We are committed to protecting and respecting your privacy.
During the course of our activities we will collect, store and process personal information about our customers, suppliers and other third parties
This policy explains the types of personal data we may collect from you or that you provide to us and how it will be processed. It will also explain how we’ll store and handle the data to keep it safe.
Who are we?
The data controller is System 15 Ltd, Kestrel Court, Waterwells Business Park, Waterwells Drive, Quedgeley, GLOS. GL2 2AT, a company registered in England and Wales under number 9533674
The information we may collect about you
We may collect, use, store and transfer different types of personal information about you, including:
Identity Data, such as your name, marital status, title, date of birth, gender, job title and your employer
Contact Data, such as your home and work addresses, personal and work email addresses and personal and work telephone numbers
Profile Data, such as your username, password, purchases or orders made by you, your interests, preferences, feedback and survey responses
Document Data, such as copies of your driving licence, utility bills, etc
Third Party Data, namely Identity Data, Contact Data and Document Data relating to your business colleagues and other contacts
Financial Data, such as bank account details
Transaction Data, including details about payments to and from you, and other details of services you purchase from us
Technical Data, including IP addresses, log in data, browser type and version, time-zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website
Usage Data, including information about how you use our website, products and services
Marketing Data, such as your preferences in receiving marketing from us and our third parties, and your communication preferences.
How we collect your personal information
We may obtain personal information by directly interacting with you, such as:
Receiving your instructions to provide IT services, and in the performance of those services
Corresponding with us by phone, email, letters or otherwise
Meeting with you in our offices, at events or elsewhere
Filling in forms on our website
Participating in social media
Giving us your business card
Entering a competition, promotion or survey organised by us, or otherwise providing us with feedback
Subscribing to our services or publications, or otherwise requesting marketing material to be sent to you
Logging onto the WiFi network within our offices
We may also obtain personal information via automated technology when you interact with our website, remote support software or ticket systems by using cookies, server logs and other similar technologies.
The legal basis for collecting data
We will only use your personal information when the law allows. Most commonly, we will use your personal information in the following circumstances:
You have given us consent.
We need to perform a contract we are about to enter into, or have entered into, with you.
Where it is necessary for our or a third party’s legitimate interests, in a way which might reasonably be expected as part of running our business, and your interests and rights do not override those interests
Where we need to comply with a legal or regulatory obligation.
Purposes for which we may use your personal information
We use the information you provide to us to:
Enable us to provide you with IT services.
Carry out our obligations arising out of any contractual arrangement or terms and conditions.
To process any orders that you make. This may include passing details to a third party to supply or deliver products or services.
Ensure our online content is presented in the most effective manner.
Provide you with marketing information about us and our services (you may opt out from receiving such information at any time).
Notify you about changes to our services.
We will only use your personal information for the purpose(s) for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
It may also be a contractual requirement for you to provide us with certain information. If you do not provide us with that information, we may be unable to accept your instructions and/or provide you with the full range of our IT and consultancy services.
How we protect your personal data
We take information security seriously. We also know how much data security matters to all our customers.
All information you provide to us is stored on secure servers in the United Kingdom, or on secure cloud-based services in a country within the European Economic Area.
We will take all steps reasonably necessary to ensure that your data is treated securely, including taking the following safeguards:
Firewalls and encryption. We apply industry-standard firewall protection and disk encryption technology. Portable media has appropriate markings for secure transportation of data.
Two factor authentication (2FA) is used wherever possible for both online and on-premise systems.
Electronic access. All data stored electronically is password-protected. Where we have provided an authorised user with a password, that user is responsible for keeping this password confidential and is not permitted to share the password with anyone. Staff only have access to data on a need to know basis.
Password management. Passwords for systems are centrally managed via a secure password vault with granular level of controls for exposure of passwords to staff.
Physical security. Access to our offices is secured by means of electronic entry controls and we use CCTV monitoring.
Training. We ensure all our employees are trained in the importance of data security.
Secure transfer of data. Where appropriate, we will send sensitive information such as passwords, ID or banking details by secure online system to reduce the risk of data interception.
Overseas transfers. Whenever we transfer your personal information outside the United Kingdom, we ensure a similar degree of protection is afforded to it by ensuring that we apply appropriate safeguards (either by transferring data only to recipients in the European Economic Area, to recipients in countries approved by the European Commission, to recipients that are party to the EU-US Privacy Shield, or by using specific contracts approved by the European Commission).
Cookies are small text files that are placed on your computer, smartphone or other device when you access the internet.
We use the following cookies:
How long will we keep your personal data?
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.
For example, where we use or store your data because it is necessary for the performance of the contract between you and us we will use or store your data for as long as it is necessary for the performance of the contract between you and us.
Where we use or store your data because you have given us your specific, informed and unambiguous consent we will use or store your data until you ask us to stop.
At the end of that retention period, your data will either be deleted completely or anonymised.
You have various legal rights in relation to the information you give us, or which we collect about you, as follows:
You have a right to access the information we hold about you free-of-charge
The correction of your personal data when incorrect, out of date or incomplete.
You have the right to ask us to erase the information we hold about you (the ‘right to be forgotten’). Please note that this right can only be exercised in certain circumstances and, if you ask us to erase your information and we are unable to do so, we will explain why not.
You have the right to ask us to stop using your information where: (i) the information we hold about you is inaccurate; (ii) we are unlawfully using your information; (iii) we no longer need to use the information; or (iv) we do not have a legitimate reason to use the information. Please note that we may continue to store your information or use your information for the purpose of legal proceedings or for protecting the rights of any other person.
You have the right to ask us to transmit the information we hold about you to another person or company in a structured, commonly-used and machine-readable format. Please note that this right can only be exercised in certain circumstances and, if you ask us to transmit your information and we are unable to do so, we will explain why not.
Where we use or store your information because it is necessary for our legitimate business interests, you have the right to object to us using or storing your information. We will stop using or storing your information unless we can demonstrate why we believe we have a legitimate business interest which is more important than your interests, rights and freedoms.
Where we use/store your data because you have given us your specific, informed and unambiguous consent, you have the right to withdraw your consent at any time.
You have the right to object to us using/storing your information for direct marketing purposes.
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.
Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
Opting out of receiving marketing communications
At any time you can ask us to stop sending you marketing communications by contacting us via email@example.com, contacting our Data Assurance Manager Nick Rowntree or by writing to the address at the top of this policy.
We do not use any automated decision-making processes.
Changes to our policy
If we make any changes to our policy in the future we will post the updated policy on our website and, where appropriate, notify you by email or via social media. Please check our website frequently to see any updates or changes to our policy.
Any questions or comments in relation to this policy should be addressed to our Data Assurance Manager, Nick Rowntree, by writing to the address at the top of this policy, or by emailing us at firstname.lastname@example.org