Gecom Solutions Ltd Data Privacy Policy

1. Background

This privacy notice lets you know what happens to any personal data that you give to us, or any that we may collect from or about you. It applies to all products and services, and instances where we collect your personal data.

This privacy notice applies to personal information processed by or on behalf of Gecom Solutions Ltd

Changes to this privacy notice

We may change this privacy notice from time to time by updating this page in order to reflect changes in the law and/or our privacy practices. We encourage you to check this privacy notice for changes regularly.

Gecom Solutions Ltd and our Data Protection Officer

We’re Gecom Solutions Ltd, 91 Marlpool Lane, Kidderminster, Worcestershire, DY11 5HP. We are a “Data Controller” for the purposes of data protection. In performing business for you, our client, we require using data that may include personal, secure or sensitive information about you and your business. Data held could include but isn’t limited to, names, business addresses, business contact details, email addresses, users’ names, passwords used by your employees and other data relating primarily to IT systems, services and subscriptions relevant to your business.

We have a data protection officer (“DPO”). You can contact the DPO using the details below or by writing to the above address, marking it for the attention of the DPO.

Please send all enquiries intended for the data protection officer to: Info@gecom.co.uk

Or Telephone: 01562 639963

2. What kinds of information about you and your business do we process?

Personal information that we’ll process in connection with all of our products and services, if relevant, includes:

• Personal and contact details, such as title, full name, contact details and contact details history

• Records of your contact with us such phone numbers, email addresses or if you get in touch with us online using our online services. Details such as your mobile phone number, IP address and MAC address

• Products, services, goods, and agreements you have agreed to with, as well as have been interested in and have previously held and the associated payment methods used.

• The usage of our products and services, any call outs and purchases. As well as any support history.

• Marketing to you and analysing data, including history of those communications, whether you open them or click on links, and information about products or services we think you may be interested in, and analysing data to help target offers to you that we think are of interest or relevance to you.

• Financial details about you, limited to payment method(s) which you have used to previously pay us.

• Business contact details such as physical addresses, email addresses and phone numbers.

• Email addresses and system usernames and passwords

• Connection details, including usernames passwords, MAC addresses and IP addresses.

• IT system details this includes usernames, passwords, operating system details, configurations and settings.

• Services and Subscriptions that you have either purchased via ourselves or via a third party and are in use within your IT environment.

• IT system hardware and software asset register, containing details of all IT environment devices, equipment, services and subscriptions in use within your business.

3. What is the source of your personal information?

We’ll collect personal information from the following general sources:

• From you or your business directly, and any information from employees, colleagues or associates of products and services

• Information generated about you when or how you use our products and services

• Business partners (for example, Internet Service Providers, software or hardware providers, or providers of online services),

• From other sources such as publicly available directories and information (for example, telephone directory, social media, internet, news articles), other organisations to assist in providing the services you have appointed us for.

4. What do we use your data for?

We use your personal data, including any of the personal data listed in section 1 above, for the following purposes:

• Managing the product or service or agreement you have with us.

• Providing IT Support, Services and Consultancy amongst our other services to your business.

• Updating internal records.

• Managing any aspect of the product or services offered to you.

• To follow guidance and best practice under the change to rules of governmental and regulatory bodies

• For management and auditing of our business operations including accounting.

• To monitor and to keep records of our communications with you and our staff.

• For direct marketing communications We may send marketing to you by email, phone, post, and other digital channels. Offers may relate to any of our products and services we think may be of interest.

• To provide personalised content and services to you or your business, such as tailoring our products and services, our customer experience and offerings.

• To develop new products and services and to review and improve current products and services.

• To comply with legal and regulatory obligations, requirements and guidance

• To provide insight and analysis of our customers both for ourselves and as part of providing products or services, helping us improve products or services, or to assess or improve the operating of our businesses

• To share information, as needed, with business partners (for example, Internet Service Providers, Telecomms Providers or Online Service providers in relation to providing IT Support and Services to your business), service providers or as part of providing and administering our products and services or operating our business.

• To facilitate the sale of one or more parts of our business

5. What are the legal grounds for our processing of your information (including when we share it with others)?

We rely on the following legal bases to use your personal data:

1. Where it is needed to provide you with our products or services, such as:

a) Managing and providing products, services and agreements you hold with us.

b) Updating your internal records, or to contact you about the services we are offering you.

c) Sharing your personal information with business partners and services providers in relation to our business, contracts or services together.

d) Managing and administering your IT environment and services as contracted to do so. e) All stages and activities relevant to managing the product or service administration or products or services and management of accounts, illustrations

2. Where it is in our legitimate interests to do so, such as:

a) Managing and providing your products and services relating to that, updating your records

b) To perform and/or test the performance of, our products, services and internal processes c) To follow guidance and recommended best practice of government and regulatory bodies d) For management and audit of our business operations including accounting e) To carry out monitoring and to keep records of our communications with you and our staff f) To administer our good governance requirements and those of other members of our company, such as internal reporting and compliance obligations or administration. g) For direct marketing communications and related profiling to help us to offer you relevant products and services, including deciding whether or not to offer you certain products and service. We will send marketing to you by email, phone, post and social media and digital channels.

h) Where we need to share your personal information with people or organisations in order to run our business or comply with any legal and/or regulatory obligations.

