This is the privacy notice of Get Support IT Services Limited company number 07003640 registered in England. Our registered office is at Unit B Oakwood, Oakfield Industrial Estate, Eynsham, OX29 4TH.
In this document, “we”, “our”, or “us” refer to Get Support IT Services Limited.
This policy was last updated on the 24th May 2018
- This is a notice to inform you of our policy regarding the information that we record about you. It sets out the conditions under which we may process any information that you provide to us or we collect from you. It covers information that could identify you (“personal information”). In the context of the law and this notice, “process” means collect, store, transfer, use or otherwise act on information.
- We take seriously the protection of your privacy and confidentiality. We understand that everyone is entitled to know that their personal data will not be used for any purpose unintended by them, and will not accidentally fall into the hands of a third party.
- We undertake to preserve the confidentiality of all information you provide to us, and hope that you reciprocate.
- Our policy complies with UK law accordingly implemented, including that required by the EU General Data Protection Regulation (GDPR).
- The law requires us to tell you about your rights and our obligations to you in regards to the processing and control of your personal data. We do this now, by requesting that you read the information provided at www.knowyourprivacyrights.org
- Except as set out below, we do not share, or sell, or disclose to a third party, any information collected through our website.
What information do we collect about you?
We collect information about you when:
- you contact us for any reason
- you place an order for products or services
- during delivery of products or services
- when you voluntarily complete customer surveys, provide feedback or participate in competitions
- you visit our website
- you apply for a job
The personal data frequently collected during these activities are:
- records of our correspondence and phone calls including call recordings
- your name, phone number, email address and postal address
- your computer’s Internet Protocol (IP) addresses and activity when visiting our website
- closed circuit television images (CCTV) recorded at our premesies
- financial information regarding payments and payment methods
- computer system and performance information where required to provide a specific service
How will we use the information about you?
We use the information collected about you to:
- provide quotations
- process orders for products and services that you have requested from us
- manage your account
- provide you with marketing information which we believe may be of interest to you or your business
- for security and access control purposes
- to monitor and manage the the services we provide
- for recruitment purposes when a job application has been made
In processing your order, we may send your details to, and also use information from credit reference agencies and fraud prevention agencies.
Obligations as a Data Processor
We also act on behalf of some of our clients in the capacity of a data processor, this is for services where our clients determine the purposes and means of processing personal data. When working exclusively as a data processor:
- we will be acting on the instruction of our client and will process their data in accordance with GDPR requirements
- people processing the data are subject to a duty of confidence
- the data is stored and processed securely
- we will only engage a sub-processor with the prior consent of the data controller and a written contract. A list of current sub-processors for a client’s current services is available by emailing firstname.lastname@example.org
- we will assist the data controller in providing subject access and allowing data subjects to exercise their rights under the GDPR
- we will assist the data controller in meeting its GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments
- we will delete or return all personal data to the controller as requested at the end of the contract
- we submit to audits and inspections, provide the controller with whatever information it needs to ensure that they are both meeting their Article 28 obligations
Legal basis for processing any personal data
Under the GDPR there is a requirement for a legal basis to process personal data. Our lawful bases for processing data are as follows:
We are subject to the law like everyone else. We need to keep accounting and tax records and other business paperwork, this may contain personal information. Sometimes, we must process your information in order to comply with a statutory obligation.
For example, we may be required to give information to legal authorities if they so request or if they have the proper authorisation such as a search warrant or court order.
When you enquire about our products and services or place an order we have a contractual obligation to process your data. Under this legal basis, we will continue processing relevant personal data to fulfil the terms of the contract.
We may also provide you with suggestions and advice on products, services that may be relevant to you.
Through certain actions when otherwise there is no contractual relationship between us, such as when you browse our website or ask us to provide you more information about our business, including job opportunities and our products and services, you provide your consent to us to process information that may be personal information.
Sometimes you might give your consent implicitly, such as when you send us a message by e-mail to which you would reasonably expect us to reply.
If you have given us explicit permission to do so, we may from time to time pass your name and contact information to selected associates whom we consider may provide services or products you would find useful.
We continue to process your information on this basis until you withdraw your consent, or it can be reasonably assumed that your consent no longer exists.
You may withdraw your consent at any time by instructing us by email to email@example.com However, if you do so, you may not be able to use our website or our services further.
We may process information on the basis there is a legitimate interest, either to you or to us, of doing so.
Where we process your information on this basis, we do so after having given careful consideration to:
- whether the same objective could be achieved through other means
- whether processing (or not processing) might cause you harm
- whether you would expect us to process your data, and whether you would, in the round, consider it reasonable to do so
For example, we may process your data on this basis for the purposes of:
- record-keeping for the proper and necessary administration of our business
- responding to unsolicited communication from you to which we believe you would expect a response
- protecting and asserting the legal rights of any party
- insuring against or obtaining professional advice that is required to manage business risk
- protecting your interests where we believe we have a duty to do so
- promoting the relevant products and services we offer to existing customers
We may on occasions pass your Personal Information to third parties to process on our behalf. We require these parties to agree to process this information based on our instructions and requirements consistent with this Privacy Notice and GDPR.
We do not broker or pass on personal information gained from your engagement with us without your consent. However, we may disclose your Personal Information to meet legal obligations, regulations or valid governmental request. We may also enforce our Terms and Conditions, including investigating potential violations of our Terms and Conditions to detect, prevent or mitigate fraud or security or technical issues; or to protect against imminent harm to the rights, property or safety of our employees, clients and/or the wider community.
Except as otherwise mentioned in this privacy notice, we keep your personal information only for as long as required by us:
- to provide you with the services you have requested
- to comply with other law, including for the period demanded by our tax authorities
- to support a claim or defence in court
Data may be processed outside the European Union
We may use third party services in countries outside the European Union from time to time. Accordingly, data obtained within the UK or any other country could be processed outside the European Union.
We only transfer data outside the European Union where the European Commission has decided that the country, a territory or one or more specific sectors in the third country, or an international organisation ensures an adequate level of protection.
We take protecting your data seriously both as a data controller and processor; we employ organisational and technical security measures to protect your data from unauthorised or unlawful processing, against accidental loss or destruction, or damage. Some of the measures implemented where they are effective against the risks requiring mitigation include:
- encryption of data at rest and in transit
- multi factor authentication for remote access
- physical access control
- logging and monitoring of access to networks and data
- employees are bound by appropriate confidentiality obligations and are only granted access where required
- systems are patched to protect against known vulnerabilities
Your Rights as a Data Subject
At any point whilst we are in possession of or processing your personal data, all data subjects have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records
- Right to restriction of processing – where certain conditions apply you have a right to restrict the processing
- Right of portability – you have the right to have the data we hold about you transferred to another organisation
- Right to object – you have the right to object to certain types of processing such as direct marketing
- Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling