Privacy Policy
Priority One IT Ltd incorporated and registered in England and Wales with company number 06452722 whose registered office is at 18 Crucifix Lane, London, England, SE1 3JW.
In this Privacy Policy when we refer to “Priority One IT” or “we”, “us” or “our”, we mean Priority One IT Ltd which provides you with IT Support Services, Cyber Security Services, GDPR and other Cloud services as more described in more detail on our Website.
Priority One IT is committed to protecting the privacy of individuals who use our services or even if you are just visiting our website.
If you would like to know more about how we process your personal information, please contact us by one of the following means:
Phone: 0203 151 6000
Email: [email protected]
Introduction
This Privacy Notice gives you information about how we process personal information we come into contact with, via the delivery of a service or via submission to us by you. This notice is relevant to our customers only and does not cover our responsibilities as an employer.
Any Personal Information we collect through the delivery of services will be processed in accord with your instructions within contract and where applicable in line with our non-disclosure agreement with you.
If you do not agree for the processing of personal information in line with this Privacy Policy, then you should not sign up for any service that Priority One IT provide.
Changes to our Privacy Policy
From time to time we may amend this privacy policy to fall in line with changes to legislation, including from not limited to the General Data Protection Regulation 2016, Privacy and Electronic Communication Regulation 2003 and the Data Protection Bill 2017 – 2019.
Amendments to this policy will be shown on our website.
Personal data
‘Personal data’ is defined in law as any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
This may include but will not be limited to, name(s), email address, telephone number, your client’s data, your employee data.
We do not collect or amass personal data outside the delivery of a contract or the purposes of employment, nor do use said information for anything other than delivering the service that you signed up for.
What information do we process?
Priority One IT processes information pertaining to the delivery of a service under contract, for each type of service this may include:
IT support
For the provisioning of helpdesk services we will gather and use your staff names, your staff email addresses and your staff contact numbers.
Cloud services / Hosting
Where Priority One IT provide you with hosting and/or services, platforms such as Email, Citrix, Hosted Storage, Virtual Machines, Website Hosting, Remote Desktop we have no control over the data you upload to these services; therefore any processing that occurs as a result of the delivery of services is a legitimate interest for Priority One IT.
Any data that you upload, deemed to contain personally identifiable information or sensitive categories of data must be uploaded in accordance with current EU/UK law; for the avoidance of doubt this means that you must establish your own legal basis to process as a controller in line with The General Data Protection Regulation.
Priority One IT will not further process any information you upload to systems we maintain and govern except where we have a legitimate interest to process that overrides the rights and freedoms of others or where we have a legal obligation to do so.
We do also collect information about the devices that you may use but not necessarily own. This will include information such as make, model and software installed.
Cybersecurity
Where Priority One IT conduct Cybersecurity work for you, we may have access to several categories of sensitive information including but not limited to personal addresses, mobile phone numbers, health, bank details, passwords, national insurance ID etc.
These items may be collected as a result of in depth analysis of resources available online; namely the dark web or in locations detailing compromised records.
We also may have records pertaining to the number of times you have logged into a service that you have used, how you logged in, your geographic location and the device used. This information in itself cannot identify you, however it can be used to identify trends pertaining to you and the use of our services.
Client feedback
We may from time to time post our client feedback on our website, this may include details such as your name and company. If you would like this removed please contact us at [email protected]
Social media
We use social media to keep you informed about our products and services and also about news that may be of interest to you. We use Linked In and Twitter social media services to achieve this, if you do not wish to receive this information you may unsubscribe from the feed on the relevant social media platform.
How do we use the information we collect / process about you?
The information that we collect and process about you or on your behalf is used for the following:
- The provisioning of Priority One IT services.
- To bill you for those services.
- To perform credit checks on you or your company.
Data retention
The length of time we retain your data will depend on the purpose for which we process it.
We will retain your information for as long as you are contracted to receive a services from Priority One IT.
We may retain some of your data in server logs and backups of associated systems for a period of up to 7 years beyond the cessation of contracted services to comply with legal obligations such as regulation or for legal defence.
Other retention periods will be defined by yourself within contract.
3rd party sharing
We will never sell or pass on your details to others for marketing or advertising purposes. It may be necessary to provide your information onto a 3rd party for the delivery of a service that you have requested but we will always ensure that the appropriate safeguards are in place to protect your information prior to transferring.
Priority One IT may share your information with parties on our authorised vendors list, our consultants, our staff or providers of services for which you are seeking. Additionally these parties may disclose your information to others for the delivery of the service you have requested; please ensure you have familiarised yourself with their terms and conditions and / or their privacy notices.
If you would like a copy of our authorised vendors list please contact us at [email protected], please note that we will only disclose our vendors list to those that we process data regarding.
Where we believe there is a need to investigate, prevent or report illegal activities, suspected fraud, issues pertaining to threats to the physical safety of any person we may pass your information onto other 3rd parties including but not limited to The Metropolitan Police, City Of London Police, City Of Manchester Police, Serious Fraud Office, Information Commissioners Office or the Health and Safety Executive.
Where your data is transmitted internationally, outside of the EEA, we shall ensure that enforceable binding contracts are in place in the absence of a suitable data protection legislation. We will not conduct business where there is neither an enforceable contract nor a suitable data protection legislation.
Security
Priority One IT utilises technical controls such as intrusion prevention and detection systems, anti-virus, firewalls, encryption, internet usage monitoring and role based access to help protect your information from loss, destruction, misuse, unauthorised access or disclosure as part of our Cyber Essentials certification.
In addition, we utilise organisational controls such as policies and procedures as part of our ISO 27001 to govern the technical controls.
These two sets of controls combined together ensures that your data is held securely and safely and is only available to you and those you provide access to.
Other sites
Our website may contain links to other sites that are not controlled by us; therefore we are not responsible for the content or use of these services, whereas we always strive to vet our vendors and those we are associated with in a service provider capacity the use of services outside our control is at your own risk.
Child data
We do not knowingly process any information from anyone under 16 years of age. All services are aimed at those aged 18 and over, however if you are a client of ours that uses our hosting services you may upload data pertaining to children to our platform.
In this scenario it is your responsibility as the controller of data to notify us so that we can ensure you have the appropriate technical controls in place to safeguard the confidentiality, integrity and availability of this data.
Updating your personal information
If you receive a service from Priority One IT, you can modify your personal information by sending us a request to [email protected] with the subject ‘Right to Rectification’. A member of staff will then respond to your request in due course.
GDPR rights
You have many rights under the GDPR, they are defined as below:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
If you are an existing client of ours please contact your data controller who will then assist you in exercising your rights with us as a processor.
If you are a former employee or had another relationship with Priority One IT and you would like to exercise your rights please contact us at [email protected]
Contact us
We are committed to providing excellent service, however if you have a complaint about your privacy or the use of your personal data and you are an existing customer of ours, please initially contact your line manager so that they may contact our account management team.
Alternatively if you are not a client then please contact us and ask to speak with the Data Protection Officer. We may be contacted in writing at Priority One IT, 18 Crucifix Lane, London, England, SE1 3JW. By phone on 0203 151 6000 or via email at [email protected]