1 Why do we need to have a Privacy Policy
1.1 This Privacy Policy explains in detail how we collect, use, share, and protect your information when you interact with us. It will also provide you with a better understanding of your rights relating to your data and how you can exercise those rights.
1.2 We encourage you to take the time to carefully read the sections below. We would also ask that you share this Privacy Policy with anyone whose personal data you intend to share with us.
2. Purpose of a Privacy Policy
2.1 As a data processor, the reason why we have to process your data is that we are legally obliged to do so under our own contract with your data controller.
2.2 In addition to Clause 2.1, the data controller provides us with your data so that we can fulfil our statutory obligations.
2.3 We have legitimate reasons to hold your data as may we record and monitor our calls for training purposes, so that we can maintain the quality of the data that we hold about you.
2.4 This helps us to appropriately manage the data we receive and process about you from our clients, who are the data controllers.
2.5 In addition to Clause 2.5, it helps us so that we maintain any legal and/or regulatory requirements that are required for us to keep such records.
3. Who administers the Privacy Policy
3.1 TOTAL COMPUTERS & ACCESSORIES LIMITED trading as Clearsky IT, whose registered office address is at Westfield House, Bratton Rd, Westbury, Wilts, BA13 3EP. (Registered Company Number: 03136678)
3.2 For the purposes of this policy, we will be your Data Processor for any data that may bypass us. From time to time, any data that passes through may be on written instructions from the Data Controller.
3.3 Clearsky IT has a dedicated Data Protection Officer. Should you wish to exercise any of your rights under either the GDPR and/or Data Protection Act, or have any other queries regarding our privacy policy – please direct any enquiry to the Data Protection Officer at the address that appears under Clause 2.1.
4. Types of Personal Information that we process
4.1 Personal information that we receive is dependent on the type of information that is passed to us by the Data Controller. We will not process any information about you that we do not actually need in order to provide our services to the Data Controller.
4.2 The types of information that we are likely to process are:
a) Personal details: this is usually your name and title.
b) Contact details: email address; mobile number; landline telephone number and/or alternative telephone number.
c) Business address: including business name; building signplate; building number; postcode; street name; town and county.
d) Credit/debit card details: such as 16 digit card number, name stated on the card, expiry date, and CV2 number, bank account details as applicable.
e) Records of your communication with us: call recordings; emails; text messages; survey comments; complaints regarding data controller products or services made in any form, including complaints made verbally, by email, letter and/or using the data controller online forms.
f) Marketing communication, such as data received from our data controller.
g) Telemetry information: mobile phone location data and IP address (unique to identifying your computer); server requests; all web pages viewed; details of browsing (including browser type, timings and connections, updates and exceptions)
h) Fraud and theft information: such as suspected or actual instances of fraud and/or theft.
i) Information we obtain from third parties: third party databases available to our data controllers for which we process information through.
5. Disclosing or sharing your information
5.1 In addition to Clauses: 2.1; 2.5 and 3.2, the only time we will disclose your personal data is under the following circumstances:
a) We have to transfer your data to another data processor as the data controller has stopped being our client.
b) It has been authorized by you, under the data controller terms and conditions.
c) It is with regulatory bodies, such as the police and any other government agency.
d) It is with fraud prevention agencies.
e) It is required by law.
f) It is provided to our data controllers to the full extent required by the law, and that any data you provide to us is shared as the minimum contractual obligation that we are required to fulfil as a data processor.
6. Your rights under the data protection act
If you feel that your data has been misused in any way, then you have certain rights under the UK legislation, which is as follows:
a) Ask for a free copy of any data that we hold about you.
b) Ask for a correction on any inaccurate information held about you.
c) Withdraw any permission you have previously given us to process your data except where it is critical to us fulfilling our minimum obligations under Clause 5f)
d) Obtain, move, copy, transfer your information in a format that enables you to transfer that data to another organization
e) Request that we suspend processing your data.
f) In addition to Clause 6e), if we still need to process your data, it may be subject to certain exemptions.
g) Complain to the ICO if you are not satisfied with the use of your data www.ico.org.uk
7. How we keep your data secure
We take your data seriously, and that for us is an important asset. We therefore take reasonable efforts to ensure that the necessary measures are in place to prevent unauthorized or inappropriate access to your data.
To avoid your data breaching our server, we take pride in carrying out the following:
a) Making regular backup of files.
b) Protecting file servers and workstations with virus scanning software.
c) Using system passwords so that the access to your data is kept secure.
d) Allowing only authorized personnel to use your data
e) Using encrypted techniques to code data when in transit between the data controller and us, the data processor.
f) Ensure that staff are given specific rights to any system to enable them to perform their job function properly.