Name of company
IT System Integrators Ltd
7 Station Approach
Tel: +44 (0)1296 344874
Company Registration no.
GB 212 4726 38
ICO Registration no.
This privacy notice gives you information on how IT System Integrators Ltd (ITSI) collects and processes your personal data. Personal data refers to data which can uniquely identify a living individual. This data may be stored in multiple places, a combination of which may be required to uniquely identify the individual. It does not include data where the identity has been removed or replaced (anonymous/pseudonymised data).
ITSI is the controller and data processor and as such is responsible for your personal data. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us using the details above.
You have the right to make a complaint at any time to the Information Commissioner's Office (www.ico.org.uk). However, we would appreciate the chance to deal with your concerns before contacting the ICO, so please contact us in the first instance.
Changes to this Privacy Notice, and your duty to inform us of changes
This version was last updated on 24th May 2018.
This privacy notice sets out most of your rights under the General Data Protection Regulation (GDPR).
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
We may collect, use, store and transfer different kinds of personal data about you, which we have grouped together as follows:
We do not collect any special categories of personal data about you (e.g. details about your race, ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, health data, biometric data), nor do we collect information about criminal convictions and offences.
We do not knowingly collect any information about children.
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you.
We use different methods to collect data from and about you, including:
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Generally, we do not rely on consent as a legal basis for processing your personal data. You have the right to withdraw consent to receiving marketing information at any time by contacting us.
Purposes for which we will use your personal data
Below is a description of each of the ways we plan to use your personal data, and which of the legal bases we rely upon to do so. We have also identified our legitimate interests where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying upon to process your personal data where more than one ground has been listed below.
|Purpose/Activity||Type of data||Lawful basis for processing, including basis of legitimate interest|
|To register you as a new customer||
|To process and deliver your order, including:
To manage our relationship with you, including:
To administer and protect our business, including:
|To deliver relevant content and advertisements to you, and to measure or understand the effectiveness of the advertising we serve to you||
|To make suggestions and recommendations to you about goods or services that may be of interest to you||
|To deal with a general enquiry or careers enquiry||
We aim to provide you with choices regarding certain personal data use, particularly around marketing and advertising:
We may have to share your personal data with the parties set out below:
We require all third-parties to respect the security of your personal data and to treat it in accordance with the law.
We do not allow our third-party service providers to use your personal data for their own purposes, and only permit them to process your personal data for specified purposes and in accordance with our instructions.
On occasion, we share your personal data with third-party suppliers where required, and who are listed within our glossary. This may involve transferring your data outside of the European Economic Area (EEA).
We ensure your personal data is protected by requiring all our third-parties to follow the same rules when processing your personal data. These rules are called "binding corporate rules". For further details, see European Commission: Binding corporate rules.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law, we have to keep basic information about our customers (including contact, identity, financial and transaction data) for six years after they cease being customers, for tax purposes.
In some circumstances you can ask us to remove your data: see "Your legal rights" below for further information.
In some circumstances we may anonymise/pseudonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Under certain circumstances, you have rights under data protection laws relating to your personal data. Please contact us if you wish to exercise any of the rights listed below:
You will not usually have to pay a fee to access your personal data, or to exercise any of your other rights. However, if your request is clearly unfounded, repetitive or excessive, we may charge a reasonable fee, or we may refuse to comply with your request.
For security reasons, we may need to request specific information from you in order to confirm your identity, and to ensure that you have rights to access your personal data, or to exercise any of your other rights. This is to ensure that your personal data is not disclosed to any person who has no right to receive it. We may also need to contact you for further information in relation to your request.
We aim to respond to all legitimate requests within one month, however it may take us longer if your request is particularly complex, or you have made a large number of requests. In this case, we will notify you and keep you updated.
|Company||Name||Type of service||Data processed|
|HansaWorld||Standard ERP||Accounting and ERP software||Our internal ERP system which holds customer, supplier and contact details|
|Freshworks||Freshdesk||Web-based ticketing system||Customer and contact names and e-mail addresses|
|Atlassian||Jira||Web-based issue planning||Customer and contact names|
|Atlassian||Hipchat||Chat service||Internal messaging that may include customer names and contact names for the purpose of fulfilling a contract|
|Atlassian||Confluence||Documentation||Meeting notes and knowledge-base articles which may include customer/supplier names and contact names|
|Microsoft||Skype||Chat service||Internal messaging that may include customer names and contact names for the purpose of fulfilling a contract|
|Lloyds TSB||Business Banking||Banking||Customer/supplier name and bank details, for the purpose of payment processing|
|HansaWorld||HansaMail||Accounting and ERP software||HansaWorld's internal ERP system which holds customer, supplier and contact details. We have limited access to this in order to fulfil our obligations as a HansaWorld partner|
|Flex BI SIA||flex.bi||Web-based Business Intelligence||Customer details used for sales analysis|
|IBM Bluemix||IBM Cloud||Cloud computing||Customer name may be used to identify a virtual machine|
|Fasthosts Internet||Cloud/CloudNX Server||Cloud computing||Customer name may be used to identify a virtual machine|
|Krystal Hosting||Cloud Hosting||Cloud computing||Customer name may be used to identify a virtual machine|
|LogMeIn Inc||LastPass||Web-based secure information storage||
Customer/supplier and contact names, e-mail addresses, usernames, passwords, IP addresses, other technical information required for support
A copy of ITSI's password policy is available on request.
Data Protection and Security Policy
A copy of ITSI's data protection and security policy is available on request. This refers specifically to how we store, backup, access and process your data, where we are not the data controller.