EastNet Privacy Notice
1 WHO ARE WE?
1.2 We have a data protection officer who is responsible for all of our issues relating to the protection of personal data. The data protection officer can be contacted at firstname.lastname@example.org or in writing at:
The Data Protection Officer
The ICT Service
Compass Point Business Park
Stocks Bridge Way
(b) Prospective customers;
(c) Individuals that use our websites;
(d) Former customers.
3 WHAT INFORMATION DO WE COLLECT?
3.1 Personal data is any information that can identify a natural person. We may collect, use, store and transfer different categories of personal data to enable us to deliver our services, as follows:
(a) Data about your Identity including first name, last name, title, date of birth and gender;
(b) Data about your contact details including service address, correspondence/billing address, email address, landline telephone number and mobile phone number;
(c) Technical data including IP address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other information on the devices you use to access our services;
(d) Data about your usage of our products and services including the amount of time you spend online and the websites you visit;
(e) Data relating to your marketing and communications choices including what method you would like to receive marketing and how frequently;
3.2 We may also collect and use non-personal data such as statistical or demographic data. This data may be derived from your personal data but is not considered personal data as this data cannot identify you.
4 HOW DO WE COLLECT INFORMATION?
4.1 Information you give us
(a) When you place an order with us for any of our services we will need certain information to process your order.
(b) When you contact us to discuss your services, we may ask for certain information to be able to confirm your identity, check our records and answer your questions quickly and accurately
4.2 Information we automatically collect
(a) We will automatically collect information:
(i) when you use our services; and
(ii) when you visit our websites we may collect and process information about your usage of these by using “cookies” and other similar technologies to help us make improvements to the websites and to the services we make available
4.3 Information we receive from other sources
(a) We may receive personal data about you from third parties or companies contracted by us to help us provide services to you;
5 HOW DO WE USE INFORMATION?
5.1 The information we collect helps us to better understand what you need from us and to improve the provision of our services to you.
5.2 We use the information collected for example to:
(a) verify your identity when you use our services or contact us;
(b) process your enquiries, orders or applications, for example when assessing an application, we may use automated decision-making systems;
(d) monitor, record, store and use any telephone, e-mail or other electronic communications with you for training purposes, so that we can check any instructions given to us and to improve the quality of our customer service, and in order to meet our legal and regulatory obligations;
(e) where you have agreed, provide you with information about other services or products which you may be interested in;
(f) to tell you about changes to our websites, services or terms and conditions;
(g) carry out any marketing analysis, profiling or create statistical or testing information to help us personalise the services we offer you and to understand what our customers want;
(h) recover any monies you may owe to us for using our services;
(i) analyse our services with the aim of improving them;
(j) prevent or detect a crime, fraud or misuse of, or damage to our network, and to investigate where we believe any of these have occurred; and
(k) monitor network traffic from time to time for the purposes of backup and problem solving, for example our automated system may monitor email subjects to help with spam and malware detection.
5.3 Your data may also be used for other purposes for which you give your specific permission or, in very limited circumstances, when required by law.
5.4 We may supplement the information directly collected by us with data from third parties (for example socio-demographic data) to further improve the services or products we offer customers.
6 WHEN WILL WE SHARE YOUR DATA WITH OTHERS?
6.1 We may need to share your information with other organisations to help us provide our services to you.
6.2 The categories of non-ICT Service parties that we would share your details with are:
(a) Third party suppliers who help us to perform our services;
(b) Professional advisors;
(c) Law enforcement agencies;
(d) Regulators (such as Ofcom or the ICO).
6.3 Where we share your information with third parties they are required to follow our express instructions in respect of the use of your personal information and they must comply with all applicable UK data protection laws to protect your information and keep it secure.
7 PROTECTING INFORMATION
7.1 We take protecting your data seriously, and will do our utmost to employ appropriate organisational and technical security measures to protect you against unauthorised disclosure or processing.
8 WHY DO WE PROCESS YOUR DATA?
8.1 We process each type of personal data for one the following reasons:
(a) We need to process the data under our contract with you for our services;
(b) We have a legitimate interest as a supplier of services in processing your data;
(c) We have a legal obligation to process the data; or
(d) We have your consent (which you can withdraw at any time).
8.2 If you don’t provide us with the data we need then we may not be able to perform our contract with you and may need to terminate the contract. If this happens, we will notify you as set out in our contract.
9 TRANSFERS OF DATA OUTSIDE THE EEA
9.1 From time to time the third parties we share our data with may be outside the European Economic Area (EEA) in countries that do not always have the same standard of data protection laws as the UK. However, we will have a contract in place to ensure that your information is adequately protected and we will remain bound by our obligations under applicable UK data protection laws even when your personal information is processed outside the EEA. The sorts of measures we use to protect your data in this instance are security reviews of the organisations, contractual model clauses approved for use by the European Commission or other approved transfer mechanisms, such as the Privacy Shield for transfers to the USA.
10 HOW LONG DO WE HOLD YOUR INFORMATION FOR?
10.1 Unless there is a specific regulatory or legal requirement for us to keep your information longer, we will keep your information for as long as it is necessary for the purpose for which it was collected.
10.2 To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
11 YOUR RIGHTS
11.1 As a data subject you have a number of personal rights under data protection laws in relation to your personal data. These are:
(a) Subject access requests - You have a right to access personal data that we hold as a data controller.
(b) Right to be forgotten - In certain circumstances you have a right to request that your personal data be erased from the systems within our control.
(c) Rectification - You have a right to correct your personal data that we hold as a data controller.
(d) Withdraw consent - Where we have offered you the right to consent to giving us your data, for instance with your marketing preferences, you have the right to withdraw your consent at any time.
(e) Objection and restriction of processing - In certain circumstances, you have a right to object to or request we restrict our processing of your personal data.
(f) Right to port – You have a right to receive certain information about you in a machine readable format.
11.2 If you would like more information about these rights or how to apply them, please contact email@example.com
12.1 If you would like to make a complaint about our use of the personal data you should contact our Data Protection Officer at the details above. If we have not resolved your complaint, you can contact the UK data protection regulator, the Information Commissioner’s Office (ICO) (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.