In this policy, the terms We, Us, Our means Sync (“Sync”) a trading name of GBM Digital Technologies Ltd of 16-18 Midland Street, Ardwick, Manchester, M12 6LB.
GBM Digital Technologies Limited is a subsidiary of GBM Digital Technologies Holdings Limited, which is a subsidiary of GBM Digital Technologies Group Limited.
We are an ICT hardware and services provider, providing technology-oriented products and services to consumers, businesses, educational establishments, charities, and public sector bodies.
POLICY BRIEF AND PURPOSE
The Information Commissioners Office (ICO) defines Personal Data as “any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier”.
We may request Personal Data from you in order to provide you with a product, service, or information (including quotations, or support). You do not have to provide us with your Personal Data. Where you have chosen not to provide us with your Personal Data, we may be unable to provide you with your required product, service, or information.
HOW PERSONAL DATA IS COLLECTED
Personal Data is predominantly collected by phone, email, our website (www.wearesync.co.uk), fax, face to face meetings and post. Sending Personal Data to us is done at your own risk. Our internal processes have been designed to keep your Personal Data safe once it has been received.
WHERE PERSONAL DATA IS STORED AND HOW IT IS PROTECTED
We may store your Personal Data in both electronic and paper-based formats, utilising the following security mechanisms to ensure that your Personal Data is secure:
- Cyber security systems are in place to protect our network, servers, and computers.
- All company-owned computers are managed and encrypted.
- Company email is provided through Microsoft 365, hosted and secured by Microsoft.
- Our website is hosted and secured by Amazon Web Services (AWS). We also utilise some of CloudFlare’s web services.
- Automated website emails may be sent using SMTP2GO. This may include transactional emails when purchasing products from our website.
- Where Personal Data is processed using a tool, service or database provided by a third party, such as Fixably, MailChimp or others, additional security is enabled where possible. Security examples include: Two-Factor / Multi-Factor Authentication, and / or IP address locking.
- Our phone system is hosted by Microsoft and secured by 3CX.
- Physical security systems have been adopted to prevent unauthorised access to the premises – this includes the use of CCTV.
- Alongside the CCTV system provided by us, we also utilise an external security provider, Taurus, who have their own security systems in place to protect our head office (16-18 Midland Street, Ardwick, Manchester M12 6LB). Taurus have their own external CCTV system on our building.
We do not store Sensitive Personal Data, such as Debit or Credit card details, other than as required for fraud prevention or legal purposes.
Whilst some data can be immediately deleted, other data must be retained by us for a defined period. We retain multiple types of data, including Personal Data in order to:
- Provide our personnel and customers with a consistent and high quality experience.
- Meet our legal requirements.
- Assist with accident, incident, or fraud investigations and prevention.
All data is categorised, based on what it relates to, and then each category is retained for a defined period:
- We retain our customer’s Personal Data for the term of the relationship + 6 years.
- Operational Data (such as non-personal data) is retained as long as it is deemed necessary, and may be deleted at any time. This data is retained for a maximum of 5+1 years.
WHAT PERSONAL DATA IS COLLECTED
- When requesting a quotation, booking a product in to our Service Centre/s, applying for a Credit Account, registering for an event or training session, using our web services and / or those provided by a third party (such as our online store or service portal’) or completing an online survey, we may collect the following Personal Data: full name, title, address, email address, occupation, place of work, phone number, mobile phone number, contact preferences, website address, and/or IP address.
- When you purchase products or services, we may collect the following information: full name, title, address, email address, occupation, place of work, phone number, mobile phone number, contact preferences, website address, payment information, and/or IP address.
- When you purchase a product which includes a discount based on your employment or status, such as ‘Teacher’, ‘Student’, or ‘Registered Carer’ discount, we may collect the following information: full name, title, address, email address, occupation or status, place of work or study, phone number, mobile phone number, contact preferences, website address, payment information, IP address and / or proof of status (such as a Teacher / Student / Registered Carer ID card).
- CCTV is used to help us secure our business locations, and may include the capture of both image and sound.
- We may utilise call recording, this may capture your voice, and any Personal Data shared by during the call.
WHY PERSONAL DATA IS COLLECTED AND HOW IT IS USED
- The Personal Information we collect from you allows us to provide you with a positive experience when working with us, and also allows us to provide you with products, services, and general advice.
- We may use your Personal Information to perform internal data analysis, in order to improve products, services, and marketing.
- Where you provide us with consent to market to you, such as via a newsletter sign up form or other, we may send you promotional materials from time to time.
- We may use your Personal Data to ask about the quality of the experience you received from us (commonly referred to as Customer Satisfaction or CSAT).
- We may use your Personal Data to share relevant updates and information through Legitimate Interest.
- We may also collect your Personal Information for fraud-prevention purposes.
- On occasion, we may send you important information relating to a product or service purchased by you from us – this includes changes to terms of service, or other policies. Due to the important nature of these communications, you cannot opt out of them.
- Through our phone system (3CX), we may utilise call recording, with calls processed for internal review, to support with internal training, and / or to help us enhance the quality of our service. Inbound callers will be notified that calls are being recorded prior to commencing the call. Outbound callers will notify customers about where their call is being recorded – prior to proceeding with the call. Not all calls are recorded, and operators are able to disable call recording as required.
DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
- When you purchase, or enquire in to purchasing products and / or services from us, we may share your Personal Data with third parties for the purpose of providing you with information, products or services. This may include manufacturers, distributors, couriers, finance houses/lease companies, insurers, and in the case of services, external service providers. We may also add your Personal Data in to our accounts system and / or Customer Relationship Management (CRM) system. These details may include: name, address, email address, occupation, place of work, and phone number.