3. To comply with our legal obligations

4. With your consent or explicit consent:

6. When do we share your personal information with other organisations?

We may share information with the following third parties for the purposes listed above:

• Business partners (for example, Internet Service Providers, or online service platforms), or others who are a part of providing your products and services or operating our business including Microsoft, WatchGuard or Synology.

• Governmental and regulatory bodies.

• Other organisations and businesses who provide services to us such as back up and server hosting providers, IT hardware, software and maintenance providers, document storage providers and suppliers of other back office functions.

7. How and when can you withdraw your consent?

Where we’re relying upon your consent to process personal data, you can withdraw this at any time by contacting us using the details below.

Email: info@gecom.co.uk

Telephone: 01562 639963

Postal: Data Protection Officer, Gecom Solutions Ltd, 91 Marlpool Lane, Kidderminster, Worcestershire, DY115HP

8. Is your personal information transferred outside the UK or the EEA?

We’re based in the UK but sometimes your personal information may be transferred outside the European Economic Area. If we do so we’ll make sure that suitable safeguards are in place, for example by using approved contractual agreements, or industry standards of encryption, unless certain exceptions apply. If this is not acceptable to you or your business you must contact us immediately.

Email: info@gecom.co.uk

Telephone: 01562 639963

Postal: Data Protection Officer, Gecom Solutions Ltd, 91 Marlpool Lane, Kidderminster, Worcestershire, DY115HP

9. What should you do if your personal information changes?

You should tell us so that we can update our records using the details in the Contact Us section of our website. We’ll then update your records if we can.

10. Do you have to provide your personal information to us?

We’re unable to provide you with our products or services if you do not provide certain information to us. In cases where providing some personal information is optional, this can be discussed as necessary. For further clarification on this please use the details in the Contact Us section of our website.

11. Do we do any monitoring involving processing of your personal information?

In this section monitoring means any: listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, email, text messages, social media messages, in person (face to face) meetings and other communications.

We may monitor where permitted by law and we’ll do this where the law requires it, or to comply with regulatory rules, to prevent or detect crime, in the interests of protecting the security of our communications or IT systems and procedures and for quality control and staff training purposes.

12. For how long is your personal information retained by us?

Unless we explain otherwise to you, we’ll hold your personal information based on the following criteria:

• For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations

• For as long as we provide goods and/or services to you and then for as long as someone could bring a claim against us; and/or

• Retention periods in line with legal and regulatory requirements or guidance.

13. What are your rights under data protection laws?

Here is a list of the rights that all individuals have under data protection laws. They don’t apply in all circumstances. If you wish to use any of them, we’ll explain at that time if they are engaged or not.

• The right to be informed about the processing of your personal information.

• The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed.

• The right to object to processing of your personal information.

• The right to restrict processing of your personal information.

• The right to have your personal information erased (the “right to be forgotten”).

• The right to request access to your personal information and to obtain information about how we process it.

• The right to move, copy or transfer your personal information (“data portability”).

• Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you.

You have the right to complain to the Information Commissioner’s Office which enforces data protection laws: https://ico.org.uk/. You can contact us using the details below.

14. Your right to object

You have the right to object to certain purposes for processing, in particular to data processed for direct marketing purposes and to data processed for certain reasons based on our legitimate interests. You can contact us by going to the Contact Us section of our website to exercise these rights.

15. What are your marketing preferences and what do they mean?

We may use your business address, phone numbers, email address and social media or digital channels (for example, Facebook, Google and message facilities in other platforms) to contact you according to your marketing preferences.

You can opt out of any email or text marketing by following the unsubscribe links. If you receive a marketing call from us, you can ask the person who called you to opt you out. You can also write to us at: Data Protection Officer, Gecom Solutions Ltd, 91 Marlpool Lane, Kidderminster, Worcestershire, DY115HP. Or you can email us on our Contact Us page. Please subject this message ‘Marketing Preferences’

Contact Us

If you have any questions about this privacy notice, or if you wish to exercise your rights or contact the DPO, you can contact us using the below details:

Email: info@gecom.co.uk

Telephone: 01562 639963

Postal: Data Protection Officer, Gecom Solutions Ltd, 91 Marlpool Lane, Kidderminster, Worcestershire, DY115HP