Last modified: 15 May 2018
1. Data protection principles
Below are Instant On IT’s fundamental principles when it comes to data privacy:
- Be clear and transparent about what data we collect and the reason why.
- Always process your information in a fair and legitimate way.
- Do not keep your data for longer than necessary.
- Aim to ensure that information is accurate and correct as it has been provided to us. If you have changed your details and informed us, we will update our database to reflect this.
- In line with GDPR, assess the lawful reason for collecting personal data and only use data for the specific purpose for which it is collected.
- Enable you to make amendments to personal data, where possible, if details are incorrect or outdated.
- Process your data with appropriate safeguarding measures to keep your information secure.
- Ask for your permission should we need to share your personal information with a third party, unless it is necessary for a legal obligation or necessary for us to provide the service you expect from us.
2. What information do we collect, how do we collect it and why do we collect it?
We only collect information about you if we have a reason to do so – for example, to provide our Services, to communicate with you, to optimise your service experience or to make you aware of services that are relevant to your business. Care is taken to limit personal data collected to what is necessary for the specific intended purpose.
a. Information we collect in order to provide our service
If you are a client of ours, we have contractual obligations in place and process some of your personal data, so we can provide you with the service you expect from us.
We are likely to need to collect your contact information and specific IT information to fulfil the service agreement we have in place, to communicate changes to the services being provided or, from time to time, to make you aware of advancements that are likely to have a positive impact on your service or your cost base. We also collect information if you voluntarily complete a customer survey or provide feedback so that we can continue to improve service levels.
Personal data collected might include your name, phone number, email address, address and IP address, and is kept to a minimum in any instance. However, this data is controlled by you and can be updated on request.
b. Information we collect in order to respond to an enquiry
If you make an enquiry with us, the information you provide in the enquiry may be collected. This may be provided voluntarily or requested to make sure we have the information we require in order to respond to your enquiry.
The nature of the information we hold will depend upon how you choose to communicate with us, such as over the phone, by email or post.
If you have provided us with personal information to apply for a job with us, we will only process the information required for the application and will only keep your personal information for as long as required by law.
If you enquire about our services, you may voluntarily provide us with personal data or we may ask for this information, which we may use in combination with publicly available information in order to provide as complete a response as possible. This is typically limited to name, job role, email address and contact number.
c. Information we collect if you visit our website or social media sites
i. Visitors to our website
We use WordPress, a third-party service, to publish our website. We may use the standard statistics provided by Google Analytics to collect information on users’ activity on our website and the pages within the website. We process this data collectively rather than at an individual level. Trend data may be referenced from time to time, to understand which pages of our website are most popular and how we can improve our digital services.
ii. Social media
Our website contains links to our social media sites: Twitter and LinkedIn. If you engage with us on these sites, i.e. you comment on, share or like one of our posts, your action could be accessed publicly.
d. Information we hold for marketing purposes
If you are not a client of ours currently but are a business contact of ours with a legitimate interest in our services, we would like to send you limited, relevant information from time to time about specific services we offer. We would also like to invite you to relevant events we are hosting.
Instant On IT has taken on board ICO guidance and has proactively carried out a Legitimate Interest Assessment, recording that legitimate interest is the lawful reason for processing the marketing data we hold.
Business contact information is maintained where we have established a direct relationship around your business needs and the services we are able to provide or resulting from our independent primary research using publicly available information. Personal data we hold in this respect within our CRM system is limited to business email address, business telephone number and job function, and data is cleansed regularly if a business relationship is not developed or sustained.
If you no longer wish to receive this type of contact from us, you can let us know at any time and this will be actioned immediately. To do this is straightforward: the method of ‘opting out’ will be consistent and clear on any marketing information you receive from us, in line with industry best practice. Alternatively, you can contact us at any time at firstname.lastname@example.org stating that you no longer wish to be contacted for marketing purposes. If you request not to be contacted further, your data will be suppressed rather than deleted, to ensure we do not contact you again.
3. Where do we store your data?
The nature of the data being collected, why it is being collected and how we collect your data determines where we store the data. In all circumstances, data is stored with appropriate security measures in place to ensure it is protected and access to personal data is restricted to the relevant job function.
4. Who do we share your personal information with?
We use your data for the specific purpose it is collected or as agreed specifically with you. We only share data with third-parties, with consent, if essential to provide an improved level of service; if required by law or to respond to a legal process; to protect our customers and to maintain the security of our products.
5. How long will we keep your information for?
We will keep your personal information only for as long as it is relevant and useful for the purpose for which it was originally collected, or as required by law.
6. Information security
We take information security extremely seriously. Our security policies cover both our internal processes and procedures as well as the service we provide to our clients. We hold the ISO 27001 certification which means that our security policies and internal operations are aligned with this security standard. We are also Cyber Essentials Plus certified as well as being Cyber Essentials practitioners. We take all reasonable precautions to prevent misuse or destruction of, and modification or unauthorised access to your personal data.
7. Your rights
You have a number of rights relating to your personal data, including to see what we hold, to ask us to share it with another party, to ask us to update incorrect or incomplete details, and to ask us not to use your data any longer.
You can contact us by email at email@example.com and we will treat any requests to access, modify or delete personal information in our databases in accordance with applicable legal requirements
a. Access requests
If you would like to make a request to access the information we hold about you, please contact us and you will be provided with a request form to complete. In line with data protection legislation, on completion of the required details, we will provide this information free of charge within 30 days, unless the request is complex or lengthy in nature, in which case we will then provide you with a reasonable time frame and the reason for the delay.
b. Modifications to personal data
If your personal information has changed or you believe our records are incorrect, please contact us as soon as possible so we can update them.
c. Removal of personal data or requests to stop processing data
You may also request that we stop processing data or remove data from our records. If a request of this nature is made, we will contact you if we need any further information and accordingly to confirm the outcome of the request.
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of our website and to compile statistical reports on site activity. We send cookies to your computer primarily to enhance your online experience.
You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases some of our website features may not function well as a result.
10. How to contact us