The Data Protection Act 2018 [“DPA 2018”] and the General Data Protection Regulation [“GDPR”] impose certain legal obligations in connection with the processing of personal data. “Personal data” means any information relating to an identified or identifiable data subject.
An identifiable data subject is anyone who can be identified, directly or indirectly, by reference to an identifier, such as a name, identification number or online identifier. “Processing” means any operation or set of operations that is performed on personal data, such as collection, use, storage, dissemination and destruction.
Linkit IT Solutions Limited [LinkIT] is a data controller within the meaning of the GDPR and we process personal data. The firm’s contact details are as follows: LinkIT House, 3 Barford Exchange, Wellesbourne Road, Barford, Warwick. CV35 8AQ.
We may amend this privacy notice from time to time. If we do so, we will supply you with or otherwise make available to you [e.g. via a link to a page on our website] a copy of the amended privacy notice.
Where we act as a data processor on behalf of a data controller [for example, when arranging an equipment lease], we shall provide an additional schedule setting out required information as part of that agreement. That additional schedule should be read in conjunction with this privacy notice.
Our intended processing of personal data has the following legal bases:
If you do not provide the information that we request, we may not be able to provide goods and services to you.
We may share your personal data with third parties for the purpose of providing goods and services to you [e.g. direct delivery of goods from the manufacturer to your premises]. With your permission, we may share personal data with other companies or affiliates for the purposes of informing you about other products and services which may be of interest to you. We require that any third parties with whom we share personal data are compliant with GDPR and the DPA2008
If the law allows or requires us to do so, we may share your personal data with the following organisations in order to comply with our legal obligations, including our legal obligations to you:
Your personal data will be processed within the EU only.
When acting as a data controller and in accordance with recognised good practice we will retain all of our records relating to you as follows:
Our contractual terms provide for the destruction of documents after 7 years and therefore agreement to the contractual terms is taken as agreement to the retention of records for this period, and to their destruction thereafter.
All personal data retained by Linkit IT Solutions Limited [LinkIT] is stored in secure databases or document repositories with access limited to those operational staff whose functions directly require it. Linkit IT Solutions Limited [LinkIT] requires all staff to conform to secure processes while involved in any activity that involves processing of personal data Linkit IT Solutions Limited [LinkIT] has procedures in place to prevent data breaches and requires any other organisation that may at any point have access to that data to have similar standards of security.
You have a right to request access to your personal data that we hold. Such requests are known as ‘Data Subject Access Requests’ [“DSARs”]. Please provide all DSARs in writing marked for the attention of the Data Protection Officer. We will provide all such information in a concise and easily readable manner. To help us provide the information you want and deal with your request more quickly, you should include enough details to enable us to verify your identity and locate the relevant information. This is in order that we do not disclose your personal information to anyone but you. For example, you should provide:
You can ask someone else to request information on your behalf – for example, a friend, relative or solicitor. We must have your authority to respond to a DSAR made on your behalf. You can provide such authority by signing a letter which states that you authorise the person concerned to write to us for information about you, and/or receive our reply.
The DPA 2018 requires that we comply with a DSAR promptly and in any event within one month of receipt. There are, however, some circumstances in which the law allows us to refuse to provide access to personal data in response to a DSAR [e.g. if you have previously made a similar request and there has been little or no change to the data since we complied with the original request]. We will not charge you for dealing with a DSAR unless it is manifestly unfounded or excessive, [e.g. because of its repetitive character], in which case we may charge a reasonable fee, taking into account the administrative costs of providing the personal data, or refuse to act on the request. In the event that there is a delay or refusal to comply with the DSAR, we will advise you, with an explanation of the reasons, within one month of receipt.
You have a right to obtain the rectification of any inaccurate personal data concerning you that we hold. You also have a right to have any incomplete personal data that we hold about you completed. Should you become aware that any personal data that we hold about you is inaccurate and/or incomplete, please inform us immediately so we can correct and/or complete it.
In certain circumstances you have a right to have the personal data that we hold about you erased. Further information is available on the ICO website [www.ico.org.uk]. If you would like your personal data to be erased, please inform us immediately and we will consider your request. In certain circumstances we have the right to refuse to comply with a request for erasure [e,g, if a relevant statute prevents us from doing so]. If applicable, we will supply you with the reasons for refusing your request.
In certain circumstances you have the right to ‘block’ or suppress the processing of personal data or to object to the processing of that information. Further information is available on the ICO website [www.ico.org.uk]. Please inform us immediately if you want us to cease to process your information or you object to processing so that we can consider what action, if any, is appropriate.
Where you have consented to our processing of your personal data, you have the right to withdraw that consent at any time. Please inform us immediately if you wish to withdraw your consent.
Please note:
We do not currently intend to use automated decision-making in relation to your personal data.
If you have requested details of the information we hold about you and you are not happy with our response, or you think we have not complied with the GDPR or DPA 2018 in some other way, you can complain to us. Please send any complaints marked for the attention of our Data Protection Officer at the address above.
If you are not happy with our response, you have a right to lodge a complaint with the ICO
[www.ico.org.uk].
