Privacy Policy

Privacy Policy

NetVector provides IT consultancy and support services for small, medium and large sized businesses. This privacy policy explains in a clear and succinct way, how we use any personal information we collect about you, either through using our website, or in any other way, verbally or in writing.

Topics:
• Data controller and data protection officer
• Basis for collecting your data (Lawful processing)
• Legitimate Interests
• Sensitive Information
• Categories of Personal Data
• Cookies
• Recipients of data
• Data transfers
• Retention policy
• Your Rights as a data subject
• Automated decision making

Data controller and data protection officer

Netvector as an organisation is a data controller and specifically, Mr. Nigel Holmes a company director, is Netvector’s nominated Data Controller. Mr. Holmes can be contacted by email at nigel.holmes@netvector.co.uk or telephone number +44 (0)3700 500 040. Netvector have appointed a Data Protection Officer who is Mr. Derek Mann from DVMann Consulting Ltd. Mr. Mann can be contacted by email at Derek.Mann@DVManconsulting.biz.

On what basis do we collect and process your data? (known as lawful processing)

We collect information about you our clients or prospective clients in order to process your order, manage your account and if you agree by consenting at point of collection, to email you about other products and services. We also collect information when you voluntarily complete customer surveys and provide feedback. Our data is processed by means of a Customer Relationship Management system which is a proprietary software package hosted at our ISO 27001 accredited Data Centre. The lawful basis on which we process your data is in the legitimate interests of Netvector. In identifying this lawful basis, we have conducted a ‘Legitimate Interest Assessment’ in order to be satisfied that the interests of Netvector do not override with your own legitimate rights and freedoms.

We also collect personal data during our recruitment process which is used for the purpose of pre-employment checks, ongoing employment, and providing remuneration. This personal information is held and processed on our HR and payroll systems. Once again, we have identified the lawful basis as in the legitimate interest of Netvector.

The personal data we collect is provided as a contractual requirement. The possible consequences of not providing the required data are that we may not be able to either offer employment or engage commercially in the provision of IT consultancy services.

Legitimate Interests

In relation to the legitimate interests that determine our lawful processing, Netvector undertakes the processing of PII in relation to employees to ensure suitability for employment and to discharge any statutory responsibilities in relation to right to work, residency and HMRC requirements.
Both Netvector and the employee benefit from this processing activity as it provides safeguards for Netvector and facilitates employment for the Data Subject. If processing this data were not permitted, then the company could not operate and provide goods and services as well as not being able to offer employment opportunities. The data collected will not be used for any unlawful or unethical purpose.

Clients

The processing of client data is undertaken in order to engage commercially and offer the most appropriate IT related service and products. In addition, we maintain an oversight of our clients to continue our support which requires contract. Netvector and the client benefit from this processing activity as it provides opportunities to establish and sustain commercial relationships and to provide the most focused advice for the benefit of the client. If processing this data were not permitted, then the company could not operate and provide services.

Netvector has conducted a Legitimate Interest Assessment and conclude that there is a justifiable necessity to process personal data under this purpose and that the balance of rights of the Data Subject and Netvector has been reviewed. In our opinion, Netvector’s interests do not override that of the data subjects.

Sensitive Information

Netvector does process some health data in the managing the employment of our staff. We have identified that Legitimate Interest is the lawful basis for this processing as consent between employee and employer cannot be considered as freely given.

Categories of Data

Netvector processes non-sensitive data and sensitive data as defined by Article 9 of the GDPR. In addition, we process criminal record data in relation to security screening of our staff where required by our clients. This processing is under the control of the National Security Screening Agency.

Cookies

To make our website work properly, we sometimes place small data files called cookies on your device.

What are cookies?
A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions and preferences (such as login, language, font size and other display preferences) over a period of time, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another.

How do we use cookies?
A number of our pages use cookies to remember:

Also, some videos embedded in our pages use a cookie to anonymously gather statistics on how you got there and what videos you visited. Enabling these cookies is not strictly necessary for the website to work but it will provide you with a better browsing experience. You can delete or block these cookies, but if you do that some features of this site may not work as intended.
The cookie-related information is not used to identify you personally and the pattern data is fully under our control. These cookies are not used for any purpose other than those described here.

