This policy is not contractual and we may update it at any time and does not apply to AzteQ employees.
Under the EU’s General Data Protection Regulation (GDPR) personal data is defined as:
“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”. The only personal data that AzteQ Group Ltd holds are names, addresses and contact details.
Data Protection Principles
AzteQ comply with the principles relating to the processing of personal data set out in the GDPR which, in summary, state that personal data shall:
• Be processed fairly, lawfully and in a transparent manner
• Be collected for specific, explicit and legitimate purposes and not be processed in any manner which is incompatible with those purposes
• Be adequate, relevant and limited to what is necessary for that purpose
• be accurate and kept up to date where necessary, with every reasonable step being taken to ensure that personal data are accurate, having regard to the processing purpose, and are erased or rectified without undue delay;
• be kept in a form which permits identification of data subjects for no longer than is necessary for that purpose;
• be kept secure, safe from unauthorised access, accidental loss, damage or destruction; and
• be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction of damage, using appropriate technical or organisational measures.
Purposes of processing
This privacy notice tells you how we, AzteQ Group Ltd, will collect and use your personal data for the following reasons:
• As part of fulfilling a contract to you or an organisation with which you are affiliated by providing products and services, including but not limited to technical support and consultancy.
• We may also contact you as part of customer relationship management and to keep you updated on the products and services we offer.
• Internal Record Keeping.
• To respond to a query or request.
• Management of supplier related activities.
• From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone or mail. However, we will only do so if we have your previous consent.
It is not mandatory to provide us with your personal data. However, it may mean that we are unable to provide services or custom to yourselves if you object to do so.
What data will AzteQ store?
AzteQ may store various categories of data in order to provide its services. For customers, we may store contact, financial, contractual and hardware/network details. For suppliers and contractors, we will store contact, financial and contractual details. We may also store insurance details and specific certifications required to carry out work for AzteQ.
Legal basis for processing
AzteQ’s lawful basis for processing data is in most cases is contractual obligation and legitimate interest as we must store data on our customers and suppliers in order to deliver our services, including but not limited to remote professional services, on-site professional services and hardware supply. There are, however, instances where AzteQ’s legal basis for processing is based on consent, for example, we use consent before using any personal data for marketing activities.
Will AzteQ share my personal data with anyone else?
As a data controller, we may pass customer personal data on to third-party service providers contracted to AzteQ in the course of dealing with you. Our contracts with suppliers explicitly impose the obligation to maintain appropriate technical measures to protect personal data in line with legislation. All third parties have been assessed to ensure they follow information security measures that are the same or more comprehensive as our own. Our third-party providers will only use your data to fulfil the service they provide on our behalf. When they no longer need your data to fulfil this service, they will dispose of your details. If we wish to pass your sensitive personal data onto a third party we will only do so once we have obtained your consent, unless we are legally required to do otherwise. For a full list of third parties that we share your data with, please contact our DPO.
Will AzteQ transfer my data outside of the EEA?
AzteQ may transfer your data outside of the EEA, however, we will only do so when a border transfer agreement is in place. E.g. US Privacy Shield.
Additional steps AzteQ takes to protect your data
• Data is encrypted in transit and at rest
• Two factor authentication is used for all administrative systems
• All employees go through background verification and all employees are required to sign a non-disclose agreement and data protection policies.
• All AzteQ systems are updated regularly with Microsoft patches and definitions for Anti-Virus
• A major component of AzteQ’s information security program is user awareness and training to keep all employees up to date with security policies, procedures and leading practices. From annual mandatory training and testing to periodic topic-specific communications, AzteQ employees are armed with a foundation of security knowledge which is applied to daily tasks.
• AzteQ will provide all employees and users with information they need in order to carry out their responsibilities in an effective and efficient manner as possible. Access is granted through IT account request procedures, based on the principle of least privilege and access control lists, following AzteQ’s change management procedures and controls. Upon employee separation from AzteQ a defined leaver process if followed.
• AzteQ is working towards achieving ISO 27001 certification to assure data subjects that we have implemented, maintained and are continually improving on our information security management system.
How long will AzteQ store my data?
Once a customer leaves us, their contact data will be stored for one year and then removed. Ticket history will be retained but personal data will be redacted. Same with suppliers and contractors that we no longer use. Financial data is kept for the legally required length of time. For a full list of our data retention periods, please contact our DPO.
Under what circumstances will AzteQ contact me?
Our aim is not to be intrusive, and we undertake not to ask irrelevant or unnecessary questions. We will only contact you in relation to our service delivery, unless you consent otherwise. Moreover, the information you provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure.
AzteQ, at your request, can confirm what information we hold about you and how it is processed. If AzteQ does hold personal data about you, you can request the following:
• To request access to and rectification or erasure of your personal data.
• To restrict the processing of personal data
• To object to processing
• To object to direct marketing
• To data portability (Where applicable)
• To withdraw consent, where consent is used as a basis for processing, at any time
AzteQ does not use automated decision-making.
What forms of ID will I need to provide in order to access this?
AzteQ accepts the following forms of ID when information on your personal data is requested:
Passport, driving licence, birth certificate, utility bill (from last 3 months)
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
AzteQ attempts to meet the highest standard when processing personal data and take any complaints about this very seriously. We encourage people to bring this to our attention if they think our use of information is misleading, unfair or inappropriate. However, if you wish to make a complaint about the way we have processed your personal information, you can contact the ICO in their capacity at the statutory body which overseas data protection law. www.ico.org.uk/concerns.
Contact details of the Data Protection Officer:
Contact Name: Jo Holloway
Address: AzteQ Group Ltd, AzteQ House, Maxted Corner, Eaton Road, Hemel Hempstead, Herts, HP2 7RA
Telephone: 01442 244444