Swan Digital Ltd Privacy Policy
PRIVACY POLICY & SUBJECT ACCESS REQUEST PROCEDURE
Contents
PRIVACY POLICY
1. Who are we?
2. Changes to our privacy policy
3. How the law protects you
4. Types of Personal Information
5. Where we collect personal information from
o Data you give to us
o Data we collect
o Data from third parties we work with
6. Who we share your personal information with
o Credit Reference Agencies (Business account customers only)
o Sending data outside of the EEA
7. Marketing
8. How long we keep your personal information
9. What if you want us to stop using your personal information?
10. Access to your information and correction
11. How to complain
SUBJECT ACCESS REQUEST PROCEDURE
1. Introduction
2. The General Data Protection Regulation
3. What is Personal Information?
4. The Right of Access
5. How To Make a Subject Access Request (SAR)?
6. What We Do When We Receive An Access Request
7. Fees and Timeframes
8. Your Other Rights
9. Exemptions and Refusals
10. Submission & Lodging a Complaint
11. Supervisory Authority
PRIVACY POLICY
1. Who are we?
Swan Digital Limited is a privately owned I.T. supply and support company serving small and medium sized businesses.
We provide advice and guidance, supply, installation, configuration and ongoing support services to a wide range of businesses from sole traders to multi branch corporations throughout the U.K. primarily in London and the South East.
Our core products are Computer Systems, Photocopiers and MFPs, VoIP telephone systems and CCTV.
Swan Digital Ltd also trades as Cloud Comms 365
This privacy notice is to let you know how we promise to look after your personal information. This includes what you tell us about yourself, what we learn by having you as a customer, and the choices you give us about what marketing you want us to send you. This notice explains how we do this and tells you about your privacy rights and how the law protects you.
2. Changes to our privacy policy
We keep our privacy policy under regular review and we will place any updates on this web page. This privacy policy was last updated in May 2018.
3. How the law protects you
We are only allowed to use your personal data if we have a one or more of the following reasons to do so:
· To fulfil a contract we have with you, or
· When it is our legal duty, or
· When it is in our legitimate interest (which means we have a business or commercial reason to use your information)
· When you give us consent to
Here is a list of all the ways that we may use your personal information:
What we use your personal information :
• To manage our relationship with you or your business.
• To develop new ways to meet our customers’ needs and to grow our business.
• To develop and carry out marketing activities.
• To study how our customers use products and services from us and other organisations.
• To provide advice or guidance about our products and services.
• Keeping our records up to date, working out which of our products and services may interest you and telling you about them.
• Developing products and services, and what we charge for them.
• Defining types of customers for new products or services.
• To develop and manage our brands, products and services.
• To test new products.
• To manage how we work with other companies that provide services to us and our customers.
• Developing products and services, and what we charge for them.
• Defining types of customers for new products or services.
• Being efficient about how we fulfil our legal and contractual duties.
• To make and manage customer payments.
• To collect and recover money that is owed to us.
• Fulfilling contracts.
• Fulfilling our legal duty.
• Being efficient about how we fulfil our legal and contractual duties.
• Complying with regulations that apply to us.
• Developing products and services, and what we charge for them.
• Defining types of customers for new products or services. • Fulfilling contracts.
• To serve you targeted advertising that we believe is relevant to your interests.
• To run our business in an efficient and proper way. This includes managing our financial position, business capability, planning, communications, corporate governance, and audit.
• To exercise our rights set out in agreements or contracts.
• To maintain statutory records.
4. Types of Personal Information
We use many different kinds of personal information:
Type of personal information and description
Financial: Your financial position when you open a business account with us via credit reference agencies.
Contact: Where you live or work and how to contact you.
Transactional: Details about payments including to and from your accounts with us.
Contractual: Details about the products or services we provide to you.
Locational: Data we get about where you are, such as may come from your mobile phone, the address where you connect a computer to the internet.
Behavioural: Details about how you use our products and services.
Technical: Details on the devices and technology you use.
Communications: What we learn about you from letters, emails and conversations between us.
Usage: Data Other data about how you use our products and services.
