PERSONAL INFORMATION WE COLLECT
When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information.”
We collect Device Information using the following technologies:
- “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
- “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- “Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Site.
Additionally, when you make a purchase or attempt to make a purchase through the Site, we collect certain information from you, including your name, billing address, shipping address, payment information (including credit card), email address, and phone number. We refer to this information as “Order Information.”
When you sign up to Direct Debit, we collect your bank account number and sort code. We refer to this as “Payment Details”.
We collect your personal details during preliminary contact to fulfil your initial enquiry, such as performing an audit or providing a quotation.
During an initial audit we are preparing to support your organisation and your users and to such end we obtain information of each of the adult users for automatic entry in our helpdesk system. This will be your full name and email address, and this will be used to log cases relating to you as a computer user and to provide you with automatic and manual notifications about the status of open and closed cases.
Upon signing a contract with D8A we require that you nominate one person to be the Company Supervisor and it will be required that this user allow us to store their email address and phone number and use it to make contact regarding the IT infrastructure of the contracted company. This user may request that we remove their data from our systems, but this must be immediately replaced by another user.
We also require an accounts contact to be nominated and their data will be used to liaise regarding accounting queries such as sending invoices and statements.
It is important that customers carefully consider our advice as often it can only be effective if taken as a whole.
During the use of services provided by D8A, personal Data may be automatically collected. This could be via LDAP integration, Service Requests by email, guest portal and via the D8A website. All methods will create a SysAid account for use in monitoring and processing requests.
We disable user data in our system when users are removed from your system. Data is not permanently removed as you and we have a legitimate interest in keeping records of communications and notes relating to past support cases.
HOW DO WE USE YOUR PERSONAL INFORMATION?
We use the Order Information that we collect generally to fulfil any orders placed through the Site (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations). Additionally, we use this Order Information to:
- Communicate with you;
- Screen our orders for potential risk or fraud; and
- When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns).
We share your Personal Information with third parties to help us use your Personal Information, as described above. For example, we use Shopify to power our online store. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
We also use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
We use GoCardless to handle direct debit payments. You can find their privacy statement here,
When we make a recommendation to use a specific service, such as Office 365, it is important that you understand how your data is held by the third-party organisations and that you liaise with them directly if you have any concerns about how they store and use your data.
Acronis GDPR resource (Backup Services) - https://www.acronis.com/en-gb/articles/gdpr-compliance
Proofpoint GDPR resource (Email Archiving) - https://www.proofpoint.com/uk/solutions/eu-gdpr-general-data-protection-regulation
Microsoft GDPR resource (Cloud Services and Software vendor) - https://www.microsoft.com/en-us/TrustCenter/Privacy/gdpr/default.aspx
Cloud2Me (Cloud Services and email hosting) - http://www.cloud2me.co.uk/
We do not permit these parties to use such information for any other purpose than to perform the services they have been instructed to provide by us.
We only use your personal information for direct marketing purposes if we can do this by law. We may use your information to notify you about changes to the functionality of services. Company Supervisors are sent mandatory notifications, such as service status messages and planned maintenance.
We may send you offers or information in which we think you may be interested. We may contact you by post or email. Company Supervisors are also initially set up to receive our newsletter and marketing emails which we believe to be relevant information for the user in the role of Company Supervisor. The newsletter and marketing emails can be unsubscribed, whereas the mandatory notifications cannot.
If at any time you decide you no longer want to be contacted by us or to receive offers and information from D8A you can click the unsubscribe link in the communication.
We also purchase data from a third party, Selectabase. They state the following: "Selectabase only provides data that can be processed for direct marketing purposes using legitimate interests as the legal basis. Business to business data for sole traders and true partnerships includes postal and telephone data, and B2B data for corporate entities includes email postal, and telephone data, screened against the Telephone Preference Service (TPS) and Corporate Telephone Preference Service (CTPS)."
You can read more from Selectabase here.
Marketing is a significant and important economic activity. D8A have a legitimate interest in seeking to address marketing to the most relevant audiences.
In all communications we ensure the that unsubscribe options are on all communications, and we ensure proper segmentation when delivering communications (e.g. to ensure the data subject would have a legitimate interest in the topic or content of any communication received).
Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
DO NOT TRACK
Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.
LEGAL BASIS FOR PROCESSING
The legal basis we use to process your personal data may differ for each processing activity.
The personal information that we collect is so that we can provide you with our Support services and products and is processed with your explicit consent.
We have a Legitimate Interest to automatically collect and process data for the purpose of processing support requests and the monitoring of network systems.
The personal information that we collect to fulfil individual employment contracts with our employees is processed under Legitimate Interest.
OUR COMMITMENT TO DATA SECURITY
To prevent unauthorised access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, organisational, and managerial procedures to safeguard and secure the information we collect.
If you are a European resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below.
Additionally, if you are a European resident, we note that we are processing your information in order to fulfil contracts we might have with you (for example if you make an order through the Site), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe, including to Canada and the United States.
When you place an order through the Site, we will maintain your Order Information for our records unless and until you ask us to delete this information.
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at firstname.lastname@example.org