How to control cookies
You can control and/or delete cookies as you wish – for details, see aboutcookies.org. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.

Cookies we use are:

_ga

_gid 

_gat 

A1WebStats provide only company names linked to an IP address, and so there is no personal data available within the system.

Data recipients

Any personal data we collect, hold and process is retained both within our own company systems and that of our 3rd party data processors, these being ‘The Bunker’, Newbury, and our cloud based HR system, Breath HR. Access to data is restricted to those who have a legitimate reason to retrieve it, e.g. HR and finance professionals, company directors and account managers.

Data transfers

Personal Data is transferred to the EU and USA by our data processors through their cloud service provision. This complies with the GDPR international transfers requirements.

Retention policy

The data we collect directly from you is the minimum we require to facilitate the lawful processing described above. Personally Identifiable Data placed on our CRM system will be deleted as soon as practicable after termination of a commercial contract between us and in any case within 3 months.

Personal data collected and processed for HR and Finance purposes will be held for the maximum time as determined by any legal requirement, such as payroll and finance records. We will retain HR data for a period of 6 months after termination of contract to ensure the integrity of records, should any dispute be lodged in relation to employment at Netvector.

Your rights as a data subject

The regulations provide a number of rights to you as the Data Subject. Netvector is committed to upholding those rights and those applicable to the personal information we collect and process are listed below. In addition to these rights, you have the right to escalate any concern to the Supervisory Authority, which in the UK is the Information Commissioners Office https://ico.org.uk. A full and detailed explanation of all rights can be found at https://ico.org.uk/for-the-public/

• The Right to be Informed – you should be clear about what, why and in what way your personal information will be processed at the time it is processed. This privacy policy sets out that information
• Right of Access – you have the right to know what personal information is held, by whom and why. You can send a Subject Access Request to see what personal information and any supplementary information relating to you is held by us. We will provide you with the information we hold within one month of your request, unless the provision of that information is particularly complex. In which case, we may extend the deadline by a further two months. This information will be provided free of charge unless you require multiple copies of the same information, in these circumstances, we retain the right to charge a reasonable administrative fee.
• The Right to Rectification – If the information we have collected and processed is inaccurate or incomplete, you have the right to have it rectified. We will respond to your request for rectification within one month, unless the request is complex or multiple.
• Right to Erasure – You have the right to have your personal data erased and to prevent processing in some specific situations, these include:
• Where personal data is no longer necessary regarding the purpose for which it was originally collected
• When you withdraw consent
• When you oppose the processing and there is no superseding legitimate interest for continuing the processing
• If the personal data was unlawfully processed (i.e. otherwise in breach of the GDPR)
• If the personal data must be removed in order to comply with a legal obligation
• If the personal data is processed in relation to the offer of information/ society services to a child.
• Right to Restrict Processing – If you contest the accuracy of the personal data we hold, we will restrict the processing of your data until accuracy is verified. The restriction of processing can occur for other reasons too, such as if you require us to retain your data in the advent of a legal claim.
• Right to Data Portability – You have the right to move, duplicate or transfer your data easily from one IT environment to another in a safe and secure way, without hindrance to usability.

You also have the right to lodge a complaint with the UK’s supervisory body, The Information Commissioners Office www.ico.org.uk

Automated decision making
Netvector does not conduct any profiling or automated decision making.

Other websites
Our website contains links to other websites. This privacy policy only applies to Netvector’s website, so if you follow a link to another website, you should read their own privacy policy.

Changes to our privacy policy
We keep our privacy policy under review and we will place any updates on our website. This privacy policy was last updated in May 2018

How to contact us
You can write to Netvector at this address:
Netvector Consulting – IT Support, South Barn, Crockham Hill, Edenbridge TN8 6SR
You can telephone Netvector on this number:
+44 (0)3700 500 040
You can email Netvector by using this link: enquiries@netvector.co.uk

 

Request an onsite meeting and let us show you what we can do to help your business Contact Us