Consents: Any permissions, consents or preferences that you give us. This includes things like how you want us to contact you.
5. Where we collect personal information from
We may collect personal information about you (or your business) from other companies. We may also receive data from third parties where you have consented for your details to be given to third parties.
Data you give to us:
· When you sign up for our products and services
· When you talk to us on the phone
· When you use our websites and mobile device apps (including when you comment on them)
· In emails and letters
· In customer surveys
· If you take part in our competitions or promotions
Data we collect:
We also collect data when you use our services. This can include the profile you create to identify yourself when you connect to our internet, mobile and telephone services. It also includes other data about how you use those services. We gather this data from devices you use to connect to those services, such as computers and mobile phones, using cookies and other internet tracking software.
Data from third parties we work with:
· Credit reference agencies
· Social networks
· Market researchers
· Third parties you have given consent to pass your data to us
6. Who we share your personal information with
We never sell on your data.
We may share your data with these organisations:
· Regulators and other authorities, including the Police
· Credit reference agencies
· Debt collection agencies
· Fraud prevention agencies
· Any party linked with you or your business's product or service
· Companies we have a joint venture or agreement to co-operate with
· Companies you consent to share your data with.
· Companies who we run competitions in conjunction with
· Exhibitors at events
· Event venues
· If you are a shareholder, our Registrars
· If you use direct debits, we will share your data with the Direct Debit scheme
· If purchasing items or services from us, the supplier of such.
We may need to share your personal information with other organisations to provide you with the product or service you have chosen.
We may also share your personal information if the make-up of Swan Digital Ltd changes in the future.
· We may choose to sell, transfer, or merge parts of our business, or our assets or we may seek to acquire or merge with other businesses.
· During any such process, we may share your data with other parties. We'll only do this if they agree to keep your data safe and private.
· If the change to our company happens, then other parties may use your data in the same way as set out in this notice.
Credit Reference Agencies (Business account customers only)
For business customers we carry out credit and identity checks when you apply for an account or lease. We may use Credit Reference Agencies (CRA's) to help us with this.
We will share your personal information with CRA's and they will give us information about you. The data we exchange can include:
· Name, address and date of birth
· Credit application
· Details of any shared credit
· Financial situation and history
· Public information, from sources such as the electoral register and Companies House.
We'll use this data to:
· Assess whether you or your business is able to afford to make repayments
· Make sure what you've told us is true and correct
· Help detect and prevent financial crime
· Manage accounts with us
· Trace and recover debts
Sending data outside of the EEA
We will only send your data outside of the European Economic Area ('EEA') to:
· Follow your instructions.
· Comply with a legal duty.
· Work with our agents and advisers who we use to help run services.
If we do transfer information to our agents or advisers outside of the EEA, we will make sure that it is protected in the same way as if it was being used in the EEA. We'll use one of these safeguards:
· Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA.
· Put in place a contract with the recipient that means they must protect it to the same standards as the EEA.
· Transfer it to organisations that are part of Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries. It makes sure those standards are similar to what is used within the EEA. If you choose not to give personal information.
We may need to collect personal information by law, or under the terms of a contract we have with you.
If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform services. It could mean that we cancel a product or service you have with us.
7. Marketing
We may use your personal information to tell you about relevant products and offers. This is what we mean when we talk about 'marketing'.
The personal information we have for you is made up of what you tell us and data we collect when you use our services, or from third parties we work with where you have consented to data being passed to us
We can only use your personal information to send you marketing messages if we have either your consent or a 'legitimate interest'. That is when we have a business or commercial reason to use your information. It must not unfairly go against what is right and best for you.
You can ask us to stop sending you marketing messages by contacting us by email to sales@swandigital.com or telephone 01903 712727 at any or using the unsubscribe button on the marketing material
If you choose to stop receiving marketing material you may still receive certain things such as invoices from us which we need to send you for contractual or other legal purposes.
8. How long we keep your personal information
We will keep your personal information for as long as you are a customer of Swan Digital Ltd or you continue to receive our marketing material or use our services.
