PRIVACY & DATA PROTECTION POLICY
The data administered by OrbitTech Limited (referred to as “OrbitTech”, “we”, “our” or “us” as appropriate), whose Registered Office is Suite 488, 14 London Road, Guildford, Surrey, GU1 2AG, and Company Registration Number is 9807673. References within this Privacy & Data Protection Policy to “you” or “your” refer to the person using products or services, or supplying information to us.
The General Data Protection Regulation (GDPR) is intended to protect customers against the misuse of personal data across both manual and electronic records. OrbitTech have always been committed to protecting personal and financial information and this Policy provides an oversight to some of the associated processes that OrbitTech has in place.
2. Personal Data we collect
We have a strong foundation of certified security and privacy controls by design and will ensure any collection of personal data will be:
• Obtained and processed only for specified and lawful purposes and with appropriate consent.
• Accurate and up-to-date
• Held securely and for no longer than is necessary
• Processed fairly and lawfully with unique identifiers with enhanced pseudonymisation
The provision of data by you, will be deemed by us as freely given, specific, informed and non-ambiguous and will be processing for the purpose required and classed as Personal Data.
3. Purposes for which Personal Data may be held
OrbitTech will collect personal data relating to customers primarily for the purposes of:
• internal operations including IT support, troubleshooting, data analysis, products & services offered and testing.
• Recording communication with customers
• Compliance with legislation
• Ensuring that products or servers offered are presented in the most effective manner;
OrbitTech considers that the following personal data falls within the categories set out above:
• Personal details including name, address, contact details, status, passwords
• Personal or company documents and images
• Notes and audio recordings of discussions between OrbitTech staff and the customer
• Financial details.
OrbitTech will review the nature of the information being collected and held on an annual basis to ensure there is a sound business reason for requiring the information to be retained.
This data is stored on servers in secure data centres located in the UK. Transmission utilises an encryption process and access by OrbitTech employees is limited.
It is assumed the provider of the data is authorised and legally eligible to disclose this data, including by age.
4. How do we use this information?
The Company appoints a Data Controller who takes responsibility for ensuring all personal data is controlled in compliance with the General Data Protection Regulation 2018. Employees of OrbitTech who have access to customer data are vetted and must comply with this policy and adhere to the procedures laid down by the Data Controller.
OrbitTech will only use this information to deliver support, products and/or services.
In providing products and services involving the personal data we may outsource to third party processors as part of providing the services to you. As a data processor, we only process personal data in accordance with your permission and instructions as set out in your agreement with us. Where your data is hosted in one of our cloud solutions we will partner with you through processes, products, services, and tools as required.
OrbitTech does not provide, sell or otherwise disclose Personal Data to any third party, individual or organisation outside OrbitTech unless specifically required by law.
5. Third Party Data Processors
Data may be hosted by a third party processor provided it has the same data protection standards that OrbitTech upholds.
6. Access to Personal Data Information
On request to firstname.lastname@example.org OrbitTech will disclose details of Personal Data related to the individual held by us. We will assume that a request from an email address provides legal entitlement to information associated with that address. The request may be extended to cover description, correction, deletion or exclusion from future communications.
7. Data Retention
We will not retain your Personal Data for longer than necessary for the purposes for which it is required, however the longest will be twelve months after termination of services.
8. Security Controls
We take every precaution to protect Personal Data held by us. We have security measures in place to protect against the loss, misuse and alteration including encryption, security, internet protocols and data replication.
9. Contact OrbitTech
If you require additional information regarding OrbitTech’s GDPR polices, please email our Director of Compliance and Information Assurance using security@OrbitTech.co.uk
If you wish to make a complaint or have concerns about OrbitTech’s data policy, this can be communicated via OrbitTech’s supervisory authority, the Information Commissioner’s Office (ICO), at the following address mailto:https://ico.org.uk/concerns/
Updated: 18 May 2018