Priority IT Solutions Ltd understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of all of our customers and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.
For the purposes of data protection legislation in force, the data controller is Priority IT Solutions Limited, The Barn, Mill Lane, Westbury BA13 4LD.
Our nominated Data Protection Officer is Kieran Thomas
Email address: kieran@priorityit.co.uk
Telephone number: 01225 636000
What does this notice cover?
This Privacy Information explains how we use your personal data: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data.
What is personal data?
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
What are my rights?
Under the GDPR, you have the following rights, which we will always work to uphold:
The right to be informed about our collection and use of your personal data. This Privacy Notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions by contacting our Data Protection Officer.
The right to access the personal data we hold about you.
The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete.
The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have.
The right to restrict (i.e. prevent) the processing of your personal data.
The right to object to us using your personal data for a particular purpose or purposes.
The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract or service, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
Rights relating to automated decision-making and profiling. We do not use your personal data in this way.
Further information about your rights can also be obtained from the Information Commissioner’s Office.
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
What personal data do you collect?
We may collect some or all of the following personal data (this may vary according to your relationship with us):
- Name
- Business Address
- Email addresses
- Telephone numbers
- Business name
- Job title
- Technical details of your business for IT services.
How do you use my personal data?
Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract or with you, provision of a service to you which you’ve asked us to provide, because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it. Your personal data may be used for one of the following purposes:
Providing and managing your account.
Supplying our products and/or services to you. Your personal details are required in order for us to enter into a contract with you.
Communicating with you. This may include responding to emails or calls from you
Supplying you with information by email and/or post that you have opted-in to (you may unsubscribe or opt-out at any time by using the unsubscribe link at the bottom of each of our emails, or by emailing our Data Controller directly to request removal).
With your permission and/or where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you by email with information, news, and offers on our products and/or services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out.
How long will you keep my personal data?
We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Your personal data will therefore be kept for the following periods (or, where there is no fixed period, the following factors will be used to determine how long it is kept):
- Personal data will be retained as long as we are delivering products and/or services to you and your business, and for a period of 12 months after the end of the service delivery.
- Some personal data may be kept for up to 7 years for accounting purposes.
How and where do you store or transfer my personal data?
We will only store or transfer your personal data in the EU. We use specific contracts with external third parties that are approved by the European Commission for the transfer of personal data to third countries. These contracts ensure the same levels of personal data protection that would apply under the GDPR.
The security of your personal data is essential to us, and to protect your data, we take a number of important measures, including the following:
Our IT systems are protected with AntiVirus, AntiMalware and Firewall software, End Point Firewalls and 2 Factor Authentication, Disk Encryption and secure password protection. Our email system is Office 365, which stores all data within Bitlocker Encryption. Office 365 also send all emails via Opportunistic Encryption TLS 1.2.
Our system backups are stored within the UK and taken multiple times daily.
Our staff are trained in data protection and privacy as part of their induction process, and data privacy and data management procedures and information is available to them in our staff handbook.
Do you share my personal data?
In most cases we will not share your personal data with any third parties. Exceptions to this include, Hardware / Software License Agreements, Vendor Warranties and Warranty Claims. We will inform and ask for permission prior to sharing.
In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
How can I access my personal data?
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.
All subject access requests should be made in writing and sent to the email or postal addresses to the nominated DPO.
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within 28 days and, in any case, not more than one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
Priority IT Solutions, Data Processor: Privacy notice for data processing
Most services we provide mean we act or your Data Processor for your Data. As such we have included a brief description how we protect your data.
Privacy policy with respect of offsite backup data
As part of the services Priority IT Solutions Limited provides, All Offsite Data is securely stored and hosted within Priority IT premises within the UK. All Offsite Data is encrypted to AES 256 BIT at both customer and at Priority IT Premises.
OffSite Backups are accessed by only Authorised and Suitably Trained staff, to ensure backups are consistent, verified and tested to ensure your data can be restored. You will be notified every time we do a restore test for you.
Privacy policy with respect of client hardware
As part of the services Priority IT Solutions Limited provides, client hardware may be located at Priority IT for diagnostic and repair services. We will assume Client Hardware will contain personal data. We have fixed processes and procedure to ensure personal data is protected. These process and procedure are available on request, please contact Data Protection Officer.
Privacy policy with respect of secure data erasure (hardware / asset disposal)
As part of the services Priority IT Solutions Limited provides, we transfer any hardware disposal to a 3rdParty Company called “Tech Recycle Limited”. While your hardware is in our premises, it is logged and securely locked and monitored. We keep an precise inventory of all data storage hardware and track it’s destruction / erasure. We will confirm with you, when Tech Recycle Limited has confirmed completion of Erasure. Any erasable functioning media is wiped using a multipass binary overwipe. Any non-functioning or non-erasable media is shredded. Whichever method is used, the data is completely and irretrievably destroyed. The destruction process meets or exceeds many internationally recognised standards including the UK’s Communications–Electronics Security Group’s (CESG’s) HMG Infosec Standard No. 5 and US Army AR380-19 DoD 5220.22 M. A data destruction confirmation is provided at the end of the process.
Any Hardware we our asked to securely wipe of behalf or our customers, will be wiped using 3 Rounds of PRNG (Random Data) written to the entire disk. Ensuring Personal Data cannot be recovered.
How do I contact you?
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please contact the Data Protection Officer.
Changes to this Privacy Notice
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.
Any changes will be made available through the privacy notice available on our website.