IT@Spectrum Ltd treats the privacy of its customers, website users, leasing partners, suppliers, subcontractors and consultants very seriously and we take appropriate security measures to safeguard your privacy. This policy explains how we protect and manage any personal data you share with us and we hold about you, including how we collect process, protect and share that data.
1. HOW WE OBTAIN YOUR PERSONAL DATA
Information provided by you
Some of the people and organisations we deal with provide us with personal data either in person, over the telephone, via email or via our website and this information can include names, addresses, email address and other sensitive information that may be necessary for us to provide our services. We use this information in order to provide you with the services you have requested.
Information we get from other sources:
IT@Spectrum may also may collect and receive information and data in a variety of other ways, including:
- User Account Information – all of our hardware and software solutions are bespoke to you and the different users throughout your organisation. To tailor and configure certain elements of our solution, we may need to obtain certain information such as email addresses, phone numbers, passwords, domain and/or similar account details.
- Usage Information -
- Services Metadata. When an authorised user of our services uses our systems, metadata is generated that provides additional context about the way those users work. For example, IT@Spectrum logs the print behaviour of users.
- Log data. As with most websites and technology services delivered over the Internet, our servers automatically collect information when you access or use our website or cloud-based services and record it in log files. This log data may include the Internet Protocol (IP) address, the address of the web page visited before using the website or services, browser type and settings, the date and time the services were used, information about browser configuration and plugins, language preferences and cookie data.
- Third Party Services – Users of our services can choose to permit or restrict third party services from accessing their systems. Typically, third party services are software that integrate with our systems, and the organisation can permit its authorised users to enable and disable these integrations. If enabled, the provider of a third-party service may share certain information with IT@Spectrum. For example, if a cloud storage application is enabled to permit files to be imported to a software solution, we may receive the user name and email address of users, along with additional information that the application has elected to make available to IT@Spectrum to facilitate the integration. Authorised Users should check the privacy settings and notices in these third-party services to understand what data may be disclosed to IT@Spectrum.
- Contact Information - In accordance with the consent process provided by your device, any contact information that a user chooses to import (such as an address book from a device) is collected when using the services.
- Third Party Data – IT@Spectrum may receive data about organisations, industries, website visitors, marketing campaigns and other matters related to our business from our partners or others that we use to make our own information better or more useful. This data may be combined with other information we collect and might include aggregate level data, such as which IP addresses correspond to geographic areas, or it might be more specific: for example, on how well an online marketing or email campaign performed.
- Additional information provided to IT@Spectrum - We receive other information when submitted to our website or if you participate in a contest, activity or event, apply for a job, request support, interact with our social media accounts or otherwise communicate with IT@Spectrum.
2. HOW WE USE INFORMATION
Information and data will be used by IT@Spectrum in accordance with the instructions of the party providing that information and data, including any applicable terms in Customer contracts, subcontract and supply agreements, terms in leasing agreements, and as required by applicable law. IT@Spectrum is a processor of customer’s data and the customer is the controller. The customer may, for example, use IT@Spectrum’s services to grant and remove access to a device of software solution, assign roles and configure settings, access, modify, export, share and remove data and otherwise apply its policies to the use of IT@Spectrum’s services.
IT@Spectrum uses data and information in furtherance of its legitimate interests in operating its services, website and business, more specifically:
- To provide, update, maintain and protect our services, website and business. This includes use of data and information to support delivery of the services under a customer contract, prevent or address service errors, security or technical issues, analyse and monitor usage, trends and other activities or at a user’s request.
- As required by applicable law, legal process or regulation.
- To communicate with you by responding to your requests, comments and questions. If you contact us, we may use your information to respond.
- To develop and provide search, learning and productivity tools and additional features. IT@Spectrum tries to make its services as useful as possible for specific organisations and users. For example, we may improve search functionality by using information to help determine and rank the relevance of content or expertise to a user, make services suggestions based on historical use and predictive models, identify organisational trends and insights, to customise a service experience or create new productivity features and products.
