In this policy, the terms We, Us, Our means Sync (“Sync”) a trading name of GBM Digital Technologies Ltd of 16-18 Midland Street, Ardwick, Manchester, M12 6LB.
Sync are an ICT hardware and services provider, providing technology-oriented products and services to consumers, businesses, educational establishments, charities, and public sector bodies.
POLICY BRIEF AND PURPOSE
The Information Commissioners Office (ICO) defines Personal Data as “any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier”.
We may request Personal Data from you in order to provide you with a product, service, or information (including quotations, or support). You do not have to provide us with your Personal Data. Where you have chosen not to provide us with your Personal Data, we may be unable to provide you with your required product, service, or information.
HOW PERSONAL DATA IS COLLECTED
Personal Data is collected through an internet-enabled tablet. Providing us with your Personal Data is your choice and is done at your own risk. Our internal processes have been designed to keep your Personal Data safe once it has been received.
All data collected is stored on our marketing partner (Nimlok – Nimlok.co.uk), using an online database.
WHERE PERSONAL DATA IS STORED AND HOW IT IS PROTECTED
We may store your Personal Data in both electronic and paper-based formats, utilising the following security mechanisms to ensure that your Personal Data is secure:
• Nimlock ensure that the collected data is hashed and encrypted, whilst stored.
• Nimlok provide a secure copy of the data to Sync, and subsequently delete the data after 7 days, or after confirmation that Sync has received it.
Once Sync receive the data, the following controls are implanted to keep the data secure:
• Cyber security systems are in place to protect our network, servers, and computers.
• All company-owned computers are managed and encrypted.
• Company email is provided through Microsoft 365, hosted and secured by Microsoft.
• Where Personal Data is processed using a tool, service or database provided by a third party, such as MailChimp or others, additional security is enabled where possible. Security examples include: Two-Factor / Multi-Factor Authentication, and / or IP address locking.
• Physical security systems have been adopted to prevent unauthorised access to the premises – this includes the use of CCTV.
• Alongside the CCTV system provided by us, we also utilise an external security provider, Taurus, who have their own security systems in place to protect our head office (16-18 Midland Street, Ardwick, Manchester M12 6LB). Taurus have their own external CCTV system on our building.
Whilst some data can be immediately deleted, other data must be retained by us for a defined period. We retain multiple types of data, including Personal Data in order to:
• Provide our personnel and customers with a consistent and high quality experience.
• Meet our legal requirements.
• Assist with accident, incident, or fraud investigations and prevention.
All data is categorised, based on what it relates to, and then each category is retained for a defined period:
• We retain our customer’s Personal Data for the term of the relationship + 6 years.
• Operational Data (such as non-personal data) is retained as long as it is deemed necessary, and may be deleted at any time. This data is retained for a maximum of 5+1 years.
WHAT PERSONAL DATA IS COLLECTED
By completing the form, you are providing us with the following data:
• Your name
• Your email address
• Confirmation that you are at least 16-years old
• Confirmation as to whether or not you are a student
WHY PERSONAL DATA IS COLLECTED AND HOW IT IS USED
• The Personal Information we collect from you allows us to provide you with a positive experience when working with us, and also allows us to provide you with products, services, and general advice.
• We may use your Personal Information to perform internal data analysis, in order to improve products, services, and marketing.
• Where you provide us with your data at an event, we may send you relevant promotional materials from time to time.
• We may use your Personal Data to ask about the quality of the experience you received from us (commonly referred to as Customer Satisfaction or CSAT).
• We may use your Personal Data to share relevant updates and information through Legitimate Interest.
• We may also collect your Personal Information for fraud-prevention purposes.
• On occasion, we may send you important information relating to a product or service purchased by you from us – this includes changes to terms of service, or other policies. Due to the important nature of these communications, you cannot opt out of them.
DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
• Where you have consented to receive marketing communications from us, or where we act through legitimate interest, we may share your Personal Data with external agencies (such as MailChimp, SurveyMonkey, or others), who may manage our marketing and / or communications on our behalf. These details include: name, address, email address, occupation, place of work, and phone number.
• We may pass on your Personal Data to other external parties where required by law to do so. This includes providing access to HMRC, and for fraud prevention purposes.
• We will not share your Personal Data with any third parties for commercial purposes.
• We will not share your Personal Data with third parties for the sole purpose of allowing them to market to you directly.
NON PERSONAL DATA
• We may also collect non-Personal Information. Non-Personal Information may be used to: Provide you with a product or service, enhance our products or services, or perform internal data analysis.
• Where you are acting on behalf of an organisation, in addition to collecting your postcode, location, job title, place of work, and details of your enquiry, we may also collect the name and type of the organisation you are acting on the behalf of (where the employer is not a Sole Trader). We may also collect details about the organisation, including organisation phone number, organisation fax number, VAT number, company registration number, website address, generic email addresses, and number of employees.
KEEPING YOUR DATA UP TO DATE
If you believe that any data we hold on you is incorrect, or your would like us to update any of the information we currently hold on you, please contact us by phone: 0161 605 3838, email: email@example.com or in writing to us: Sync, 16-18 Midland Street, Ardwick, Manchester M12 6LB.
YOUR RIGHT TO OPT OUT OF MARKETING
If you have provided us with your consent to send you marketing communications, you can opt out at any time by phone: 0161 605 3838, email: firstname.lastname@example.org or in writing: Sync, 16-18 Midland Street, Ardwick, Manchester M12 6LB. All communications will also include the option to ‘opt out’ of such future communications, or ‘update your details’ as required.
YOUR RIGHT OF ACCESS
In accordance with the Data Protection Act 2018 you have the right to access any information that we hold relating to you. You can request a copy of your data by phone: 0161 605 3838, email: email@example.com or in writing to us: Sync, 16-18 Midland Street, Ardwick, Manchester M12 6LB.
YOUR RIGHT TO ERASURE
In accordance with the Data Protection Act 2018 you have the right to request that all of your Personal Data is erased from our systems. This may exclude some data types, for example, where we are required to retain your data by law, for HMRC, or anti-fraud measures. To exercise your right to erasure, please contact us by phone: 0161 605 3838, email: firstname.lastname@example.org or in writing to us: Sync, 16-18 Midland Street, Ardwick, Manchester M12 6LB.
YOUR RIGHT TO DATA PORTABILITY
In accordance with the Data Protection Act 2018 you have the right to request that we provide you with a data portability service, to allow you to obtain and reuse your Personal Data. We may be required to retain some data types, for example, where we are required to retain your data by law, for HMRC, or anti-fraud measures. To exercise your right to data portability, please contact us by phone: 0161 605 3838, email: email@example.com or in writing to us: Sync, 16-18 Midland Street, Ardwick, Manchester M12 6LB.
COMPLAINTS TO A SUPERVISORY AUTHORITY
You have the right to lodge a complaint with a supervisory authority with regards to the way that Sync processes your personal data. Sync recommends lodging a complaint with the ‘Information Commissioner’s Office (ICO)’. This is the UK’s supervisory authority and is the one which Sync is registered with.
QUESTIONS ABOUT PRIVACY