INTRODUCTION

 On the 25th May 2018 a new regulation called The General Data Protection Regulation (GDPR) came into force and applies to all UK businesses.

The regulation requires business like ours to document how we manage client data in a simple and easy to understand format.  This document details how Sure PC Help manages your data.

Legitimate Interest and Contractual Obligations

To offer our services we have to collect key bits of data about you.  This data can be used to personally identify individuals and either carry a legitimate interest (a legitimate reason as to why we need it) or a contractual obligation (an agreed reason why we need it).

An example of a legitimate reason: you have contacted Sure PC Help we, therefore, have a legitimate interest (reason) to store your data so that we can contact you back.

An example of a contractual obligation: we are supporting your IT. To do this we need to be able to recognise individuals in your business that have access to your computer system, the authorisation to keep, manage and secure this data would be laid out in a contract.

The data we hold about you

Your name and contact details

We need to know this information to be able to identify you, communicate with you, and to securely manage the data we hold about you.

This data is also used to identify you when offering our support and assistance services.  An example would be when you report a problem with your computer we need to be able to identify your computer and account to help you.

Your use of technology within your business

We know when and how to use your authorised office equipment that has our monitoring agent installed.  Such as the websites you visit, the times your computer is turned on and off and the software installed.  We can only remotely access your device without the need for you to grant access.

Depending on the services offered to your business we may also know what websites you visit while in the office on devices where we have no monitoring agents installed.

We do not install our monitoring agents on personally owned devices (BYOD).

Some of the data we collect is anonymised (we can’t identify you).

The rights you have to your data

You have the right to be informed about how we use your data, as laid out in this document.  You have the right to update your personal data.

To keep this data up to date you need to contact us.

To ask us to delete your personal data.  However, there may be circumstances where we are legally entitled to retain it.

To get a free copy of your personal data.  Through a Subject Access Request.  (Covered later in this document).

You can object to the processing of your data and have it restricted.  There are circumstances where we are legally entitled to refuse this request.

The security of your data

We use a number of services to manage and maintain the data we control and process. These services are vetted to make sure they abide by the highest level of security and if they are based in the USA are Privacy Shield Certified.   In addition where possible we implement our own additional access controls and security procedures.

Sure PC Help is Cyber Essentials Certified.

Spanning

We use Spanning to manage and maintain our backup and restore systems.

Data is kept in this system indefinitely; it is currently not technologically possible to alter a backup at a later date.

If you have requested your data to be deleted whenever we restore data that may contain data about you this data is deleted from the restored data.

ConnectWise Automate

We use ConnectWise Automate to monitor your business computer systems and the individual devices your employees use.

We can see the times your computer is turned on and off, the software installed, the programs running on the machine in real time, the state of the hardware, make and model, and remotely access the computer.

We keep data on this system while your business is contracted to our services.  Once this relationship ends the data on this system is deleted within 30 working days.

MailChimp

We use MailChimp to keep clients informed of service change that may affect how you work. We do not use MailChimp for external marketing emails.

We keep data on this system while your business is contracted to our services.  Once this relationship ends the data on this system is deleted within 30 working days.

Freeagent

Freeagent is our accounting software, used for invoicing, quoting, bank reconciliations and other similar accountancy functions.

Our Accountants have access to this system and process data for the purpose of bookkeeping and annual accounts.

Data stored in Freeagent is kept for six years from the data it was created. This is a regulatory requirement under the VAT Act 1994 (Schedule 11, paragraph 6) and HMRC Notice 700/21.

Subject Access Request (SAR)

It is really important that you can request to find out what personally identifiable data a business holds about you.

You can email us to make a SAR request.  You will need to supply identification before we can proceed with the SAR.  This is to make sure that you are the real owner of the data you are requesting.  We will then collect the data we hold about you and release it to you within 30 days of your request and suitable identification being produced.

https://www.surepchelp.co.uk/privacy-policy/

https://www.surepchelp.co.uk/acceptable-use-policy/

https://www.surepchelp.co.uk/cookie-policy/

https://www.surepchelp.co.uk/terms-website-use/