Call us: 01276 919019

 

Privacy Notice

 

The new data protection law as of May 25th 2018, General Data Protection Regulations (GDPR) makes some changes to your rights and what information we need to give you. Please have a read through to find out how we will use your data. We will explain this in plain English as much as possible. We recommend grabbing a cuppa and a nice biscuit, but this is optional.

 

Who is collecting and using your personal data?

 

1nsideout IT Solutions Ltd T/A Insideout IT Solutions is the data controller. You can contact us:

 

• Via email: gdpr@insideout-it.co.uk

• Via phone: 01276 919019

 

What data do Insideout IT Solutions need to process?

 

This depends on the purpose of the processing, please see below for purposes that are relevant to you

 

 

To provide you with information that you have requested or which we think may be relevant to a subject in which you have demonstrated an interest

 

Legal basis – Legitimate Interest

 

Personal data types

 

• First and last name

• Email address

• Phone number

• Address

 

Retention period – 2 years, or if we have an ongoing business relationship, for the duration of that or any other ongoing relationship we have, whichever it the higher.

 

 

To provide you with IT support and or computer monitoring services

 

Legal basis - Contractual obligation

 

Personal data types

 

• First name and last name

• User name

• Password

• Internal and external IP address

• Computer name

• Technical log data from the monitored computer

• Last logon time

• Last reboot time

• Web addresses of blocked sites if blocked by a policy we have set up

 

Retention period – For the duration of our support contract

 

 

Relating to billing

 

Legal basis – Contractual Obligation

 

Personal Data Types

 

• First name and last name

• Company name

• Email address

• Address

• Financial history of our transactions

 

Retention period – 8 years

 

 

When you use our ticket (helpdesk) system

 

Legal basis – Contractual Obligation

 

Personal Data Types

 

• First Name and Last Name

• Email address

• Phone number

• Company name

• Anything you tell us in the ticket which can include passwords

 

Retention period – 12 months or for the duration of any contract between us.

 

 

When you leave us a voicemail

 

Legal basis – Contractual Obligation

 

Personal Data Types

 

• First Name and Last Name

• Email address

• Phone number

• Company name

• Anything you tell us in the message which can include passwords

 

Retention period – 12 months or for the duration of any contract between us.

 

 

When you work for us

 

Legal basis – Contractual Obligation & Express Consent (with regard to health information)

 

Personal Data Types

 

• First Name and Last Name

• Email address

• Address

• Work history

• Health information

• Unspent criminal convictions

• Disciplinary action

 

Retention period – For the duration of any contract between us and longer to be agreed, if you would like us to hold your data so as to provide references.

 

 

When we process on the lawful basis of legitimate interest, we apply the following test to determine whether it is appropriate:

 

The purpose test – is there a legitimate interest behind the processing?

Necessity test – is the processing necessary for that purpose?

Balancing test – is the legitimate interest overridden, or not, by the individual’s interests, rights or freedoms?

 

How is my personal data being used?

 

Your personal data will be processed on a need to know, confidential basis by members of our staff. It may also be processed by third parties such as cloud backup providers, website hosting companies and similar as required. Everyone with access to your data will treat it confidentially and in a GDPR compliant fashion.

 

We may also disclose your personal information to third parties:

 

  • In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets; or

 

  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or to protect our rights, property, or safety, or that of our clients, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

 

The Regulations are particular about where data is processed and some internet and other services work through contracts with overseas companies. We will not transfer your data to ‘Third Countries’ however some of our processors may do and where this is the case we have ensured that they are using GDPR recognised means of doing this such as Binding Corporate Rules or the EU-US or Swiss – US Privacy Shield.

 

Our security measures include device encryption, email encryption, regular encrypted backups, two factor authentication, state of the art malware (anti-virus) endpoint protection, staff training and intruder alarms.

 

Will you sell my data or use it for marketing?

 

No

 

What are my rights?

 

The GDPR gives you several rights such as the right to:

 

• ask to see what data we process for you – this is called a subject access request (SAR)

• withdraw consent given to processing of your personal data

• ask us to rectify inaccuracies – and we ask that you keep us up to date with any changes to your contact details

• request erasure of your personal data

• object to us processing your personal data

• request restriction to processing data concerning you (normally this would be while we look at an objection to us processing your data. There are other situations where this applies too, get in touch if you need more info)

• portability of your data – In some cases you can request your data in a form that makes it easy to take to another processor.

• lodge a complaint with a Supervisory Authority (within the UK this would normally be the Information Commissioner’s Office – http://www.ico.gov.uk)

 

Do I have to give you my data?

 

No, there is no statutory or contractual requirement for you to give us your data. You are under no obligation to share your data with us.

 

If you don’t share your data with us we will have difficulties with functions such as but not limited to:

 

• Sending you alerts and other important messages about current IT threats

• Monitoring your computer(s)

• Sending you reports from your system(s)

• Contacting do discuss alerts we have received from your system(s)

 

Do you use automated decision-making or profiling?

 

No

 

If you are still with us….

 

Hopefully we have made this as open and transparent as possible.

 

All that you really need to know, other than your rights under GDPR, is that we will be doing exactly what we have been doing for you up until this point, but there may be small changes in the background to protect your data further.

 

If you have any questions about how your data is handled just ask, we will be happy to explain.

 

 

Document version: 1.0

Document issued: 21/05/2018

 

 

Insideout IT Solutions
Call Us: 01276 919019

Website created by Insideout IT Solutions