Privacy notice and Cookies
Last updated 24/05/18
1 - GCI Networks Solutions Limited – Privacy Notice
At GCI Network Solutions Limited, we’re committed to protecting and respecting your privacy at all times.
This statement provides an outline of when and why we collect personal information, how we use it and the conditions under which we may disclose it to third parties.
If you have any questions regarding this statement or our privacy practices in general, please email us at firstname.lastname@example.org
1.1 - What is personal data?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed in the European Union by the General Data Protection Regulation 2016/679 (the “GDPR”), by the Data Protection Act 2018 (“DPA”) in the United Kingdom and also by the Privacy and Electronic Communications (EC Directive) Regulations 2002.
1.2 - Who are we?
GCI Network Solutions Limited and the GCI group of companies, hereafter referred to as “GCI”, is the data controller (contact details below). This means we decide how your personal data is processed and for what purposes.
GCI Network Solutions Limited
2 Crofton Close
1.3 - Contact details of the DPO
The DPO can be contacted by emailing email@example.com
1.4 - What personal data to we collect and process about you?
We collect and process a range of information about you. This includes:
- your name and contact details, including email address and telephone number;
- your IP address, operating system and browser type;
- your traffic data, location data, weblogs and other communication data, the resources that you access;
- details of any contact including a record of the correspondence;
GCI collects this information in a variety of ways. For example, data is collected through online forms, from correspondence with you, through subscription to our newsletters & through event registrations.
In some cases, we collect personal data about you from third parties, such as analytics providers, lead generation companies, partners and event organisers.
1.5 – How do we process your personal data?
GCI complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.We use your personal data for the following purposes: –
- To operate the GCI website and deliver the services that individuals have requested;
- To undertake profiling to enable us to improve the customer experience & tailor what information we provide;
- To carry out our obligations arising from any contracts entered into between you and us;
- To inform individuals about GCI products & services which we believe may be of legitimate interest to you;
- To inform individuals of news, events, activities or services running throughout the year;
- To contact individuals via surveys to conduct research about their opinions of current services or of potential new services that may be offered;
- To carry out our obligations arising from any contracts entered into between you and us.
- To notify you about changes to our service;
- If you are a customer, supplier, employee, contractor or users of our services, then we may use your personal data for other purposes that are described in other privacy notices available on the GCI website.
1.6 - Our legal basis for processing
Processing is necessary for the legitimate interests of GCI. GCI has completed a Legitimate Interests Assessment and considered whether or not those interests are overridden by the rights and freedoms of the individuals and has concluded that they are not.
Our legitimate interests for our processing is for the marketing and sales of our products and services. The processing is necessary for the purposes described above and we take steps to minimise the impact on your privacy rights by endeavouring to contact only those individuals in IT-based job roles, with information around IT-based services, solutions, events and information. We also offer you the right to object to or opt-out from our communications and processing activities at any time.
1.7 - Automated decision making & profiling
No automated decision making is undertaken by GCI or the third parties in which data is shared. Profiling is undertaken through the use of analytics in pursuance of our legitimate interests and as outlined in section 1.5.
1.8 - Cookies
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.
The cookies we use are “analytical” cookies. They allow us to recognise and count the number of visitors and to see how visitors move around the site when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
1.9 - Categories of recipients
Your personal data will be treated as strictly confidential and will only be shared with the recipients detailed below for the purpose stated.
- Companies within the GCI Group – to support overall provision of our products and services;
- Perspective businesses or asset sellers/buyers – commercial due diligence (under confidentiality agreement)
- Online advertising providers – to keep you updated on our products & services;
- Marketing communication facilitators – to keep you updated on our products & services;
- Website engagement companies (e.g. live chat) – to help us to assist you and respond to your queries;
- Analytics providers – to help us improve your online experience;
- Third parties for joint promotions with that party – to help us organise events
- Fraud prevention agencies – to prevent fraud;
- Alternative dispute resolution – for complaint escalation;
- Law enforcement agencies, government bodies, regulatory organisations, courts or other public authorities – where required by law.
1.10 - Non-EU Transfer & Safeguards for International transfers
Your data may be transferred to countries outside the European Economic Area (EEA) in instances where our or our partner’s servers used for storing personal data are based outside of the EEA.
If you use GCI services whilst you are outside of the EEA, your data may be transferred outside the EEA in order for us to provide you with those services.
Data will only be transferred outside of the EEA only where a declaration of adequacy and Data Protection Agreement is in place. If the country in which the data is to be transferred to is not considered to have laws that are equivalent or superior to EU data protection standards, then we will request the third party to enter into a legal agreement that reflects those standards.
1.11 - Data retention period & criteria used to determine that period
We keep your personal data for no longer than is reasonably necessary to allow sufficient time to keep you abreast of developments in our products and services in line with our defined legitimate interests. This is determined through assessment by the GCI DPO.
We delete personal data upon receipt of an opt-out request or two years after the last communication we receive from you.
1.12 - Rights to request access to the data, object, restrict processing, rectification, erasure & portability
Under the GDPR, you have the ability to exercise via the GCI DPO the following rights with respect to your personal data:
- The right to request a copy of your personal data which GCI holds about you;
- The right to request that GCI corrects any personal data if it is found to be inaccurate or out of date;
- The right to request your personal data is erased where it is no longer necessary for GCI to retain such data;
- The right where applicable to request, that GCI provide you with a copy of your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability);
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- The right where applicable to object to the processing of personal data;
- The right to lodge a complaint with your local supervisory authority.
1.13 - Right to withdraw consent at any time
We do not rely on consent for our processing activities but instead on our legitimate interests, we therefore cannot offer the right to withdraw consent. However, you do have the right to object to or opt-out from our processing activities.
1.14 – Further processing
If we wish to use your personal data for a new purpose that is not covered by this Privacy Notice and is incompatible with the purposes described in this Notice, then we will provide you with a new Notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
1.15 – Right to lodge a complaint with ICO
To exercise all relevant rights, or for queries, please in the first instance contact GCI on the contact details provided above.
Should you have a concern about our information rights practices, you have the right to complain directly to our supervisory authority the ICO.
Their address and contact details are as follows:
Information Commissioners Office
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number
Alternatively, you can email them via the following link: https://ico.org.uk/global/contact-us/email/
If you are not in the UK, you may contact the equivalent supervisory authority in your country. (Contact details for data protection authorities in the European Economic Area, Switzerland and certain non-European countries (including the US and Canada) are available here.)
1.16 - Updates to this Notice
We may update this Notice from time to time in response to changing legal, technical or business developments.
When we update our Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Notice changes if and where this is required by applicable data protection laws.
You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice.