4 Jan 2021
We take this topic very seriously to ensure your data protection
Industry best practice
We are subscribers to The Information Commissioners Office (ICO) for guidance on this topic.
If you have a concern, please contact us
- Name: It Continues Now Ltd
- Address: 35 Saunderton Vale, High Wycombe, HP14 4LJ
- Director: Andrew Jones
- Email: email@example.com
- ICO Certificate Number: ZA871773
The type of personal information we collect for the purpose of running our business
When a client, potential client or service partner contacts us we collect the following information
- Basic contact information: name, email, company name, position, phone number
- We may collect some details of the end-client if you are a sub-contractor in the supply of a service. E.g. you are a recruitment agency, umbrella company, large IT services company acting of behalf on an end-client.
- We also may collect details pertinent to a possible IT project such as role specifications, technical documents, flow chart type diagrams, sample code and configuration to help us make a viable sales proposal.
We take our obligations seriously to secure it and ensure it is only distributed to any Third-Party as authorised.
How we get the personal information and why we have it?
Most of the personal information we process is provided to us directly by a client, potential client, service partner by email or telephone discussion for one of the following reasons:
- Potential deployment of our staff for consultancy and/or services for an IT project.
- Interest in Boomi®, owned by Boomi Inc (a Dell Technologies Company) as an integration platform as a service (iPaaS) you may wish to evaluate for purchase. We are a member of the “Boomi Partner Programme” and we refer an interested client to Boomi Inc for further sales discussions only with your consent.
- We may also receive personal information indirectly from a mutual third-party you may have a commercial relationship with, as they believe we can help you. We will ask for evidence of such a relationship/referral before we contact you. In short, we prefer not to “cold call”.
We use the information that you have given us to tailor the marketing of our services appropriately and give appropriate technical advice on an existing or possible project.
We will only share your details with our service partners if you give explicit consent.
We will share financial details with government bodies such as the police or tax authorities if our solicitor and / or accountant confirm the demand for such is reasonable and legal.
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
- Your consent. You can remove your consent at any time.
- We have a contractual obligation.
- We have a legal obligation.
- We have a vital interest.
- We need it to perform a public task.
- We have a legitimate interest.
How we store your personal information
Emails are stored on private accounts hosted by IONOS by 1&1 and Google only.
Project documents are securely stored in a secured private Microsoft hosted cloud account available to our staff on a “as needed” basis.
For potential clients, we keep information for a limited period from the date of our last communication (e.g. telephone, email) about a potential engagement. After 60 days, should a commercial relationship not start, we dispose of email, telephone number, documents shared to help make a bid. Any artefacts or software produced by us (e.g. use cases, bid documents, software configuration demonstrations) will be retained but anonymised.
For end clients and service partners we keep your details on record while our commercial relationship is current and active. 1 year after the end of our commercial relationship we assume there is no re-start possibility and dispose of all data with exception of:
- financial records we need to retain for HMRC related to provision of service.
- legal records e.g. confidentiality agreements.
- any designs, artefacts, software where we hold the right of intellectual property, but these will be anonymised.
If you have a “connection” on social media site (such as LinkedIn, Facebook) with us or our staff it is assumed these can remain in place in perpetuity. Any profiles will be respectful not to divulge commercially sensitive information. To put another way, we will endeavour to keep them as uncontroversial statements of fact: role, duration, service delivered. Staff joining us sign a HR policy stating the same.
Your data protection rights
Under data protection law, you have rights including:
- Your right of access: The right to ask us for copies of your personal information.
- Your right to rectification: The right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure: The right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing: The right to ask us to restrict the processing of your personal information in certain circumstances.
- Your right to object to processing: The right to object to the processing of your personal information in certain circumstances.
- Your right to data portability: The right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us if you wish to make a request.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint by contacting us. We will confirm the receipt of the request within 10 days and aim to give a full answer within 28 days.
You can also complain to the ICO if you are unhappy with how we have used your data. We subscribe to the services of ICO provides to help us with data protection.
The ICO's address is Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF
The type of personal information we collect from our staff
We only collect data from our own staff that is essential to recruitment, identity checking, salary payments, PAYE, pension, career development and other benefit provisions. Staff sign a HR document that their use of social media to describe business activities as part of their personal networking must be respectful, within acceptable business norms and be information that is legal to share and available within the public domain.