- To send emails and other communications. We may send you service, technical and other administrative emails, messages and other types of communications. We may also contact you to inform you about changes in our services, our services offerings, and important services-related notices, such as security and fraud notices. These communications are considered part of the services. In addition, we sometimes send emails about new product features, promotional communications or other news about IT@Spectrum. These are marketing messages so you can control whether you receive them.
- For billing, account management and other administrative matters. IT@Spectrum may need to contact you for invoicing, account management and similar reasons and we use account data to administer accounts and keep track of billing and payments.
- To investigate and help prevent security issues and abuse.
3. DATA RETENTION
IT@Spectrum will retain some forms of customer data for longer than others. Information shall not be kept indefinitely, unless there are specific requirements for doing so, such as maintaining system performance and meeting the operational needs of the customer and its business. In any event, information shall not be kept longer than is necessary. Our Retention Policy sets out the timescales for the retention of several types of information. When data is no longer required it shall be appropriately destroyed and a suitable audit trail for destruction provided where requested.
4. HOW WE SHARE AND DISCLOSE INFORMATION
This section describes how IT@Spectrum may share and disclose information. Customers shall determine their own policies and practices for the sharing and disclosure of information, as IT@Spectrum does not control how they or any other third parties choose to share or disclose information.
- Customer’s Instructions. IT@Spectrum will solely share and disclose customer data in accordance with a customer’s instructions, including any applicable terms in the customer contract, in accordance with the customer’s use of our services and in compliance with applicable law and legal process.
- Customer Access. Owners, administrators, authorised users and other customer representatives and personnel may be able to access, modify or restrict access to data and information. This may include, for example, your employer using features of our hardware or software to transmit information or to access or modify your user details.
- Third Party Service Providers and Partners. We may engage third party companies or individuals as service providers or business partners to process information and support our business. These third parties may, for example, provide 2nd line support services.
- Third Party Services. The customer may enable or permit authorised users to enable third party services. When enabled, IT@Spectrum may share information with that third part. Third party services are not owned or controlled by IT@Spectrum and third parties that have been granted access to information may have their own policies and practices for its collection and use. Please check their privacy settings and notices or contact the provider for any questions.
- Corporate Affiliates. IT@Spectrum may share information with its corporate affiliates, parents and/or subsidiaries.
- During a Change to IT@Spectrum’s Business. If IT@Spectrum engages in a merger, acquisition, bankruptcy, dissolution, reorganisation, sale of some or all of its assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), some or all information may be shared or transferred, subject to standard confidentiality arrangements.
- To Comply with Laws. If we receive a request for information, we may disclose information if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.
- To enforce our rights, prevent fraud, and for safety. To protect and defend the rights, property or safety of IT@Spectrum or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues.
- With Consent. IT@Spectrum may share information with third parties when we have consent to do so.
IT@Spectrum takes the security of data very seriously. IT@Spectrum works hard to protect information you provide from loss, misuse, and unauthorised access or disclosure. These steps take into account the sensitivity of the information we collect, process and store, and the current state of technology. IT@Spectrum is currently working towards receiving an internationally recognised security certification for ISO 27001 (information security management system).
6. DATA SUBJECT RIGHTS
Subject access requests
The General Data Protection Regulation (GDPR) grant the ‘data subject' the right to access particular personal data we hold about them. This is referred to as a "subject access request". We will respond promptly, and certainly within one month from the point of receiving a subject request and provide all requested information. Our formal response will include details of the personal data we hold, including the following:-
- Sources from which we acquired the information.
- The purposes for processing the information.
- Persons or entities with whom we are sharing the information.
Right to Rectification
You have the right to ask us and for us to deal with without undue delay, the rectification of any inaccurate personal data we hold concerning you. Taking into account the purpose of us having and using the information about you, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to Erasure
You have the right to ask us to erase any of personal data concerning you without undue delay providing we are not obliged to keep the data longer for legal reasons.
