GENERAL DATA PROTECTION REGULATION (GDPR) STATEMENT

We provide this information so that you are informed about the data held by Gillett Limited and how we treat it.

Within the statement:

End users and representatives should read this statement in conjunction with the Organisation’s own policies, to understand our practices regarding the information we store.

INTRODUCTION

We respect data privacy and are committed to protecting the data through our compliance with this statement.

All parties within our team are fully aware of the importance of data protection, privacy and consent, and the changes within the GDPR (General Data Protection Regulation).

The latest revision of this statement is available to all at any time. This statement may change from time to time. Please check the statement periodically for updates.

PRIVACY INFORMATION

Data is collected and stored by us, for the sole purpose of providing our software, services and support.

We do not share this data with any other organisations.

We do not use any data for tracking, profiling, or unsolicited mass email marketing.

We only process the data to provide the services required by the Organisation.

We never sell any data that we hold.

We do not access or interact with the contact data provided, other than for communication.

We do not access or interact with the service data provided for any purpose other than configuration or support.

We are the developers and service provider of software systems.

We may store your data on our own cloud based infrastructure, and on select cloud services that we use for administering our business.

Neither we, nor are we aware that any of our suppliers above, have any commercial interest in the data, nor will it be shared with any third parties.

DATA PROTECTION BY DESIGN

The suppliers we use to manage data have been selected on their certifications, or for their commitment to privacy.

All suppliers, contractors and employees are contractually bound by a duty of confidence.

Access to our data is provided to our employees through the use of user accounts, passwords and 2FA.

Access to all data relating to our clients requires a user account, password and 2FA.

Local password policy requires random complex passwords and the use of Password Managers.

INFORMATION HELD BY US

We hold contact data to enable us to provide our services and the day to day running of our business.

In the usual course of communicating and conducting our business with the Organisation we will receive and send information including email, text, telephone calls, files, screenshots and other electronic messages.

Contact data that we store includes:

name/email address/telephone number for key administrative users within business, IT, procurement and accounts, records of service/support requests

Service data that we store includes:

files containing setup/configuration data used to initially configure our services for you, records of service/support requests, which may contain end user details

Other information that we store includes:

organisation name, invoices, purchase orders, remittance advice

Our websites collect anonymised analytical data using Google Analytics purely for our internal usage statistics.

HOW THE DATA IS COLLECTED

As a result of an initial email or telephone conversation, we may ask for contact data which is stored so that we can continue to communicate with you.

During procurement we may collect further contact data for anyone involved in the project.

For the purpose of providing information, quotations etc. we may store ongoing communication with the above contact(s).

At the point of purchase, or during a trial, or potentially when major changes are requested, you may provide us with service data that may contain names of your end users. We need this information to create end user accounts within our services. This information is usually embedded within other, non user identifiable, data when supplied to us. We may retain this information, during the life of your subscription, purely to configure your service, provide a reference point, or rollback.

Where possible we will ensure that the contact data we hold is correct and updated where necessary.

The Organisation is solely responsible for their service data, its’ accuracy and for correcting inaccuracies.

We have no control over the quality or accuracy of the service data we hold, or the information it contains, but will assist to correct on notification.

Anonymised Analytical Data is collected while you use our websites (subject to cookie acceptance).

CONSENT

The legal basis which allows us to hold the data is that the Organisation has chosen to use our services.

When data is supplied by the Organisation, it is on the understanding that the employee a) has authority to provide the data on the organisations behalf, and b) is consenting to it being stored by us.

There may be instances where we have access to the service data for any of the following reasons a) the organisation requests it, for example, for implementation and support services or b) to provide improvements/extra functionality to the service, or c) to maintain, bug fix and update the service, or d) where we are required by law.

By using our services, the organisation provides ongoing consent, and accepts it has a legal basis to any data provide to us.

The data stored by us is only viewable or accessible by our employees.

Any queries over consent or privacy should be raised via email to privacy@gillett.co.uk.

In the event of any unresolved issues, we will, if legally required, liaise with the Organisation and the employee.

Consent is required before we collect anonymised analytical data from our website. This consent can also be revoked.

CHILDREN

Our services are not provided for children and hence we do not store any data relating to a child under the age of 16 years.

DATA BREACH

On notification, or discovery of a data breach, we will investigate and liaise with the Organisation to minimise risk.

Depending upon the level of risk the Organisation may inform individuals directly, and/or notify the Information Commissioner’s Office.

RETENTION OF DATA

Data will be held in an accessible form while you continue to subscribe to our services.

If you no longer susbscribe to our service, your data will be removed in line with our Data Retention Policy. On request data held by us will be destroyed as soon as practically possible.

Data may be retained, in a generally inaccessible form, for a period as part of our backups, or our service providers backups.

YOUR DATA PROTECTION RIGHTS

Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.

You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.

You have the right to ask us to erase your personal information in certain circumstances.

You have the right to ask us to restrict the processing of your information in certain circumstances.

You have the right to object to processing if we are able to process your information because the process forms part of our public tasks, or is in our legitimate interests.

You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated. You are not required to pay any charge for exercising your rights. We have one month to respond to you.

Further information is available from the Information Commissioner's Office.

You can complain to the ICO if we:

The ICO will expect you to have first raised your concerns with us before submitting a complaint.

SERVICE SPECIFIC PRIVACY POLICIES

For the iRota service please see the iRota GDPR, Privacy and Consent Statement.