Privacy

PAAC IT Limited Privacy Notice

Our Privacy Notice outlines the information we collect about you, how we use, disclose and otherwise manage this information and the choices you have to restrict our usage of this information. In this Privacy Notice, “we” and “us” means PAAC IT Ltd, of First Floor, Bernay House, Lower Street, Haslemere, Surrey, GU27 2PE (our registered and trading address).

For the purposes of Data Protection Legislation:

  • Where we process any personal data in our own capacity, meaning that it has been provided to us in circumstances where we are to determine the purposes and means of the processing (for example, you give us your personal contact details), we will be the data controller.
  • Where we process personal data on your behalf as part of a contract we perform for you, we may process a wide variety of types of personal data relating to you and your employees, your customers and other data subjects. Where we do so we will be the data processor of that personal data.

You may interact with us in several different ways including via our website and support portal, our shop, our business representatives or our newsletters. You may be a residential customer who visits our shop or an enterprise customer (business, charity or local authority for example). Or you may be one of our employees or a prospective member of staff. This document covers the categories of personal information we collect through each of the ways you interact with us and the type of services you take from us.

Please click below to learn more about the topic that is of interest to you:

Information collected about our Customers

Why do we collect your personal information?

Information collected via our website

Our use of cookies and analytics

Making Contact via our website

Information collected via our business support portal

Information collected for our Email Newsletter

Information collected about our Customers where we are the Data Controller

Retention of Personal Information

Information collected about our Enterprise Clients where we are the Data Processor

Retention of Personal Information

Who we share your personal Information with

Information collected about Job Applicants, Current and Former Employees

Recruitment

Employment

Retention of staff personal information

Who we share our staff’s personal information with

Security of your Personal Information

Sale of our Business

Policy Changes

How to Contact Us about your personal information

Your rights

 

Information collected about our Customers

Why do we collect your personal information?

We collect information to help manage your interactions with us and to provide a quality service:

  • To deliver products and services you have ordered from us;
  • To manage the services we provide to you;
  • To charge you for the products and services you have ordered from us;
  • To be able to answer questions you may have now and in the future about the services we have provided to you;
  • To tell you about our products and services; and
  • To help us run and grow our business.

We are also required to keep some information about you for legal reasons.

We will not collect any personal information from you we do not need, and we do not sell your information to third parties.

Information collected via our website

You can visit our site (www.paac-it.com) without telling us who you are or providing us with any personal information. However, we may collect the I.P. (Internet protocol) addresses of all our website visitors and other related information to be used to improve our website. We use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone.

Our use of cookies and analytics

We use cookies and similar technologies to collect information about the pages you access or visit. Cookies are bits of information that are automatically stored on your computer, so we can recognise you when you return.  This enables us to understand your use of our website so that we can continue to improve and refine it for a better customer experience.  Cookies can be disabled via your browser; however, this may affect the quality of the features on our site.  The information collected through cookies may be combined with other identifiable personal information from our records and other sources. We may use this combined information for future marketing initiatives. To find our further information about cookies please visit a third-party information site, such as www.allaboutcookies.org.

We use a third party service, Google Analytics, on our website to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website

When you visit our website, you are presented with the option to “opt-in” to accept cookies. Our lawful basis for using cookies is your Consent via opting in.

Making Contact via our website

You may choose to raise a query with us via the contact forms provided on our website. In this case we will collect and store your name and email address. As an alternative method of contact you may click on one of the email addresses on our website. In this case the link will open your own email application and you will not need to save your information on our website.

Information collected via our business support portal

Our support portal enables our business contract customers to register and track service tickets with us. In the process of entering a ticket we collect your personal contact information, so we know who is raising the ticket and other information you provide. Your employer’s representatives will also be able to see the personal and related ticket information you register.

Information collected for our Email Newsletter

You may choose to subscribe to our email newsletter from our website. If you subscribe to our newsletter we use a “double opt-in” method to verify you are who you say you are. In order to send you the newsletter we will collect your name and email address and your preferences. We gather statistics around email opening and clicks using industry standard technologies.

Our lawful basis for holding this personal information is that you provide your Consent through opting in. You may withdraw your consent at any time by clicking the “unsubscribe” link contained in each newsletter.

Information recorded on telephone calls

We record our inbound and outbound telephone calls to enable use to confirm the information you provide and deliver a better service. Call recordings are saved by our telephone provider, 8×8, and stored in UK data centres for a period of 30 days and then automatically deleted. Our lawful basis for processing call recordings is our legitimate interest.

Information collected about our Customers where we are the Data Controller

When you purchase a product or service from us, we will collect the personal information required to perform the service. This information may include your name, billing and installation addresses, email address, phone number, payment method and other location information required to perform the service.

We may retain this information to assist you in the future. Many customers encourage us to keep records of their previous purchases and personal information in order for us to provide an easier service on subsequent visits. If you do not wish us to retain your personal information, please let us know at the time of purchase.

Our lawful basis for collecting this information is that we have a Legitimate Interest to enable us to provide products and services to you.

Retention of Personal Information

We only keep your personal information as long as necessary for the purposes we collected it, or as otherwise required by law.

Information collected about our Enterprise Clients where we are the Data Processor

When we are retained to provide services such as managed IT services, email or hosting, we will be acting as a Data Processor in terms of the Data Protection regulations. In these cases our processing of Personal data will be subject to a Data Processor Agreement between ourselves and our client.

Retention of Personal Information

We only keep your personal information as long as specified in the Data Processing Agreement, or as otherwise required by law.

