GDPR DATA PRIVACY STATEMENT
As your trusted IT provider, the protection of your data is of paramount importance to us. The systems we use internally to store and process your data (where applicable), conform to industry standards and sit behinds layers of security.
The following statement aims to outline how we handle data as a processor:
To be able to provide IT services to our clients, we have to process some personal information in order for us to maintain records about our clients, maintain accurate accounts to submit to HMRC, manage our staff and conduct marketing activities. Depending on our relationship to the data subject, the type of data and it’s use will vary. We will not store data which is outdated, unnecessary, or for uses other than it’s intended purpose when collected without prior consent.
Only trained staff with a business requirement will have access to the systems where information is stored. Our systems maintain access logs for audit-trail and compliance purposes.
The data subjects we process personal data on are:
- Our team of employees.
- Our clients (or enquirers).
- Providers of professional services (external accountants, external legal council, business consultants, private, insurers).
The data we collect, store and maintain for processing, falls into the following categories:
- Client details (name, email address(s), phone number(s), business address(s), communications from/ to – such as emails).
- Details of the services we provide to clients (signed contracts, quotations, agreements)
- Employee records (contact details, next of kin contact details, driving license, medical details (allergies/ conditions we need to be aware of for safety and risk assessments, return to work and fit notes), employment information (proof of the right to work in the UK, CV, signed contracts of employment), financial details for payroll).
- Applications for job vacancies (CVs, hiring-process mark sheets), stored only whilst the company has a recruitment need, after which point, the data is disposed of securely.
- Marketing activities – if the data subject has willingly signed up for our newsletter, or periodic communications, we will store names and email addresses in the relevant marketing system.
The recipients of the data we collect are:
- Technical Engineers providing services (data is stored and accessed on a permission-basis).
- Accounts Team (for billing and maintenance of agreements and contracts).
- Sales (for marketing, quoting and relationship-management).
- Directors (for dealing all aspects of the business).
Every data-subject has the right of access and the right to rectify the data concerning him or her by contacting the appointed the data controller overseeing the processing operation. Additionally, the data-subject can also request the right to be forgotten at which point data will be securely disposed of. The right of rectification can only apply to factual data and within compliance regulations set out under GDPR.
The disposal of data is a crucial part of the lifecycle of information stored on a data-subject. If for any reason, data is nolonger relevant, is incorrect or it has been requested that the data no longer be stored by the company, data must be disposed of in compliance with the regulation. In this instance, paper records, will be retrieved from their secure storage location and destroyed to P4 (cross cut) standards or above. Physical media such as hard drives are secure erased or destroyed when equipment is decommissioned or replaced.