OCTREE values the personal information you provide to us and we wouldn’t want to use it in a way that you won’t expect. This Privacy Notice explains how we protect your privacy and how you can control how we use your personal information. If you want to change the way in which we use your data or if you have a question about how your personal information is used please contact us using the methods below:
Phone: +44 (0) 1462 416400
Postal address: The Lloyds Building, Birds Hill, Letchworth, Hertfordshire SG6 1JE
When you provide your information to us directly via our website, by email, by social media, over the phone or face to face we only ask you to supply information that we need in order to provide the service you have requested. We will normally ask you to provide us with:
However, if you do business with us we may also ask for further information about you or your company including finance details.
You may also provide your information to us via another website for example a Facebook Group or Linkedin.
Occasionally we may contact you using personal data provided to us by other companies. We take careful steps to ensure that they have permission from you to allow us to do this. If you feel this is incorrect please let us know.
We use your personal information in a number of ways to:
For the avoidance of doubt, we do not store credit card details and only share payment details with our financial partner Paypal.
We do not share or sell your data to any other company without your prior consent other than those processors we use for our business operations who process your data under our control:
In most cases the servers where your personal data is stored and processed are located in the European Economic Area. Where stored outside the EEA the partners detailed above have all met the necessary GDPR compliance mandates.
Under some circumstances we may be required to disclose or share your information without your consent, for example if we are required to by the police, the courts or for other legal reasons.
We take our obligations to keep your personal data safe and secure very seriously. We have applied a strict security framework as defined by the Centre for Internet Security (CIS) Controls.
Within OCTREE, access to your personal information is strictly controlled on a ‘need to know’ basis. Staff members are only allowed access to your personal data if they have been sufficiently trained in data handling. We have specific technical controls in place to restrict access and these are monitored regularly.
We take our obligations to keep your business data safe and secure very seriously. We have applied a strict security framework as defined by the Centre for Internet Security (CIS) Controls.
Within OCTREE, access to your company information is strictly controlled on a ‘need to know’ basis. Staff members are only allowed access to your company data if they have been sufficiently trained in data handling, and access is required to perform our contractual Managed Service duties in accordance with our Service Level Agreement. We have specific technical controls in place to restrict access and these are monitored regularly.
Any company information, including network, user and access details, is encrypted at source before being stored in our cloud service provided by Microsoft OneDrive, which is also secured by two factor authentication (2FA).
We keep your personal information in line with our data retention policy. This means that we will remove data which we have collected directly from you from our systems if we haven’t had any direct contact with you for more than 36 months (this period typifies the maximum length of time that a contract could be in negotiation with us).
For data provided to us by our clients, we are governed by their data retention rules as specified in their privacy notices.
In certain circumstances, we have a statutory obligation to keep your personal information for a set period of time for example financial information (normally 6-7 years) for financial auditing purposes.
Company information, including network, user and access details, are removed as and when our SLAs expire and are not renewed.
It’s important for both you and us that your personal information is correct. If you believe this not to be the case then please e-mail the amended details to firstname.lastname@example.org and we will contact you to verify your identity.
You have the right to request a copy of the information that we hold about you.
If you would like a copy of some or all of your personal information, please email or write to us using the contact details in this policy.
We will get in contact to verify your identity and If we do hold information about you we will:
Much of our processing will be under the basis of “contractual obligation” in other words we need and use your personal information for providing the services you have contracted with us to provide.
However, when we are communicating with you regarding products and services you may be interested in receiving from us in the future our basis for processing is our legitimate interest as we are communicating with you in the context of your corporate activity and identity and not in relation to your private life.
Should you wish to not receive information from us in future then you can quickly action this by clicking the unsubscribe link you will find on our marketing e-mails or by sending your details to email@example.com and we will quickly suppress your data.
Should you further wish for us to remove your information entirely (and assuming we have no other obligation to keep it) then please let us know and we will do this – but we would encourage you to let us use it for suppression purposes only.
If you have a complaint please contact our Data Protection Officer at firstname.lastname@example.org who will deal with your request promptly.
If you are still not satisfied with the way your complaint was handled, you can refer your complaint to UK Information Commissioner’s Office. https://ico.org.uk/concerns/
We link our website directly to other sites. This privacy notice does not cover the links within our site linking to other websites and organisations. We encourage you to read the privacy statements on the other websites you visit.
Should OCTREE be sold or integrated with another business your details may be disclosed to our advisers and any prospective purchasers' advisers and will be passed on to the new owners of the business. We will notify you should this occur and you will have the opportunity to request suppression or deletion at that time.
We keep our privacy notice under regular review. This privacy notice was last updated on 11/05/2018
We are Octree Limited.
Our company registration number is 6773278.
Our office is registered at 28 - 31 The Stables, Wrest Park, Silsoe, Bedfordshire MK45 4HR
Our VAT number is GB 979 802 462.