Privacy Notice
General
‘IT Services’ is Ian Thomas, trading as IT Services (referred to as ‘ITS’, ‘we’, ‘us’ or ‘our’ in this Privacy Notice).
ITS is the controller and processor responsible for your personal data, and is committed to protecting and respecting your privacy.
This notice explains when and why we collect personal information about you, how it is used, the conditions under which it may be disclosed to others, how it is kept safe and secure, and your rights and choices in relation to your information.
By accessing our website and utilising our services, you acknowledge that you have read and understood this Privacy Notice.
We are not required to appoint a data protection officer; the responsible person is Ian Thomas, proprietor of ITS.
Contact details
If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us as below:
IT Services, The Dormers, Highworth, Wiltshire SN6 7PA
Email: email hidden; JavaScript is required
Website: http://www.itsrv.com
Telephone: 01793 766229
Review and Updates
We keep this privacy notice under regular review, so it may change from time to time.
Please check back regularly to keep informed of any updates.
This notice was last updated on 21 July 2018.
What is our lawful basis for holding and processing your personal data?
Data protection law requires us to rely on one or more lawful grounds to process your personal information. We consider the following grounds to be relevant:
- Performance of a contract: where we are entering into a contract with you or performing our obligations under it, including selling, supplying, delivering and invoicing for goods and services.
- Legitimate interests: where it is necessary to achieve our legitimate interests (as long as the information is used fairly, and does not duly impact your rights), including promoting, marketing and advertising our goods and services; managing customer relationships; understanding your preferences and needs; complying with our legal and regulatory obligations; handling customer contacts and queries.
- Consent: where you have provided specific consent for us to use your personal information in a certain way, such as to send email marketing. You can withdraw your consent at any time by contacting us.
How is your personal data collected?
We collect your personal data by direct interaction when you:
– Provide your information by contacting us by any means with any enquiries.
– Provide your information by email, or fill in an on-line response form on our website.
– Provide your information when you enquire about, or place an order for, products or services.
Our website/server collects browser details and IP information when you visit our website.
What type of personal data is collected?
Personal data, or personal information, means any information about an individual from which that person can be identified.
We will collect and process the following data about you:
- Contact and invoicing information: name, address, phone numbers, email addresses, email messages and correspondence.
The lawful basis for this is: performance of contract and legitimate interest.
- Technical information about your visits to our website including the type of device used to access it, your IP address and geographical location.
The lawful basis for this is legitimate interest – monitoring and securing our website.
- Marketing and communications data including your preferences in receiving marketing from us, and your communication preferences.
The lawful basis for this is: legitimate interest and consent.
Controller and Processor
ITS holds personal data both as a controller and a processor:
As a controller: Client, prospective client, supplier, contact and invoicing information is stored.
As a processor: we may process a limited amount of personal data for clients, for example to publish contact details on a client’s website, or to publish contact lists as part of a client’s printed publication. Such data will be deleted when client relationship ends, or when client’s project has been completed and no further processing is likely to be required.
We will seek to ensure the client is aware of their responsibilities as a data controller under GDPR. We will treat clients/data controller’s personal data in accordance with our own Data Protection and Privacy policies.
Special Categories of data
We do not hold or process Special Categories of personal data (race, ethnic origin, politics, religion, trade union membership, genetics, biometrics, health, sex life, sexual orientation, criminal convictions or offences).
Children
We do not provide services directly to children and do not knowingly hold or process personal data relating to children under 17. If you learn that a child under 17 has provided us with personal information without consent, please contact us.
How do we use your personal data?
We use personal information to fulfil our obligations to our clients; to allow initial and ongoing contact with prospects, clients, & suppliers; to provide and invoice for services; to manage our relationship with you; to administer and protect our business; and to respond to enquiries.
Name and email address data may be used to record user details on a secured client website, to enable the client to log in and edit website content.
Name, contact details and email address may be stored where the personal data is to be published on a client’s website, or in a printed publication.
In common with most websites, our website/server automatically collects visitors IP addresses, browser information and other technical information. This is used to count and analyse visitors to the website, but not to track you or personally identify you.
Marketing
We may use your email address for occasional low-volume marketing. If you have requested information from us, or purchased goods or services from us, and you have not opted out of receiving marketing, we may use your contact details to provide you with information about our products and services that we think may be of interest to you.
