Gorazy.com | DATA PROTECTION POLICY

Click here for our privacy Statement...

Policy Information...

Organisation:
William Brook (Farnham IT Support)

Scope of policy:
This policy covers all the activities of William Brook, trading as Farnham IT Support, acting as an IT Support Consultant

Policy operational date:
25th May 2018

Policy prepared by:
William Brook

Date approved:
8th May 2018

Policy to be reviewed:
25th May 2021

Policy review responsibility:
William Brook

Data protection officer:
William Brook

Notes:
Links to additional GDPR resources like Microsoft Office 365, Facebook & Google can be found at the end of this page.


Introduction...

Purpose of this policy - The purpose of this policy is to outline William Brook's complete commitment to the letter and spirit of the GDPR regulations and to underline our commitment to protecting the rights and privacy of all individuals.

Types of data processed - We DO NOT process any of our customers personal information nor do we keep email addresses for marketing purposes. We do however keep original copies of our customers service agreements and direct debit forms.

As part of an improved service to our customers we also offer domain, website & email hosting services as well as online backup.

Policy Statement - William Brook is committed to a policy of protecting the rights and privacy of individuals, especially customers who entrust us with managing their online backup and any other online services in accordance with the General Data Protection Regulation (GDPR) May 2018.

The new regulatory environment demands higher transparency and accountability in how we manage and use personal data. It also rightly accords new and stronger rights for individuals to understand and control that use.

The GDPR contains provisions that the company will need to be aware of as data controllers, including provisions intended to enhance the protection of the user's personal data.

Although we do not process any personal information directly the services we provide such as online backups couple potentially include personal information. With this in mind we must ensure that all the information is stored safely, securely and not disclosed to any third parties.

We are committed to being open and honest with all individuals whose data we process and we ensure that all staff who process data act consistently and openly in the processing of that data.

As part of our commitment to good data processing practice we undertake to notify the Information Commissioner of any data breach or potential data breach, even if it not strictly required by law.

Key risks - The key risks associated with William Brook's data processing activities lie in three areas and the company is committed to ensuring that these risks are minimised wherever possible. The areas of risk are:

Online backups - Online backups should only ever be stored in UK based data centers and backups take place with the highest level of encryption.

Website hosting - Websites should and will only ever be hosted on servers within the UK.

Hard copy storage - Hard copies of original service agreements and direct debit forms will always be kept in locked storage.

Security...

Security measures - William Brook undertakes to put appropriate technical and organisational measures in place against unauthorised or unlawful processing of personal data, and against accidental loss or destruction of data.

All members of staff are responsible for ensuring that any personal data which they hold is kept securely and not disclosed to any unauthorised third parties.

All electronic data is held in the cloud in the Microsoft Office 365 system and not on personal laptops or PCs. PC's / Laptops are still password protected and locked when not attended.

Online backup data is highly encrypted and stored in data centres in the UK so the only person with access is William Brook. Requests to gain access to all this information can be made to the contact details under right to access. If a full copy of the online backup is requested the additional hardware required (1 USB hard drive) should be paid for at the expense of the customer.

Domain & website hosting - Domain hosting (domain registration services) are done in the UK most likely by Elite click here for their GDPR policy. Website hosting is also done in the UK by 20i click here for their GDPR policy.

More information - You may wish to know more about your internal network and the security measure we take. If you ever do require this information please just send me a quick email and I will happily provide this to appropriate staff members.

Customer obligations - It is the obligation of the customer to make sure that every users PC, laptop, work phone, work tablet ETC are ALL password protected. If it is discovered any work device isn't properly protected but needs to be this can be arrange quickly via your normal channels of communication for IT support requests. Requests of this kind are likely not chargeable under your normal IT support service agreement.

Data encryption - It's at your own discretion if you think it's appropriate to have all of your data (laptops, PC's) encrypted. If you feel this is the best option for your business please contact via the normal IT support channels and you will be quoted accordingly.

Email safety - Although we take every step possible to prevent data theft / loss the biggest threat is still infection via rouge emails. Please take the time to ready my advice on email safety in the workplace & at home.

Right to access...

Responsibility - Data subjects, generally customers, have the right at any time to request access to the data held about them by William Brook. It is William Brook's responsibility to ensure that any requests for access are handled promptly and professionally.

Procedure for making requests - Any individual making a right to access request should do so in writing to:

William Brook
The Granary
1 Waverley Lane
Farnham
Surrey
GU98BB

William Brook will not make a charge for this service and will respond within 24 hours of the request being received.

Provision for verifying identity - An individual making a right to access request WILL be asked to verify their identity.

Transparency...

William Brook is committed to being wholly transparent and open in all our dealings with our IT support customers.

We commit to the following:

On request we will always let you know what data we hold.

On request provide a full restoration of the online backup we hold. (at the customers expense)

On request provide a full restoration of your website & database. (at the customers expense)

Prevent processing of information for the purpose of direct marketing.

Take action to rectify, block, erase or destroy inaccurate data.

Request that the Office of the Information Commissioner assess whether any provision of the Act has been contravened.

Lawful basis...

Underlying principle - William Brook (Farnham IT Support) processes data under the principle of contract. A hard copy of your up to date contract can be requested at any time using the information above (right to access).

Data is only processed in such a way that we are able to perform our daily tasks looking after our customers IT systems and making sure their data is secure and accessible in the event of a fire or major catastrophe.

There will be no marketing to the data subject and their data will not be shared with any third party.

Other resources...

Microsoft Office 365 GDPR Policy Information
Microsoft Office 365 Sending Encrypted Emails
Facebook GDPR Policy Information (Facebook pixel)
Twitter GDPR Policy Information (Twitter advertising)
Google Analytics Cookie Tracking Information
Facebook Pixel Cookie Tracking Information
Google GDPR Policy Information
Email Safety Guide All Users Should Read
ICO (Information Commissioner Office)
GDPR Report a Concern
GDPR Report a Breach
Infrascale (Online Backup) GDPR Commitment