- We may periodically run promotional and / or advertorial activities with third parties, including Sky AdSmart, and others. In order to understand the impact of this activity, we may utilise analytical services, using technologies like Cookies to facilitate reporting. Data collected through these analytical services may be shared with third parties in relation to these campaigns, with a view to matching up, analysing, and comparing data with other data sets. Where this is the case, we will use best-practice data management practices, such as data pseudonymisation, to ensure that personal data is kept secure.
- Where you request a quotation for a large quantity of products, or for specific product lines, we may register a deal with a manufacturer or distributor / reseller with a view to providing you with enhanced benefits relating to your purchase. This could include additional discount, services, warranty or other such benefits. We may also add your Personal Data in to our accounts system and / or Customer Relationship Management (CRM) system. These details may include: name, address, email address, occupation, place of work, and phone number.
- In order to process your repair we will share your Personal Data with Apple, via their ‘Global Service Exchange’ online repair database, and Fixably. Fixably provide us with a web-based service database, that facilitates Apple device repair management. Fixably provides automated transactional emails to update Customers on the status of their repair. We may also add your Personal Data in to our accounts system and / or Customer Relationship Management (CRM) system. These details include: name, address, email address, occupation, place of work, and phone number. We may also share your details with a courier to return your device after service.
- Where you have consented to receive marketing communications from us, or where we act through legitimate interest, we may share your Personal Data with external agencies (such as MailChimp, SurveyMonkey, or others), who may manage our marketing and / or communications on our behalf. These details include: name, address, email address, occupation, place of work, and phone number.
- Where a customer has a support contract with a us, we may also collect Personal Data about the people within that organisation. We may also add your Personal Data in to our accounts system and / or Customer Relationship Management (CRM) system. This may include: name, email address, occupation, place of work, phone number, IP address.
- We may pass on your Personal Data to other external parties where required by law to do so. This includes providing access to HMRC, and for fraud prevention purposes.
- We will not share your Personal Data with any third parties for commercial purposes.
- We will not share your Personal Data with third parties for the sole purpose of allowing them to market to you directly.
NON PERSONAL DATA
- We may also collect non-Personal Information. Non-Personal Information may be used to: Provide you with a product or service, enhance our products or services, or perform internal data analysis.
- Where you are acting as a Consumer or Sole Trader, non-Personal Information may consist of: Postcode, location, occupation / job title, place of work, and details of your enquiry; for example, if you have logged a repair with us, we may collect the serial number and fault details of the machine in question.
- Where you are acting on behalf of an organisation, in addition to collecting your postcode, location, job title, place of work, and details of your enquiry, we may also collect the name and type of the organisation you are acting on the behalf of (where the employer is not a Sole Trader). We may also collect details about the organisation, including organisation phone number, organisation fax number, VAT number, company registration number, website address, generic email addresses, and number of employees.
In order to be able to offer you Klarna’s payment options, we will pass certain aspects of your personal information to Klarna, such as contact and order details, in order for Klarna to assess whether you qualify for their payment options and to tailor the payment options for you.
Whilst we have detailed some of the Cookies that we may be active on our website, the Cookies used on our website may vary from time to time. Full detail of all Cookies used on our website is available using the pop up Cookie tool (provided by Cookiebot), which is presented to you when you arrive on any page of our website. This includes full detail about any and all Cookies live on our website, and also categorises Cookies as: Necessary, Preferences, Statistics, Marketing or other.
THIRD PARTY LINKS
KEEPING YOUR DATA UP TO DATE
If you believe that any data we hold on you is incorrect, or your would like us to update any of the information we currently hold on you, please contact us by phone: 0161 605 3838, email: email@example.com or in writing to us: Sync powered by GBM, 16-18 Midland Street, Ardwick, Manchester M12 6LB.
YOUR RIGHT TO OPT OF MARKETING
If you have provided us with your consent to send you marketing communications, you can opt out at any time by phone: 0161 605 3838, email: firstname.lastname@example.org or in writing: Sync powered by GBM, 16-18 Midland Street, Ardwick, Manchester M12 6LB. All communications will also include the option to ‘opt out’ of such future communications, or ‘update your details’ as required.
YOUR RIGHT OF ACCESS
In accordance with the Data Protection Act 2018 you have the right to access any information that we hold relating to you. You can request a copy of your data by phone: 0161 605 3838, email: email@example.com or in writing to us: Sync powered by GBM, 16-18 Midland Street, Ardwick, Manchester M12 6LB.
YOUR RIGHT TO ERASURE
In accordance with the Data Protection Act 2018 you have the right to request that all of your Personal Data is erased from our systems. This may exclude some data types, for example, where we are required to retain your data by law, for HMRC, or anti-fraud measures. To exercise your right to erasure, please contact us by phone: 0161 605 3838, email: firstname.lastname@example.org or in writing to us: Sync powered by GBM, 16-18 Midland Street, Ardwick, Manchester M12 6LB.
YOUR RIGHT TO DATA PORTABILITY
In accordance with the Data Protection Act 2018 you have the right to request that we provide you with a data portability service, to allow you to obtain and reuse your Personal Data. We may be required to retain some data types, for example, where we are required to retain your data by law, for HMRC, or anti-fraud measures. To exercise your right to data portability, please contact us by phone: 0161 605 3838, email: email@example.com or in writing to us: Sync powered by Sync powered by GBM, 16-18 Midland Street, Ardwick, Manchester M12 6LB.
COMPLAINTS TO A SUPERVISORY AUTHORITY
You have the right to lodge a complaint with a supervisory authority with regards to the way that Sync processes your personal data. Sync recommends lodging a complaint with the ‘Information Commissioner’s Office (ICO)’. This is the UK’s supervisory authority and is the one which Sync is registered with.
QUESTIONS ABOUT PRIVACY