You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you, or by contacting us at any time.
Automated decision making
We do not use any personal data for automated decision making or profiling.
Sharing your information with third parties
ITS may share your information with business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you.
As a data controller, we may pass personal data to a web hosting company and/or domain name registrar where the information is required for web hosting setup or domain name registration.
As a data processor, we may pass personal contact information to third-party printing companies in order to produce printed materials such as members’ contact lists.
We do not sell or rent your information to third parties, or share your information with third parties for marketing purposes.
We may disclose personal information if we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.
Data minimisation
ITS will ensure that personal data is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
Accuracy
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
How long do we hold your information? (data retention)
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
For example, by law we have to keep basic information about our customers (including contact, identity, financial and transaction data) for six years after they cease being customers for tax purposes.
How we keep your data secure
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures, including an internal data protection policy, to safeguard and secure the information we collect.
The transmission of information via the internet cannot be completely secure. We cannot guarantee the security of personal data transmitted to us; any transmission is at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems.
You are responsible for keeping secret any confidential passwords or other login or access details that you select or which we allocate to you.
Links
Our website may contain links to other websites of interest. If you follow a link to another website, you should note that we do not have any control over that other website, and cannot be responsible for the protection and privacy of any information which you provide whilst visiting such a site.
You should exercise caution and look at the privacy statement applicable to the website in question.
International transfer
In general terms we will not transfer personal data outside the European Economic Area (EEA). If personal contact information is required for the registration of a domain name, or is to published on a client website, such that it can be accessed from outside the EEA, we will seek to ensure that the client has given or obtained the required consents.
Breach procedures
We have put in place procedures to deal with any suspected personal data breach, and will notify you and any applicable regulator of a breach where we are legally required to do so.
Your legal rights under The GDPR
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
Right of access: you have a right to request a copy of the information we hold about you, and we will provide you with this unless legal exceptions apply.
Right to have your personal information corrected: you have the right to have inaccurate or incomplete information we hold about you corrected.
Right to restrict use: you have a right to ask us to restrict the processing of some or all of your personal information if there is a disagreement about its accuracy, or we’re not lawfully allowed to use it.
Right of erasure: you may ask us to delete some or all of your personal information and in certain cases, and subject to certain exceptions; we will do so as far as we are required to.
Right to data portability: if we are processing your personal information (1) based on your consent, or in order to enter into or carry out a contract with you, and (2) the processing is being done by automated means, you may ask us to provide your data to you or another service provider in a machine-readable format.
Right to object: you have the right to object to processing where we are using your personal information (1) based on legitimate interests, (2) for direct marketing or (3) for statistical/research purposes.
Right to object to direct marketing: if you do not want us to process your personal data for direct marketing purposes, you may object or withdraw consent at any time.
If you want to exercise any of the above rights, please contact us.
We will endeavour to respond to all requests within one month of receipt of your request.
Please note that exceptions apply to a number of these rights, and not all rights will be applicable in all circumstances. For details please consult the guidance published by the UK’s Information Commissioner’s Office (https://www.ico.org.uk).
We may need to request specific information from you, to confirm your identity and ensure your right to access your personal data or exercise any of your other rights.
No fee usually required: you will not have to pay a fee to exercise any of the above rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Right to complain to a supervisory authority: you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (https://www.ico.org.uk).
We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
Cookie Policy
Like many other websites, our website uses cookies. Cookies are small pieces of information sent by a website to your device, enabling the website to recognise your device when you visit. Cookies allow us to count website visitors; they can help to remember your preferences, and generally improve the user experience.
We only use harmless cookies that are essential for the website to function correctly.
We do not use cookies to track you or personally identify you.
By using and browsing our website, you consent to cookies being used in accordance with our policy. If you do not consent, you must turn off cookies or refrain from using the site. Turning cookies off may result in a loss of functionality when using any website.
Browser Settings / How to change your preferences
Cookies are saved to your browser, so to turn off any cookie you will have to do so for every browser you use. Most web browsers allow some control of most cookies through the browser settings. To manage cookies on popular browsers:
To find information relating to other browsers, visit the browser developer’s website.
To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit http://www.aboutcookies.org/default.aspx or http://www.allaboutcookies.org/faqs/privacy.html.
To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.
END OF NOTICE