GDPR: DATA PRIVACY NOTICE FOR CLIENTS AND SUPPLIERS
UDISYS Limited (“We”) are committed to protecting and respecting your privacy.
The rules on processing of personal data are set out in the General Data Protection Regulation (the “GDPR”) and the Data Protection Act 2018.
Data controller – A controller determines the purposes and means of processing personal data.
Data processor – A processor is responsible for processing personal data on behalf of a controller.
Data subject – Natural person
Personal data – The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (as explained in Article 6 of GDPR).
Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Third party – means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Who are we?
UDISYS Limited is the data controller. This means we decide how your personal data is processed and for what purposes. Our contact details are:
15, Oakley Close
Tel: +44 1932 483042
For all data matters contact our Data Representative on +44 1932 483042 or email@example.com or in writing at the above address.
What is our legal basis for processing your personal data?
Our lawful basis for processing your general personal data:
- For the fulfilment of contractual obligations (EU GDPR Article 6(1)(b)) – this means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
- As part of the balance of legitimate interests (EU GDPR Article 6(1)(f)) – this means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
- On the basis of your consent (EU GDPR Article 6(1)(b)) – this means you have given us consent to the processing of personal data for specific purposes, the legality of this processing is based on your consent. A given consent can be revoked at any time.
The personal data we collect and process about you
We may collect and process the following data about you:
- Identity and Contact data such as name, title, address, email address telephone numbers and social media information
- If you contact us, we may keep a record of that correspondence and of any contact details contained therein.
- Information you provide when you fill in forms on our website (udisys.co.uk) such as a Contact Us form, Enquire form
- Information you provide when you correspond with us by email, letter, text, social media
- Information you provide during telephone conversations and meetings.
- Transaction data such as details about payments to and from you, details of products and services you have purchased from us
- Financial data including bank account details and credit information
- Information that you provide when you report a problem with using our Website
We may also collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to analyse the use of our Website. These are statistical data about our users’ browsing actions and patterns, and do not identify any individual.
We may receive personal data about you that we legitimately gain from publicly available sources (eg Internet) or that are transmitted to other third parties (eg a credit reference agency / Companies House).
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
If you fail to provide personal data
Where we need to collect your personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
The purpose(s) of processing your personal data
We are permitted to process your personal data in compliance with Data Protection Legislation by relying on one or more of the following lawful grounds:
- You have explicitly agreed to us processing such information for a specific reason.
- The processing is necessary to perform the agreement we have with you or to take steps to enter into an agreement with you.
- The processing is necessary for compliance with a legal obligation we have.
- The processing is necessary for the purposes of a legitimate interest pursued by us.
- To ensure that complaints are investigated.
- To evaluate, develop or improve our services; or
- To keep you informed about relevant services, unless you have indicated at any time that you do not wish us to do so.
Our lawful basis for processing your general personal data:
Sharing your personal data
We may have to share your personal data with the parties set out below for the purposes set out in the table in paragraph 5 above.
- External Third Parties Service
- Providers acting as data processors for our data storage, email services, accounting and stock management platforms, based within the EEA and outside of the EEA, who provide hosting, IT and system administration services.
- Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
How long do we keep your personal data?
We process and store your personal information for as long as it is necessary for the fulfilment of our contractual and legal obligations. If the data is no longer required for the fulfilment of contractual or legal obligations, it will be deleted on a regular basis.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
- The right to request a copy of the personal data which we hold about you;
- The right to request that we correct any personal data if it is found to be inaccurate or out of date;
- The right to request your personal data is erased where it is no longer necessary to retain such data;
- The right to withdraw your consent to the processing at any time, where consent was your lawful basis for processing the data.
- The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable i.e. where the processing is based on consent or is necessary for the performance of a contract with the data subject and where the data controller processes the data by automated means);
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- The right to object to the processing of personal data, (where applicable i.e. where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics).
Transfer of Data Abroad
Automated Decision Making
We do not use any form of automated decision making in our business.
If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.
How to make a complaint
To exercise all relevant rights, queries or complaints please in the first instance contact our Data Representative on +44 1932 483042 or firstname.lastname@example.org or in writing at the above address.
If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 03031231113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.