Right to Restrictions of Processing
Subject to exemptions, you have the right to obtain from us a restriction limiting our ability to process personal data concerning you where one of the following applies:
- The accuracy of the personal data is contested by you, and is restricted until the accuracy of the data has been verified;
- The processing is unlawful, and you oppose the erasure of the personal data and instead request the restriction in its use;
- We no longer need the personal data for the purposes of processing, but it is required by you, for the establishment, exercise or defence of legal claims;
- You have objected to the processing of personal data pending the verification of whether there are legitimate grounds for us to override these objections.
Notification Obligation Regarding Rectification or Erasure of Personal Data or Restriction of Processing
We communicate any rectification or erasure of personal data or restriction of processing as described above to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort and cost. We shall provide you with information about those recipients if you request it.
Right to Data Portability
You have the right to receive your personal data which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller, without hindrance from us.
Right to Object
You shall have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you including any personal profiling; unless this relates to processing that is necessary for the performance of a task carried out in the public interest or an exercise of official authority vested in us. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for processing which override the interests, rights and freedoms of you, the data subject, or for the establishment, exercise or defence of legal claims.
Right to not be Subject to Decisions Based Solely on Automated Processing
We may carry automated processing which may lead to an automated decision based on your personal data. For example, automated decision making may be used to determine that:
- The customer is not approved for credit or for the amount of credit applied for;
- The customer poses a fraud, terrorism or money laundering risk; or
- The customer has deliberately hidden its identity.
The customer has the right to object to automated decision making at any point by making a request in writing to IT@Spectrum.
Invoking your Rights
If you would like to invoke any of the above data subject rights with us, please write to the Data Control Officer, The View, Bridgehead Business Park, Hull, HU13 0GD or email us at firstname.lastname@example.org.
7. ACCURACY OF INFORMATION
In order to provide the highest level of customer service possible, we need to keep accurate personal data about you. We take reasonable steps to ensure the accuracy of any personal data or sensitive information we obtain. We ensure that the source of any personal data or sensitive information is clear, and we carefully consider any challenges to the accuracy of the information. We also consider when it is necessary to update the information such as name or address changes and you can help us by informing us of these changes when they occur.
A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. If you wish to restrict, block or delete cookies provided by our website you can use your browser to do this. Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information abort you other than the data you choose to share with us.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement.
8. LEGAL BASIS
Legal basis for services provided under contract:
Contractual obligation (GDPR Article 6(1)(b)) - The services we provide to you are done so under contract. If you are unable to provide us with the required information to fulfil the contract, we may not be able to provide the service to you and the arrangement may be terminated.
Legal basis for direct marketing activities:
Legitimate interests (GDPR Article 6(1)(f) - GDPR allows us to use legitimate interests for direct marketing purposes. We have undertaken a legitimate interest assessment, which balances our business purposes for the processing against your right to privacy, and the final outcome justifies our use of legitimate interests for this purpose. For customers who have either enquired about our services with a view to purchasing them, or are existing customers using our services, or are lapsed customers who have used our services, it would not be an unreasonable expectation to receive information from us about our services, new products, events and news, etc. This also complies with e-Privacy laws, currently the Privacy & Electronic Communication Regulations 2003, (which governs how a business can undertake electronic direct marketing) and allows us to use soft opt-in for email and text marketing to prospective and existing customers.
We always give you the opportunity to object to receiving marketing communications from us, when we first collect your personal data and with every marketing communication thereafter. You can change your marketing preferences at any time by:
- Clicking on the unsubscribe button in our marketing emails;
- Telephone us on 01482 586732;
- Write to us at IT@Spectrum, The View, Bridgehead Business Park, Hull, HU13 0GD; or
- Email us at email@example.com.
9. IMPORTANT INFORMATION
Questions and Queries
If you have any questions or queries which are not answered by this Privacy Notice or have any potential concerns about how we may use the personal data we hold, please write to the Data Control Officer, The View, Bridgehead Business Park, Hull, HU13 0GD or email us at firstname.lastname@example.org. If you have a complaint that is not resolved to your satisfaction and you wish to make a formal complaint to the Information Commissioners Office (ICO), you can contact them on 01625 545745.