Who we share your personal Information with

We use a number of service providers to assist us deliver products and services to you and share necessary portions of your personal information with them:

  • Our website is hosted by LCN.com Ltd. Their servers are in the UK and service is in line with the DPA 2018;
  • Our email newsletter provider, Mailchimp, holds the personal information you provide that enables us to send you newsletters. The information is only used for email newsletter subscriptions and no other purpose. The provider hosts your information outside of the EU but is an organisation that complies with the EU’s data privacy regulations;
  • Our accounting system, Quickbooks, holds your personal information related to invoices and payments. If you are a staff member, the same system holds information about your pay, tax and pensions. The provider hosts your information outside of the EU but is an organisation that complies with the EU’s data privacy regulations;
  • For Enterprise Customers we hold personal information about you on:
    • our CRM and service management system, Datto PSA (previously Autotask PSA). Your personal information is stored in the UK;
    • Dropbox. Your personal information may be stored outside of the EU, but in compliance with the Privacy Shield Agreement.
    • Microsoft Sharepoint. Your personal information may be stored outside of the EU, but in compliance with the Privacy Shield Agreement.
  • We use third party service providers to provide some services such as Microsoft 365, ESET security software, Datto backup and others. Depending on the service these providers may also hold personal information about your staff. Some of these providers host your information outside of the EU but are organisations that comply with the EU’s data privacy regulations.
  • We procure Microsoft services and other cloud services through AppRiver. They are compliant with the Data Protection Act 2018.

All of our service providers are required to maintain the confidentiality and security of your personal information and to use it only in compliance with applicable privacy laws. These companies are not authorised to use your information in any manner, other than in helping us to provide you with products and services or as otherwise required by applicable law.

We may also disclose specific personal information about you if required by law, governmental request or court order if, based on our good faith belief, it is necessary to conform or comply with such law, request or court order.

Information collected about Job Applicants, Current and Former Employees

Recruitment

All of the information you provide during the recruitment process will only be used for the purpose of progressing your application and we will not share any of the information you provide during the recruitment process with any third parties.  The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.

We will use the contact details you provide to us to contact you to progress your application. We will also ask you about your previous experience, education, referees and for answers to questions relevant to the role you have applied for.  We will use the information you provide to assess your suitability for the role you have applied for. 

If you are unsuccessful following assessment for the position you have applied for, we may ask if you would like your details to be retained for up to a period of six months.

Employment

If we make a conditional offer of employment we will ask you for information so that we can carry out pre-employment checks. We need to confirm the identity of our staff, their right to work in the United Kingdom and seek assurance as to their trustworthiness, integrity and reliability.

You will therefore be required to provide proof of your identity and proof of your qualifications. We will contact your referees, using the details you provide in your application, directly to obtain references.

If we make a final offer, we will also ask you for the following:

  • Bank details – to process salary payments;
  • National Insurance number and tax codes for use with HMRC; and
  • Emergency contact details – so we know who to contact in case you have an emergency at work.

During your employment with us we will collect and store information in your personnel file such as performance reviews and leave records.

Retention of staff personal information

If you become a member of staff the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment plus 1 year following the end of your employment.

We are required by law to keep information relevant to HMRC for a period of 6 years following the end of your employment.

If you are unsuccessful at any stage of the process, the information you have provided until that point, and our interview notes will be retained for 6 months from your application.

Who we share our staff’s personal information with

We share our staff’s personal information with our accountant for preparing payroll, with HMRC and with our pensions provider. We may also disclose specific personal information about you if required by law, governmental request or court order if, based on our good faith belief, it is necessary to conform or comply with such law, request or court order.

Security of your Personal Information

We maintain reasonable administrative, technical and physical safeguards in an effort to protect against the loss, theft, unauthorised access, use, modification and disclosure of personal information in our custody and control. We only provide access to personal information to employees and authorised service providers who require such information for the purposes described in this Privacy Notice.

To provide you with an increased level of security, online access to certain personal information may be protected with a password you select. We strongly recommend that you do not disclose your password to anyone. We will never ask you for your password in any unsolicited communication.

Sale of our Business

In the event of a merger or transfer of our business to a new owner we may transfer or share information we have about you to a third-party acquirer.

Policy Changes

We may periodically update this Privacy Policy for new, unanticipated uses not previously disclosed. Any changes made will be posted here. We will treat your personal information in accordance with the Privacy Policy in place at the time your information was collected.

This policy was last updated in June 2018.

How to Contact Us about your personal information

Please do contact us with any questions or concerns about our Privacy Policy.

If you wish to access or update the personal information we have about you, or to correct factual errors in our records, please email us or write to us at the addresses below. To protect your privacy, we will take reasonable steps to help verify your identity before granting access or making corrections.

Data Protect, PAAC IT Ltd, Parallel House, 32 London Road, Guildford, Surrey, GU1 2AB

Email: info@paac-it.com  /  Telephone: 01428 770 290

 Your rights

You can request a copy of the personal information we hold on you at any time.  If you believe the information we process on you is incorrect you can request to see this information, and have it corrected or deleted. If we are providing a service to you under contract, then it may not be possible to delete your information.  We may also be required to retain some parts of your personal information for legal reasons – such as invoice and payment records. Please make such an access request in writing. There will be no charge for reasonable requests for information and we will respond within 30 days. If it will take longer than 30 days to meet your request, we will advise you accordingly.

If you wish to raise a request regarding your personal information or to register a complaint on how we have handled your personal data, please contact us at info@paac-it.co.uk.

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s  Office at  https://ico.org.uk/