers and suppliers.

This is how we protect your data:

The Data Lifecycle

1. Obtain	2. Hold	3. Use	4. Delete
Person Information   ·          We only use personal data when necessary and lawful ·          We notify the person when collecting their data in person or via a 3rd Party ·          We request consent if required	Person Information   ·          We only store personal data that must be used ongoing throughout the process ·          We secure the Data with encryption & access control, anonymisation or obfuscation ·          We keep information up to date	Person Information   ·          We check there is a lawful purpose ·          We use in line with consent provided ·          We suspend processing for individuals data ·          We track which data is shared with others	Person Information   ·          We identify data for retention ·          We know when retention periods end ·          We securely delete data that is no longer needed

Further information

As data controllers we are responsible for complying with the relevant requirements under the General Data Protection Regulation (“GDPR”) in respect of the personal data that we hold for legitimate business purposes.

As part of our GDPR company compliance and as required by the regulations, we are updating our analysis of processing activities as part of our continuous review of how personal information is handled across our business operations, products and services. As work progresses all relevant parties will be updated with key information including:

· Privacy Policy for our products and services.

· Refinements to our Supplier Agreements and consent mechanisms.

· Mechanisms by which subject access requests can be made in a secure manner.

· Details of Assured Group Of Companies products and processes explaining how we meet our obligations with respect to GDPR and also wider information security requirements.

· A set of FAQs to answer the most common questions about Assured Group Of Companies and GDPR which will also include questions about where we store relevant data.

· Our data protection governance arrangements and privacy mindset ensure that our operations are subject to continuous review to maintain alignment with GDPR. As we complete our preparations and as we introduce new products and services, the information provided here will therefore be updated periodically.

If you require further information relating to Assured Group Of Companies and GDPR, please contact us at this email address: info@assuredgroup.org

FAQs

Need a quick answer to one of your Assured Group of Companies questions? Here you go:

Is Assured Group Of Companies GDPR Compliant?

We have a GDPR Champions Project Team working to ensure that we meet our obligations relating to data protection compliance

Assured Group Of Companies GDPR activities are being led by the Project Team together with external subject experts, technical and legal advisors with practical experience in data protection and wider security aspects

From the viewpoint of our customers, we are confident that the security measures that we already have in place are fit for purpose and we do not expect any significant changes as a result of our GDPR compliance

Assured Group of Companies products and services will operate as usual and we will ensure that our customers benefit from our attention to security and data protection

Assured Group of Companies will keep Customers informed of updates to aspects such as privacy notices that refer to the new regulations, as these become available

There is no accredited third-party certification for GDPR at present. This may change in the future - for example, the European Commission may create a “Data Protection Seal”. Assured Group of Companies will keep watch on developments in this area

Where Does Assured Group Of Companies Store Personal Information?

Assured Group Of Companies is based in the EU and our products make use of hosting providers operating in Western Europe

As part of our GDPR compliance activities and as required by the regulations we are updating our analysis of processing activities as part of our continuous review of how personal information is handled across our business operations, products and services

Assured Group Of Companies is a European organisation and it is important that the personal information of our customers and our own people is handled in accordance with GDPR

Our data protection governance arrangements and privacy mindset ensure that our operations are subject to continuous review to maintain alignment with GDPR as we introduce new products and services

Our Third-party service providers operate under the same regulatory regimes and we select industry standard suppliers to ensure that we can deliver the best products and services

How Can I Request Access To My Personal Information?

We have online information for product users or get in touch with our Customer Satisfaction Team

We provide secure online self-service access to account information for our customers via the Assured Management System (AMS)

If you need further information additional to that available through our online channels, customers can contact Assured Group of Companies Customer Care who will be pleased to assist with general enquiries

If you have a specific request for personal information from the Assured Group of Companies please contact our Data Protection team on info@assuredgroup.org

Existing legislation and GDPR require organisations to respond to data subject access requests. Assured Group of Companies is already able to do so and has refined their current processes in respect of GDPR. Accordingly, as a matter of compliance we will need to authenticate your identity to ensure that we handle any request securely.

