Privacy Notice

Privacy Notice

 

The General Data Protection Regulations (GDPR) governs the use of personal data. Please have a read through to find out how we will use your data. We will explain this in plain English as much as possible. We recommend grabbing a cuppa and a nice biscuit, but this is optional.

 

Who is collecting and using your personal data?

 

1nsideout IT Solutions Ltd T/A Insideout IT Solutions is both a data controller and a data processor depending on the processing concerned. In either case, you can contact our Data Protection Officer using the contact information below:

 

• Via email: dpo@insideout-it.co.uk

• Via phone: 01276 919019

 

What data do Insideout IT Solutions need to process?

 

This depends on the purpose of the processing, please see below for purpose(s) that are relevant to you.

 

To provide you with information that you have requested (1) or which we think may be relevant to a subject in which you have demonstrated an interest (2).

 

Our role - Data controller

 

(1) Legal basis – Your legitimate interest

(2) Legal basis - Our legitimate interest to promote our business

 

Personal data types

 

• First and last name

• Email address

• Phone number(s)

• Address

 

Retention period – For as long as we require it for the original purpose, or if we have an ongoing business relationship, for the duration of that or any other ongoing relationship we have, whichever is the higher.

 

 

To provide you with IT support and or computer monitoring services

 

Our role - Data controller concerning the administration of our business relationship with you and data processor when we perform our contractual duties.

 

Legal basis - Contractual obligation

 

Personal data types

 

• First name and last name

• Username

• Password

• Internal and external IP address

• Computer name

• Technical log data from the monitored computer

• Last login time

• Last reboot time

• Web addresses of blocked sites if blocked by a policy we have set up

 

Retention period – Some data is required for the duration of our support contract and other data such as those relating to individual supported devices are erased when those devices are removed from our support platform(s).

 

 

Relating to billing

 

Our role - Data controller

 

Legal basis – Contractual Obligation

 

Personal Data Types

 

• First name and last name

• Company name

• Email address

• Address

• Financial history of our transactions

 

Retention period – 8 years so that we can ensure we comply with accounting rules and regulations.

 

 

When you use our ticket (helpdesk) system

 

Our role - Data controller

 

Legal basis – Contractual Obligation

 

Personal Data Types

 

• First Name and Last Name

• Email address

• Phone number

• Company name

• Anything you tell us in the ticket which can include passwords

 

Retention period – 12 months or for the duration of any contract between us.

 

 

When you leave us a voicemail

 

Our role - Data controller

 

Legal basis – Contractual obligation if support related and your legitimate interest if it is an information request

 

Personal Data Types

 

• First Name and Last Name

• Email address

• Phone number

• Company name

• Anything you tell us in the message which can include passwords

 

Retention period – 12 months or for the duration of any contract between us.

 

Direct Marketing

 

Our role - Data controller

 

Legal basis - Our legitimate business interest

 

• First Name and Last Name

• Email address

• Phone number

• Company name

• Job Role

 

Retention period – For as long as is required for the purpose it was collected.

 

When you work for us

 

Our role - Data controller

 

Legal basis – Contractual Obligation & Express Consent (concerning any special category data such as health-related)

 

Personal Data Types

 

• First Name and Last Name

• Email address

• Address

• Work history

• Health information

• Unspent criminal convictions

• Disciplinary action

 

Retention period – For as long as is required for the purpose it was collected.

 

When we process on the lawful basis of legitimate interest, we perform a legitimate interest assessment (LIA) to determine whether your rights and freedoms outweigh ours:

 

The purpose test – is there a legitimate interest behind the processing?

Necessity test – is the processing necessary for that purpose?

Balancing test – is the legitimate interest overridden, or not, by the individual’s interests, rights, or freedoms?

 

How is my personal data being used?

 

Your personal data will be processed on a need to know, confidential basis by members of our staff. It may also be processed by third parties such as cloud service providers, website hosting companies, and similar as required. We may also need to share your data with third parties who provide professional services to us. Everyone with access to your data will treat it confidentially and in a GDPR compliant fashion.

 

We may also disclose your personal information to third parties:

 

If we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets; or

 

If we are under a duty to disclose or share your personal data to comply with any legal obligation, or to protect our rights, property, or safety, or that of our clients, or others. This includes exchanging information with other companies and organisations for fraud protection and credit risk reduction.

 

The Regulations are particular about where data is processed and some internet and other services work through contracts with overseas companies. We will not transfer your data to ‘Third Countries’ however some of our processors may do and where this is the case we have ensured that they are using GDPR recognised means of doing this such as Binding Corporate Rules or Standard Contractual Clauses.

 

Our security measures include device encryption, email encryption, regular encrypted backups, two-factor authentication, state of the art multi-layered malware (anti-virus) endpoint protection, staff training, and intruder alarms.

 

Will you sell my data?

 

No, we won't ever sell your data other than as part of our business if we were to sell our business.

 

What are my rights?

 

The GDPR gives several rights that apply in different situations, such as the right to:

 

• ask to see what data we process for you – this is called a subject access request (SAR).

• withdraw any consent you have given to process any of your personal data.

• ask us to rectify inaccuracies – and we ask that you keep us up to date with any changes to your contact details.

• request erasure of your personal data.

• object to us processing your personal data.

• request restriction to processing data concerning you (normally this would be while we look at an objection to us processing your data. There are other situations where this applies too, get in touch if you need more info).

• portability of your data – In some cases you can request your data in a form that makes it easy to take to another controller.

 

If you would like more information about your rights or would like to use any of them please contact our Data Protection Officer (DPO) using the contact details above.

 

Do I have to give you my data?

 

No, there is no statutory or contractual requirement for you to give us your data. You are under no obligation to share your data with us.

 

If you don’t share your data with us we may have difficulties with functions such as but not limited to:

 

• Sending you alerts and other important messages about current IT threats

• Monitoring your computer(s)

• Sending you reports from your system(s)

• Contacting do discuss alerts we have received from your system(s)

 

Do you use automated decision-making or profiling?

 

No

 

If you are still with us….

 

Hopefully, we have made this as open and transparent as possible.

 

If you have any questions about how your data is handled just ask, we will be happy to explain.

 

If you have a complaint or a concern, please contact us to discuss this, we take data protection very seriously and would like to resolve any issues that may occur.

 

If you are still unhappy, you have the right to contact a supervisory authority. The UK's supervisory authority is the Information Commissioner's Office (ICO)

 

Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

 

Tel: 0303 123 1113 (local rate)

 

 

Document version: 1.1

Document issued: 14/09/2020

Contact Us

 Address. 16 Moffats Close Sandhurst Berkshire GU479EN

Tel. 01276 919019

Please click here to view our Privacy Notice