This Privacy Notice applies to all customers and website users of Systems IT Support and Consultancy Limited.
We take your Data Protection seriously and in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and Data Protection Act 2018 (DPA), we have reviewed our policies, processes and security procedures to ensure compliance with the new regulations.
This privacy notice is to inform you, our customers, of the types of data we process about you, the reasons for processing your data, the lawful basis for processing, your rights and the retention periods of your data.
We act as Data Controllers for the personal data provided in order to administer the contracts we enter into with our customers.
We act as Data Processors for the services we provide our customers, where we are required to process personal data provided by our customers on their behalf.
If you have any questions about your data or how we handle it, please contact us via firstname.lastname@example.org
DATA PROTECTION PRINCIPLES
Under GDPR, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:
- a) processing is fair, lawful and transparent
- b) data is collected for specific, explicit, and legitimate purposes
- c) data collected is adequate, relevant and limited to what is necessary for the purposes of processing
- d) data is kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay
- e) data is not kept for longer than is necessary for its given purpose
- f) data is processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures
- g) we comply with the relevant GDPR procedures for any international transfers of personal data
TYPES OF DATA HELD
Systems IT is obliged to collect specific categories of customer data for a variety of reasons. Under GDPR, these are known as the Lawful Basis for obtaining and processing personal data.
COLLECTING YOUR DATA
We collect data when our clients enter into contracts with us in order to administer the contracts. We will also process personal data when performing the services or providing the products we are contracted to provide.
LAWFUL BASIS FOR PROCESSING
The law on data protection allows us to process your data for certain reasons only. In the main, we process your data in order to effectively manage the product or service contracts we have with you.
The table below categorises the types of data processing we undertake and the lawful basis we rely on.
|Type of personal Data||Reason for processing||Lawful basis||Data Retention Period||Transfer Out Of EEA|
|Company Administrator information:||Administration of contract||Performance of contract||Length of Contract||No|
|Name, business phone number, business address, email address|
|Email address (administrators and/or authorised persons)||Service Information updates (eg downtime)||Legitimate Interests||Length of Contract||No|
|User names, email addresses||Provision of support services||Performance of contract||Length of Contract||No|
|User names, phone extension numbers (DDI)||Provision of telephony services||Performance of contract||Length of Contract||No|
|User names, mobile numbers, email address, group and call detail records||Provision of mobile phone services||Performance of contract||Length of contract||No|
|Call recording, phone number||Provision of call recording services||Performance of contract||Length of contract||No|
|Email address (administrators and/or authorised persons / Users)||Provision of Hosted Email / Servers Etc||Performance of contract||length of contract||No|
|N/A||Hardware services||Performance of contract||Length of contract||No|
|N/A||Software||Performance of contract||Length of contract||No|
|Email address (administrators and/or authorised persons)||Broadband, ADSL/SDSL, Private Circuits||Performance of contract||Length of contract||No|
|Email address (administrators and/or authorised persons)||Leased Lines||Performance of contract||Length of contract||No|
|Email address (administrators and/or authorised persons)||Anti-Virus & Associated Security Services||Performance of contract||Length of contract||No|
|Email address (administrators and/or authorised persons / Users)||Anti-Spam||Performance of contract||Length of contract||No|
|All customer data in target systems||Disaster Recovery & Backup services||Performance of contract||Length of Contract / period agreed by Client||No|
SPECIAL CATEGORIES OF DATA
Special categories of data include data related to information such as: health, sexual orientation, race, ethnic origin, political opinion, religion, trade union membership, genetic and biometric data or Child data.
We do not collect any special category data. We would only process special category data if you, the customer, contain such data in your systems or disclose it in any recorded media we may manage or support for you as part of our contract.
FAILURE TO PROVIDE DATA
Your failure to provide us with data may mean that we are unable to fulfil our requirements for entering into a contract with you.
WHO WE SHARE YOUR DATA WITH
We have a data processing agreement in place with third parties we use to process your data under our instructions as part of providing our services to you. Third parties must implement appropriate technical and organisational measures to ensure the security and confidentiality of your data.
We may share your data with third parties as part of a Company sale or restructure, or for other reasons to comply with a legal obligation upon us.
We do not transfer your data with bodies outside of the European Economic Area. If in the future, we are required to do so, we will ensure appropriate measures in place are in place to ensure that your data is transferred securely and that the bodies who receive the data that we have transferred process it in a way required by EU and UK data protection laws.
We do not share your data with any other parties.
PROTECTING YOUR DATA
We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse. As part of our ongoing compliance with GDPR, we have implemented processes to protect your data and will continue to monitor the effectiveness of these processes.
We only keep your data for as long as we need it for and in line with legal requirements, which will be at least for the duration of the contract for products and services as outlined in the table above.
AUTOMATED DECISION MAKING
Automated decision making means making decisions about you using no human involvement e.g. using computerised algorithms or programmes.
We do not undertake any automated decisions with your data.
You have the following rights, with some restrictions, in relation to the personal data we hold on you:
- a) the right to be informed about the data we hold on you and what we do with it
- b) the right of access to the data we hold on you
- c) the right for any inaccuracies in the data we hold on you to be corrected (rectified)
- d) the right to have data deleted in certain circumstances (erasure)
- e) the right to restrict the processing of the data
- f) the right to transfer the data we hold on you to another party (portability)
- g) the right to object to the inclusion of any information;
- h) the right to regulate any automated decision-making and profiling of personal data.
If you would like to exercise any of your rights, please contact us via email@example.com
Where you have provided consent to our use of your data, you also have the right to withdraw that consent at any time. In certain instances, this may not be permissible and we will explain the reasons for this as part of our response.
MAKING A COMPLAINT
We will make every attempt to ensure you are satisfied with our handling of your data requests, however, you are entitled to raise a complaint with the Information Commissioner (ICO) if you are not satisfied. You can contact the ICO at https://ico.org.uk/concerns/ or by telephone on 0303 123 1113 (local rate) or 01625 545 745.
Dated: August 2018
Next review date: August 2019