As part of the General Data Protection Regulations that came into force on 25 May 2018, we have updated our Privacy Notice to clarify how we collect, share and retain personal data.
Who we are
We are your IT Support and Services provider. We may hold certain personal information known as “personal data” about our customers’ employees.
Because we decide the purpose for and the means by which personal data is held and processed, we are known as the “data controller” for our customers’ data.
What information we collect
Subject to the exact Support and Services we provide to your company we may hold some or all of the following information about you:
- Name
- Company name
- Company address (and your home address if you work from home on occasion)
- Company email address (and your personal email address if you have used this in
connection with your work)
- Company telephone number (and your mobile number if you use this for work
related calls)
How we use the information
We process personal data about you, in our role as data controller, for the proper handling of all matters relating to the Support and Services contract we provide to your company, including its administration and management.
Your personal data will generally be collected when your company commences a Support and Services contract with us or when you contact us directly for Support or Services (eg via a support ticket). We will not collect any personal data we do not need.
Personal data collected by us is held on computer systems. As the data controller, we process this fairly and lawfully.
The legal basis for our use of your personal data will generally be one or both of the following:
- We need to process your personal data for the legitimate interests of: administrating and managing Support and Services contracts and liabilities under it and performing our obligations in relation to these services.
- The processing is necessary for the performance of a contract to which your company is party.
We do not collect or hold any “sensitive personal data” about you (such as details
relating to health, racial or ethnic origin, religious or similar beliefs, sexual orientation and political affiliations).
Who we share it with
All personal data we collect is processed by Cilix staff in the UK. However, for the purposes of data storage and maintenance, this information may be located on servers based within the European Union and the USA. No third parties have access to your personal data unless the law allows them to do so.
All third parties we use for these purposes have their own Privacy Policies with regard to GDPR and are bound to provide the same levels of privacy to our own.
What we would also like to do with it
We would like to use your name and email address to inform you of IT-related issues (eg Security Notifications and Alerts) and other information that is directly related to the Support and Services that we provide. This information is not shared with third parties and you can unsubscribe at any time via phone or email.
How long we keep it
We will only keep your personal data for as long as we need to in order to fulfil the purposes as described. In practice this means we will retain your data for such period as your company retains our Support and Services and for so long afterwards as may be required to deal with any questions or complaints that we may receive about the
contract. We may also retain your data for a longer period to comply with our legal obligations.
Personal data we use for security information and alerts will be kept until you notify us that you no longer wish to receive this information.
Your rights
- You have a right to know what personal data is held about you, who holds it and how it is processed.
- You have a right to access the personal data held about you and have a copy provided to you in digital format.
- If you believe the personal data held is wrong or incomplete you can ask for it to be corrected.
- You can request that your personal data be deleted or removed if there is no compelling reason for it to continue to be processed, though we can override such
a request in certain circumstances.
- You may require us to limit the processing of your personal data in certain
circumstances, such as where a complaint about its accuracy is being
investigated.
- As legitimate interests are part of the reason for processing, you can object to
your personal data being processed, although we can override your objection in
certain circumstances.
- Where you have consented to the processing of your personal data, you may
withdraw the consent at any time by notifying us. However, withdrawing consent doesn’t affect processing of any personal data which took place beforehand and it may be possible for us to keep processing your personal data where it is justified (eg if this is required for the administration of your company’s support and services agreement with us).
Who to contact
If at any point you believe the information we process on you is incorrect you may request to see this information and have it corrected. If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.
Our Data Protection Officer is Sean Connolly (sean@cilix.co.uk).
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).