OCTREE Privacy Notice
OCTREE values the personal information you provide to us and we wouldn’t want to use it in a way that you won’t expect. This Privacy Notice explains how we protect your privacy and how you can control how we use your personal information. If you want to change the way in which we use your data or if you have a question about how your personal information is used please contact us using the methods below:
Phone: +44 (0) 1462 416400
Postal address: The Lloyds Building, Birds Hill, Letchworth, Hertfordshire SG6 1JE
The information you provide to us
When you provide your information to us directly via our website, by email, by social media, over the phone or face to face we only ask you to supply information that we need in order to provide the service you have requested. We will normally ask you to provide us with:
- Your name
- Your contact details
However, if you do business with us we may also ask for further information about you or your company including finance details.
You may also provide your information to us via another website for example a Facebook Group or Linkedin.
Information provided to us by other companies
Occasionally we may contact you using personal data provided to us by other companies. We take careful steps to ensure that they have permission from you to allow us to do this. If you feel this is incorrect please let us know.
Information provided to us via cookies
How we use your data
We use your personal information in a number of ways to:
- provide you with the service or information you’ve requested
- enable you to take part in our online assessments and surveys
- keep you informed and updated on relevant products you may be interested in
- improve our website and the range of services and products we provide
- provide you with useful information about data news, events and conferences
- administer your account
- assist our clients with data processing services
For the avoidance of doubt, we do not store credit card details and only share payment details with our financial partner Paypal.
Who we share your data with
We do not share or sell your data to any other company without your prior consent other than those processors we use for our business operations who process your data under our control:
- Microsoft Dynamics365 for our sales operations
- Mailchimp for our email marketing campaigns
- Microsoft UK who provide our office & email system hosting
- Google.com who provide website tracking and statistical services
- Continuum who provide our managed IT services platform
- Zendesk for our helpdesk services platform
In most cases the servers where your personal data is stored and processed are located in the European Economic Area. Where stored outside the EEA the partners detailed above have all met the necessary GDPR compliance mandates.
Under some circumstances we may be required to disclose or share your information without your consent, for example if we are required to by the police, the courts or for other legal reasons.
Your rights under GDPR law
As a data subject you have the following rights:
- Right to information.- you may request in writing to be informed whether we are keeping data relating to you.
- Right to access.- you can request in writing a copy of any data we hold about you.
- Right to rectification - if you believe any data we hold in incorrect you can request it be rectified.
- Right to withdraw consent - you can withdraw consent at any time if you wish to stop us procesing your data for a particular or all purposes
- Right to object - you can request the cessation of the processing of your data which is causing or likely to cause substantial damage or distress to you or to another person, and the damage or distress is or would be unwarranted.
- Right to object to automated processing
- Right to be forgotten - you have the right to have your personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances.
- Right for data portability - you can obtain and reuse your personal data for your own purposes across different services.
How we keep your company information safe
We take our obligations to keep your business data safe and secure very seriously. We have applied a strict security framework as defined by the Centre for Internet Security (CIS) Controls.
Within OCTREE, access to your company information is strictly controlled on a ‘need to know’ basis. Staff members are only allowed access to your company data if they have been sufficiently trained in data handling, and access is required to perform our contractual Managed Service duties in accordance with our Service Level Agreement. We have specific technical controls in place to restrict access and these are monitored regularly.
Any company information, including network, user and access details, is encrypted at source before being stored in our cloud service provided by Microsoft OneDrive, which is also secured by two factor authentication (2FA).
How long we keep your personal information
We keep your personal information in line with our data retention policy. This means that we will remove data which we have collected directly from you from our systems if we haven’t had any direct contact with you for more than 36 months (this period typifies the maximum length of time that a contract could be in negotiation with us).
For data provided to us by our clients, we are governed by their data retention rules as specified in their privacy notices.
In certain circumstances, we have a statutory obligation to keep your personal information for a set period of time for example financial information (normally 6-7 years) for financial auditing purposes.
Company information, including network, user and access details, are removed as and when our SLAs expire and are not renewed.
How to keep your personal information up-to-date
It’s important for both you and us that your personal information is correct. If you believe this not to be the case then please e-mail the amended details to firstname.lastname@example.org and we will contact you to verify your identity.
How you can find out about the information we hold about you
You have the right to request a copy of the information that we hold about you.
If you would like a copy of some or all of your personal information, please email or write to us using the contact details in this policy.
We will get in contact to verify your identity and If we do hold information about you we will:
- give you a description of it
- tell you why we are holding it
- tell you who it could be shared with
- let you have a concise and clear copy of the information
Our legal basis for processing your personal information
Much of our processing will be under the basis of “contractual obligation” in other words we need and use your personal information for providing the services you have contracted with us to provide.
However, when we are communicating with you regarding products and services you may be interested in receiving from us in the future our basis for processing is our legitimate interest as we are communicating with you in the context of your corporate activity and identity and not in relation to your private life.
Asking us to suppress or remove your personal information
Should you wish to not receive information from us in future then you can quickly action this by clicking the unsubscribe link you will find on our marketing e-mails or by sending your details to email@example.com and we will quickly suppress your data.
Should you further wish for us to remove your information entirely (and assuming we have no other obligation to keep it) then please let us know and we will do this – but we would encourage you to let us use it for suppression purposes only.
What to do if you have a complaint
If you have a complaint please contact our Data Protection Officer at firstname.lastname@example.org who will deal with your request promptly.
If you are still not satisfied with the way your complaint was handled, you can refer your complaint to UK Information Commissioner’s Office. https://ico.org.uk/concerns/
Links to other websites
We link our website directly to other sites. This privacy notice does not cover the links within our site linking to other websites and organisations. We encourage you to read the privacy statements on the other websites you visit.
Sale of business
Should OCTREE be sold or integrated with another business your details may be disclosed to our advisers and any prospective purchasers' advisers and will be passed on to the new owners of the business. We will notify you should this occur and you will have the opportunity to request suppression or deletion at that time.
Changes to this privacy notice
We keep our privacy notice under regular review. This privacy notice was last updated on 6/07/2020
The Legal Stuff about OCTREE
- We are Octree Limited
- Our company registration number is 6773278
- Our office is registered at 28 - 31 The Stables, Wrest Park, Silsoe, Bedfordshire MK45 4HR
- Our VAT number is GB 979 802 462
OCTREE values the personal information you provide to us and we wouldn’t want to use it in a way that you won’t expect.
This Privacy Notice explains how we protect your privacy and how you can control how we use your personal information.
To find out more about how we can resolve your IT issues please email or call us:Send us an email Call us +44 (0)1462 416400