As an Assured Group Of Companies Customer or Supplier, Will Anything Change?

No functional change is anticipated for Assured Group Of Companies products and services, however as part of our GDPR readiness preparations we are updating and creating relevant policies and procedures, which will be published and notified to applicable users as appropriate

Assured Group of Companies policies are being reviewed and updated to contain wording that aligns with the requirements of GDPR

As relevant policies and procedures are updated for the Assured Group Of Companies’ products and services, users will be notified accordingly

Where users have already consented to receiving material such as the Assured Group Of Companies updates, we provide the ability for users to change or withdraw consent in line with legislative requirements

As part of the service and products we provide, the Company will continue to review the business purpose for using personal information and as such there may be future changes to relevant policies and procedures, including consent issues.

Will the Assured Group Of Companies Customers Need a Data Processing Agreement?

A Data Processing agreement will not be needed by many customers – instead, updates where applicable to contractual documentation, should be sufficient.

Assured Group of Companies policies have been updated to align with the requirements of GDPR and this should be sufficient for many of our customers.

A commercial customer may require a Data Processing Agreement/Addendum to help demonstrate it is meeting its obligations with respect to GDPR. In such cases, Assured Group of Companies will provide a suitable template populated with the necessary details.

Who / where do I go to if I have any other queries about Data Protection at the Assured Group of Companies?

Direct all enquiries to our Data Champions by emailing info@assuredgroup.org

Depending on the nature of the query, this will be responded to by the appropriate Data Champion in respect of customer, supplier or employee issues.

Assured Group is the UK’s largest privately owned vehicle preparation company, serving all sectors of the automotive industry. As a group it provides a range of services provided through its’ various Limited companies.

This report is focussed solely on Assured Group Ltd, which is the largest company in the UK specialising in vehicle preparation services.

Assured Group’s Equal Opportunities Policy, states:
The Company is an equal opportunity employer and is committed to a policy of treating all its employees and job applicants equally. The Company will avoid unlawful discrimination in all aspects of employment including recruitment and selection, promotion, transfer, opportunities for training, pay and benefits, other terms of employment, discipline, selection for redundancy and dismissal.

In accordance with Gender Pay Gap legislation, the company reported its’ data for 5 April 2017 and 2018, based on the following headcount:

The data reported on https://gender-pay-gap.service.gov.uk is as follows:

Difference in Mean hourly rate of pay: 20.28, a decrease from 22.2% in 2017

Difference in Median hourly rate of pay: 14.13%, an increase from 13.1%

Difference in Mean bonus pay: 61.63, a decrease from 68.2%

Difference in Median bonus pay: There is now no difference between males and females 0% -100%

Percentage of employees who receive bonus pay
Male: 27.38% increase from 24.3
Female: 19.64% decreased from 23%

Employees by pay quartile	Male	Female
Upper quartile	2017 - 90%, 2018 - 94%	2017 - 10%, 2018 - 6%
Upper middle quartile	2017 - 95%, 2018 - 89%	2017 - 5%, 2018 - 11%
Lower middle quartile	2017 - 84%, 2018 - 80%	2017 - 16%, 2018 - 20%
Lower quarter	2017 - 82%, 2018 - 81%	2017 - 18%, 2018 - 19%

Conclusions:

In common with most of this industry sector a very high proportion of Assured Group’s employees are male, at 88% of its total headcount.

Having analysed the figures behind the top level data, Assured Group is satisfied that the data reflects the proportion of male vs female employees in the business.

We would also factor in that Assured Group is one of only a few companies in our industry that is privately owned and financed. As such, the top level information provided includes the pay data of the company’s 4 shareholders, which naturally affects the overall figures.

Not all sectors of the business are predominantly male, however. Interestingly the median difference in bonus pay at -100% differential to Males, reflects on our Sales team, which is mainly female and it is the percentage of performance earned bonus which affects the figures in this instance.

Finally, as a business Assured Group Ltd remains committed to continuing to uphold the principles of its Equal Opportunities Policy and assessing where it can positively promote the rights and interests of a very diverse range of employees in all aspects of their work.