After you stop being a customer/user, we may keep your data for up to 6 years to enable us to respond to any questions or complaints and to show that we treated you fairly.
We may keep your data for longer than 6 years if we cannot delete it for legal, regulatory or technical reasons. We may also keep it for research or statistical purposes. If we do, we will make sure that your privacy is protected and only use it for those purposes.
9. What if you want us to stop using your personal information?
You have the right to object to our use of your personal information, or to ask us to delete, remove, or stop using your personal information if there is no need for us to keep it. This is known as the 'right to object' and 'right to erasure', or the 'right to be forgotten'.
There may be legal or other official reasons why we need to keep or use your data. But please tell us if you think that we should not be using it.
You can also ask us to restrict the use of, or amend, your personal information if:
· It is not accurate.
· It has been used unlawfully but you don't want us to delete it.
· It not relevant any more, but you want us to keep it for use in legal claims.
· You have already asked us to stop using your data but you are waiting for us to tell you if we are allowed to keep on using it.
If you want to object to how we use your data, or ask us to delete it or restrict how we use it or, please contact us.
If you withdraw your consent, we may not be able to provide certain products or services to you.
10. Access to your information and correction
You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information please see the subject access request procedure below.
We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate using the contact details above.
11. How to complain
Please let us know if you are unhappy with how we have used your personal information or wish to contact us for any other reason. You can contact us at sales@swandigital.com or by writing to Data Protection Requests, Swan Digital Ltd, N5 Riverside Industrial Estate, Littlehampton, BN17 5DF.
You also have the right to complain to the Information Commissioner's Office. Find out on their website how to report a concern.
Subject Access Request Procedure
1 Introduction
This procedure document supplements the subject access request (SAR) provisions set out Swan Digital Ltd (hereinafter referred to as the “Company”) Data Protection Policy & Procedures and provides the process for individuals to use when making an access request, along with the protocols followed by the Company when such a request is received.
The Company needs to collect personal information to effectively and compliantly carry out our everyday business functions and services and in some circumstances, to comply with the requirements of the law and/or regulations.
As the Company processes personal information regarding individuals (data subjects), we are obligated under the General Data Protection Regulation (GDPR) and Data Protection Bill to protect such information, and to obtain, use, process, store and destroy it, only in compliance with the GDPR and its principles.
2. The General Data Protection Regulation
The General Data Protection Regulation (GDPR) gives individuals the right to know what information is held about them, to access this information and to exercise other rights, including the rectification of inaccurate data.
3. What is Personal Information?
Information protected under the GDPR is known as “personal data” and is defined as: - “Any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
Further information on what constitutes personal information and your rights under the data protection regulation and laws can be found on the Information Commissioners Office (ICO).
4. The Right of Access
Under GDPR, an individual has the right to obtain from the controller, confirmation as to whether personal data concerning them is being processed. We are committed to upholding the rights of individuals and have dedicated processes in place for providing access to personal information. Where requested, we will provide the following information: -
· the purposes of the processing
· the categories of personal data concerned
· the recipient(s) or categories of recipient(s) to whom the personal data have been or will be disclosed
· If the data has been transferred to a third country or international organisation(s) (and if applicable, the appropriate safeguards used)
· the envisaged period for which the personal data will be stored (or the criteria used to determine that period)
· where the personal data was not collected directly from the individual, any available information as to its source
5. How To Make a Subject Access Request (SAR)?
A subject access request (SAR) is a request for access to the personal information that the Company holds about you, which we are required to provide under the GDPR.
You can make this request by post or you can submit your access request electronically using the form at the end of this document. . Where a request is received by electronic means, we will provide the requested information in electronic form (unless otherwise request by you).
6. What We Do When We Receive An Access Request
Identity Verification
Subject Access Requests (SAR) are passed to the Data Protection Officer as soon as received and a record of the request is made, who will use reasonable measures to verify the identity of the individual making the access request, especially where the request is made electronically.
Where we are unable to verify your details, we may contact you for further information, or ask you to provide evidence of your identity prior to actioning any request. This is to protect your information and rights.
