• Data controller and data protection officer
• Basis for collecting your data (Lawful processing)
• Legitimate Interests
• Sensitive Information
• Categories of Personal Data
• Recipients of data
• Data transfers
• Retention policy
• Your Rights as a data subject
• Automated decision making
Data controller and data protection officer
Netvector as an organisation is a data controller and specifically, Mr. Nigel Holmes a company director, is Netvector’s nominated Data Controller. Mr. Holmes can be contacted by email at email@example.com or telephone number +44 (0)3700 500 040. Netvector have appointed a Data Protection Officer who is Mr. Derek Mann from DVMann Consulting Ltd. Mr. Mann can be contacted by email at Derek.Mann@DVManconsulting.biz.
On what basis do we collect and process your data? (known as lawful processing)
We collect information about you our clients or prospective clients in order to process your order, manage your account and if you agree by consenting at point of collection, to email you about other products and services. We also collect information when you voluntarily complete customer surveys and provide feedback. Our data is processed by means of a Customer Relationship Management system which is a proprietary software package hosted at our ISO 27001 accredited Data Centre. The lawful basis on which we process your data is in the legitimate interests of Netvector. In identifying this lawful basis, we have conducted a ‘Legitimate Interest Assessment’ in order to be satisfied that the interests of Netvector do not override with your own legitimate rights and freedoms.
We also collect personal data during our recruitment process which is used for the purpose of pre-employment checks, ongoing employment, and providing remuneration. This personal information is held and processed on our HR and payroll systems. Once again, we have identified the lawful basis as in the legitimate interest of Netvector.
The personal data we collect is provided as a contractual requirement. The possible consequences of not providing the required data are that we may not be able to either offer employment or engage commercially in the provision of IT consultancy services.
In relation to the legitimate interests that determine our lawful processing, Netvector undertakes the processing of PII in relation to employees to ensure suitability for employment and to discharge any statutory responsibilities in relation to right to work, residency and HMRC requirements.
Both Netvector and the employee benefit from this processing activity as it provides safeguards for Netvector and facilitates employment for the Data Subject. If processing this data were not permitted, then the company could not operate and provide goods and services as well as not being able to offer employment opportunities. The data collected will not be used for any unlawful or unethical purpose.
The processing of client data is undertaken in order to engage commercially and offer the most appropriate IT related service and products. In addition, we maintain an oversight of our clients to continue our support which requires contract. Netvector and the client benefit from this processing activity as it provides opportunities to establish and sustain commercial relationships and to provide the most focused advice for the benefit of the client. If processing this data were not permitted, then the company could not operate and provide services.
Netvector has conducted a Legitimate Interest Assessment and conclude that there is a justifiable necessity to process personal data under this purpose and that the balance of rights of the Data Subject and Netvector has been reviewed. In our opinion, Netvector’s interests do not override that of the data subjects.
Netvector does process some health data in the managing the employment of our staff. We have identified that Legitimate Interest is the lawful basis for this processing as consent between employee and employer cannot be considered as freely given.
Categories of Data
Netvector processes non-sensitive data and sensitive data as defined by Article 9 of the GDPR. In addition, we process criminal record data in relation to security screening of our staff where required by our clients. This processing is under the control of the National Security Screening Agency.
To make our website work properly, we sometimes place small data files called cookies on your device.
What are cookies?
A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions and preferences (such as login, language, font size and other display preferences) over a period of time, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another.
- your display preferences, such as contrast colour settings or font size
- if you have already replied to a survey pop-up that asks you if the content was helpful or not (so you won’t be asked again)
Also, some videos embedded in our pages use a cookie to anonymously gather statistics on how you got there and what videos you visited. Enabling these cookies is not strictly necessary for the website to work but it will provide you with a better browsing experience. You can delete or block these cookies, but if you do that some features of this site may not work as intended.
The cookie-related information is not used to identify you personally and the pattern data is fully under our control. These cookies are not used for any purpose other than those described here.
How to control cookies
You can control and/or delete cookies as you wish – for details, see aboutcookies.org. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.
Cookies we use are:
- Default Expiration Time: 2 years from set/update
- Used to distinguish users.
- Default Expiration Time: 24 hours from set/update
- Used to distinguish users.
- Default Expiration Time: End of browser session
- Used to throttle request rate.
A1WebStats provide only company names linked to an IP address, and so there is no personal data available within the system.
Any personal data we collect, hold and process is retained both within our own company systems and that of our 3rd party data processors, these being ‘The Bunker’, Newbury, and our cloud based HR system, Breath HR. Access to data is restricted to those who have a legitimate reason to retrieve it, e.g. HR and finance professionals, company directors and account managers.
Personal Data is transferred to the EU and USA by our data processors through their cloud service provision. This complies with the GDPR international transfers requirements.
The data we collect directly from you is the minimum we require to facilitate the lawful processing described above. Personally Identifiable Data placed on our CRM system will be deleted as soon as practicable after termination of a commercial contract between us and in any case within 3 months.
Personal data collected and processed for HR and Finance purposes will be held for the maximum time as determined by any legal requirement, such as payroll and finance records. We will retain HR data for a period of 6 months after termination of contract to ensure the integrity of records, should any dispute be lodged in relation to employment at Netvector.
Your rights as a data subject
The regulations provide a number of rights to you as the Data Subject. Netvector is committed to upholding those rights and those applicable to the personal information we collect and process are listed below. In addition to these rights, you have the right to escalate any concern to the Supervisory Authority, which in the UK is the Information Commissioners Office https://ico.org.uk. A full and detailed explanation of all rights can be found at https://ico.org.uk/for-the-public/
• Right of Access – you have the right to know what personal information is held, by whom and why. You can send a Subject Access Request to see what personal information and any supplementary information relating to you is held by us. We will provide you with the information we hold within one month of your request, unless the provision of that information is particularly complex. In which case, we may extend the deadline by a further two months. This information will be provided free of charge unless you require multiple copies of the same information, in these circumstances, we retain the right to charge a reasonable administrative fee.
• The Right to Rectification – If the information we have collected and processed is inaccurate or incomplete, you have the right to have it rectified. We will respond to your request for rectification within one month, unless the request is complex or multiple.
• Right to Erasure – You have the right to have your personal data erased and to prevent processing in some specific situations, these include:
• Where personal data is no longer necessary regarding the purpose for which it was originally collected
• When you withdraw consent
• When you oppose the processing and there is no superseding legitimate interest for continuing the processing
• If the personal data was unlawfully processed (i.e. otherwise in breach of the GDPR)
• If the personal data must be removed in order to comply with a legal obligation
• If the personal data is processed in relation to the offer of information/ society services to a child.
• Right to Restrict Processing – If you contest the accuracy of the personal data we hold, we will restrict the processing of your data until accuracy is verified. The restriction of processing can occur for other reasons too, such as if you require us to retain your data in the advent of a legal claim.
• Right to Data Portability – You have the right to move, duplicate or transfer your data easily from one IT environment to another in a safe and secure way, without hindrance to usability.
You also have the right to lodge a complaint with the UK’s supervisory body, The Information Commissioners Office www.ico.org.uk
Automated decision making
Netvector does not conduct any profiling or automated decision making.
How to contact us
You can write to Netvector at this address:
Netvector Consulting – IT Support, South Barn, Crockham Hill, Edenbridge TN8 6SR
You can telephone Netvector on this number:
+44 (0)3700 500 040
You can email Netvector by using this link: firstname.lastname@example.org