View2IT Ltd is committed to protecting and respecting your privacy and ensuring compliance to the General Data Protection Regulation (GDPR). We believe you should always know what data we collect from you and how we use it and we have detailed this below.
For the purposes of data protection legislation in force the Data Controller is Justin Foster, Director of View2IT Ltd.
Definitions for the purpose of this policy are;
Personal data – any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data Controller – a Data Controller determines the purposes and means of processing personal data.
Processing – any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Backup – the process of backing up, refers to the copying into an archive file of computer data so it may be used to restore the original after a data loss event. The primary purpose is to recover data after its loss, be it by data deletion or corruption. The secondary purpose of backups is to recover data from an earlier time, typically configured within a backup application for how long copies of data are required.
What is GDPR?
The intention of the GDPR is to strengthen data protection for individuals within the European Union and will become enforceable from 25 May 2018.
GDPR requires that personal data is:
- a) processed lawfully, fairly and in a transparent manner in relation to individuals;
- b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
- f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”
To read more about GDPR, click here.
Information we collect
We collect various types of information in connection with our services, including:
- Information you provide directly to us;
- In providing the Services including any backup of your system, we collect and store the files you upload, download or access via our servers and third party sites;
- Information we collect about your use of our services and
- Information we obtain from third party sources
Use of information
We use information we collect, among other things:
- To provide you with the services you request;
- To respond to any enquiries and
- To send you email notifications which you have requested
Legal basis for processing personal data
The Company may process your personal data where:
- You have given your prior, express consent;
- The processing is necessary for a contract between you and us;
- The processing is required by applicable law;
- The processing is necessary to protect the vital interests of any individual; or
- Where we have a valid legitimate interest in the Processing.
In processing your Personal Data in connection with the purposes set out in this Policy, we may rely on one or more of the following, depending on the circumstances:
- Consent: We may Process your Personal Data where we have obtained your prior, express consent to the Processing;
- Contractual necessity: We may Process your Personal Data where the Processing is necessary in connection with any contract that you may enter into with us;
- Compliance with applicable law: We may Process your Personal Data where the Processing is required by applicable law;
- Vital interests: We may Process your Personal Data where the Processing is necessary to protect the vital interests of any individual; or
- Legitimate interests: We may Process your Personal Data where we have a legitimate interest in carrying out the Processing for the purpose of managing, operating or promoting our business, and that legitimate interest is not overridden by your interests, fundamental rights, or freedoms.
Purposes for which we may Process your Personal Data
The Company may process your personal data for the following purposes:
- Providing services to you including communicating with you;
- Fulfilling our contractual obligations;
- Managing your IT systems;
- Storing backups;
- Financial management;
- Ensuring the security of our premises and systems;
- Improving our services and
- Compliance with applicable law.
The purposes for which we may Process Personal Data, subject to applicable law, include:
- Provision of services to you and communicating with you in relation to those services;
- Communicating with you via any means (including via email, telephone, text message, post or in person) subject to ensuring that such communications are provided to you in compliance with applicable law; maintaining and updating your contact information where appropriate; and obtaining your prior, opt-in consent where required;
- Operation of IT security systems and audits;
- Sales and financial data;
- Electronic security (including login records and access details);
- Detecting, investigating and preventing breaches of policy, and criminal offences, in accordance with applicable law;
- Establishing, exercising and defending legal rights;
- Compliance with our legal and regulatory obligations under applicable law and
- Identifying issues and planning improvements to our site or our services
We will not disclose your personal information to any third party other than:
- Where we have used a trusted third party to fulfil our contractual obligations;
- To third parties who perform functions on our behalf and who also provide services to us, such as professional advisors and IT consultants. These third parties comply with similar undertakings of privacy and confidentiality as View2IT;
- If we are involved in legal proceedings;
- Where we are complying with legal obligations and
- To deal with complaints from any party regarding the operation of our website
With the exception of using third parties to store personal data, in the event that any of your data is to be transferred in such a manner, you will not be contacted in advance and informed of the changes.
Where your data is held
The Data is held on secure servers either at View2IT’s operating offices or in any other places where the parties involved in the processing are located.
Any personal data provided to View2IT Ltd will be processed in accordance with our responsibilities under the GDPR. We will keep your data safe and secure. To prevent unauthorised access, maintain data accuracy and ensure the correct usage of information, we monitor and adjust our physical, electronic and managerial procedures to safeguard and secure your personal data while in our care, or in the care of any third party with whom we may contract to process your data on our behalf.
Any third parties are under strict contractual terms to mirror the security policies that we currently have in place.
Personal Data shall be processed and stored for as long as required by the purpose they have been collected for.
- Personal Data collected for purposes related to the performance of a contract between the View2IT Ltd and its Customers shall be retained until such contract has been fully performed.
- View2IT may be allowed to retain Personal Data for a longer period whenever the Customer has given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Company may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.
- Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.
We use the following cookies:
Essential cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website or third party sites (these are third party cookies).
Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
You can find more information about the individual cookies we use and the purposes for which we use them below.
Examples of purposes for which a cookie may be used: This cookie enables us to:
- Review the number of customers using the site and how often;
- Speed up your searches;
- Recognise you when you return to our site and
You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
As a data subject, you have the following rights under the GDPR, which this Policy and our use of personal data have been designed to uphold:
- The right to be informed about our collection and use of personal data;
- The right of access to the personal data we hold about you;
- The right to rectification if any personal data we hold about you is inaccurate or incomplete;
- The right to be forgotten – i.e. the right to ask us to delete any personal data we hold about you. We only hold your personal data for a limited time, but if you would like us to delete it sooner, please contact us;
- The right to restrict (i.e. prevent) the processing of your personal data and
- The right to object to us using your personal data for particular purposes
If you have any cause for complaint about our use of your personal data, please contact the Data Controller, the contact details are below.
Subject access requests
Upon receiving a written subject access request the Company will:
- ensure to verify the identity of the person requesting the information;
- respond in writing within 40 calendar days with the requested information and
- if requested, initiate the right to erasure process
If there is a data protection breach
Should there be a data breach, staff are trained to inform their line manager immediately, who will in turn, inform an authorised member of personnel at the client and also inform the ICO within 24 hours.
The information provided to the client and the ICO will include:
- What has happened;
- When and how we found out about the breach;
- The people that have been or may be affected by the breach and
- What we are doing as a result of the breach
The Data Controller is responsible for the compliance and maintenance of this policy. If you have any queries, please contact us.
If you would like to contact us regarding this Policy or anything else, please contact View2IT Ltd, 103 Greenlands Road, Weybridge, Surrey KT13 8PS Tel: 01932 808084