If a third party, relative or representative is requesting the information on your behalf, we will verify their authority to act for you and again, may contact you to confirm their identity and gain your authorisation prior to actioning the any request.
Information Gathering
If you have provided enough information in your SAR to collate the personal information held about you, we will gather all documents relating to you and ensure that the information required is provided in an acceptable format. If we do not have enough information to locate your records, we may contact you for further details. This will be done as soon as possible and within the timeframes set out below.
Information Provision
Once we have collated all the personal information held about you, we will send this to you in writing (or in a electronic form if requested). The information will be in a concise, transparent, intelligible and easily accessible format, using clear and plain language.
7. Fees and Timeframes
Whilst we provide the information requested without a fee, further copies requested by the individual may incur a charge to cover our administrative costs.
The Company always aim to provide the requested information at the earliest convenience, but at a maximum, 30 days from the date the request is received. However, where the retrieval or provision of information is particularly complex or is subject to a valid delay, the period may be extended by two further months. If this is the case, we will write to you within 30 days and keep you informed of the delay and provide the reasons.
8. Your other rights
Under the GDPR, you have the right to request rectification of any inaccurate data held by us. Where we are notified of inaccurate data, and agree that the data is incorrect, we will amend the details immediately as directed by you and make a note on the system (or record) of the change and reason(s).
We will rectify any errors within 30-days and inform you in writing of the correction and where applicable, provide the details of any third-party to whom the data has been disclosed.
If for any reason, we are unable to act in response to a request for rectification and/or data completion, we will always provide a written explanation to you and inform you of your right to complain to the Information Commissioner and to seek a judicial remedy.
In certain circumstances, you may also have the right to request from the Company, the erasure of personal data or to restrict the processing of personal data where it concerns your personal information; as well as the right to object to such processing. .
9. Exemptions and Refusals
The GDPR contains certain exemptions from the provision of personal information. If one or more of these exemptions applies to your subject access request or where the Company does not act upon the request, we shall inform you at the earliest convenience, or at the latest, within 30 days of receipt of the request.
Where possible, we will provide you with the reasons for not acting.
10. Submission & Lodging a Complaint
To submit your SAR, you can complete te form at the end of this document and send to sales@swandigital.com or submit your request in writing to: -
Managing Director
Swan Digital Ltd
N5 Riverside Industrial Estate
Littlehampton
BN17 5DF
Tel: 01903 712727
If you are unsatisfied with our actions or wish to make an internal complaint please use the details above.
11. Supervisory Authority
If you remain dissatisfied with our actions, you have the right to lodge a complaint with The Information Commissioner’s Office (ICO) who can be contacted at: Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113 (local rate)
Fax: 01625 524 510
Email: enquiries@ico.org.uk
---------------------------------------------------------------------------------------------------------------------------------------
Subject Access Request Form
Under the General Data Protection Regulation, you are entitled as a data subject to obtain from the Company, confirmation as to whether we are processing personal data concerning you, as well as to request details about the purposes, categories and disclosure of such data.
You can use this form to request information about, and access to any personal data we hold about you. Details on where to return the completed form can be found at the end of the form.
1. Personal Details:
Data Subject’s Name:
DOB: ___ / ___ / _______
Home Telephone No:
Email:
Data Subject’s Address:
Any other information that may help us to locate your personal data:
2. Specific Details of the Information Requested:
3. Representatives (only complete if you are acting as the representative for a data subject)
[Please Note: We may still need to contact the data subject where proof of authorisation or identity are required]
Representative’s Name:
Relationship to Data Subject:
Telephone No:
Email:
Representative’s Address:
I confirm that I am the authorised representative of the named data subject:
Representative’s Name: ____________________ Signature: __________________
4. Confirmation
Data Subject’s Name: ________________________ [print name]
Signature: ________________________ Date: ____ /____ /________
5. Completed Forms
For postal requests, please return this form to:
Data Protection Requests
Swan Digital Ltd
N5 Riverside Industrial Estate
Littlehampton
BN17 5DF
For email requests, please return this form to: sales@swandigital.com
----------------------------------------------------------------------------------------------------------------
Swan Digital Home Page