Last updated 6 November 2018
First updated 21 May 2018
Stephens IT Solutions Limited (“we” or “us” or “our”) are committed to protecting and respecting your privacy.
- we acting as a Data Controller, collect any personal data from you; and
- you provide any personal data to us as a Data Processor; and
- we will process personal data.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting us at www.stephens-it.com you are accepting and consenting to the practices described in this policy.
For the purpose of the Data Protection Act 1998 (the “Act”) and the Regulation (EU) 2016/679 (General Data Protection Regulation) (“GDPR”), the data controller is HR@stephens-it.com
Our nominated representative for the purposes of the Act and GDPR is our Data Protection Officer, who can be contacted on HR@stephens-it.com
2. Information we collect from you
We will collect and process the following data about you:
2.1 Information you give us
This is information about you that you give us by filling in forms on our Website www.stephens-it.com (“our Website”) or by corresponding with us by phone, e-mail or otherwise. It includes (without limitation) information you provide when you register to use our Website, subscribe to our service, search for a product, place an order on our Website, participate in discussion boards or other social media functions on our Website, enter a competition, promotion or survey, and when you report a problem with our Website. The information you give us may include (without limitation) your name, address, e-mail address and phone number, financial and credit card information, personal description and photograph.
2.2 Information we collect about you
With regards to each of your visits to our Website we may automatically collect the following information:
- technical information, including the Internet Protocol (“IP”) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- information about your visit, including the full Uniform Resource Locators, clickstream to, through and from our Website (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number.
2.3 Information we receive from other sources
This is information we receive about you from a third party, Data Controller with whom we are contracted to provide a service them.
It may also include information that we receive from other third parties (who are Data Controllers in their own right) including, for example, business partners, sub-contractors, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies.
2.4 Types of information we may collect and or process
The personal information we collect might include your name, address, email address, IP address, and information regarding the web pages accessed and when it was accessed. If you contact us to register a service request, the information collected may include your name, your organisation, your office address, email address, IP address, and information regarding your service requirement.
4. Uses made of the information
We use information held about you in the following ways:
4.1 Information you give to us
We will use this information:
- to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
- if you explicitly request us to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
- if you explicitly agree that we provide you, or permit selected third parties to provide you, with information about goods or services we feel may be of interest to you;
- if you explicitly request us to notify you about changes to our service;
- to ensure that content from our Website is presented in the most effective manner for you and for your computer;
- to comply with your rights under both the Act and GDPR.
4.2 Information we collect about you
We will use this information:
- to administer our Website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve our Website to ensure that content is presented in the most effective manner for you and for your computer;
- to allow you to participate in the interactive features of our service, when you choose to do so;
- as part of our efforts to keep our Website safe and secure;
- to measure or understand the effectiveness of the advertising we direct to you and others, and to deliver relevant advertising to you;
- to make suggestions and recommendations to you and other users of our Website about goods or services that may interest you or them;
- keeping relevant records of our customers;
- to update our product offering.
Where we have received your explicit permission, we may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address(es) which you have provided. If you wish to unsubscribe to this service, please email email@example.com
4.3 Information we receive from other sources
We will usually combine this information with information you give to us and information we collect about you. We will usually use this information and the combined information for the purposes set out above (depending on the types of information we receive).
4.4 How long is your information retained?
To ensure that personal data is kept for no longer than necessary, we have put in place an Archiving Policy for each area in which personal data is processed and will review this process annually.
The archiving policy shall consider what data should/must be retained, for how long, and why. Where consent is relied upon as a lawful basis for processing data, evidence of explicit opt-in consent shall be kept with the personal data and retained in accordance with the requirements of relevant UK Legislation and Regulation, which could for example be:
- Investigatory Powers Act 2016
- Companies Act 1985
- Taxes Management Act 1970
- Finance Act 1998
- Sex Discrimination Act 1975
- Race Relations Act 1976
- Disability Discrimination Act 1995
- The Working Time Regulations 1998
- Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 1995
- Limitation Act 1980
- Limitation Act 1980 (for England & Wales)
4.5 Securing Your Data
We shall ensure that personal data is stored securely using best practice and in an environment that is maintained in accordance industry standards.
Access to your personal data shall be limited to personnel who require access to provide a contracted product or service and appropriate security will be in place to avoid unauthorised sharing of information.
When personal data is deleted this will be done safely and in such a manner that the data is irrecoverable.
Where data cannot be deleted, it will be anonymised to prohibit the identification of the data subject.
Appropriate back-up and disaster recovery solutions shall be in place.
5. Disclosure of your information
Your explicit agreement allows us to share your personal information with:
- any member of our group, which means our subsidiaries, as defined in section 1159 of the UK Companies Act 2006;
- selected third parties including:
- business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
- analytics and search engine providers that assist us in the improvement and optimisation of our Website;
- credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you.
Should we disclose your personal information to third parties we confirm that your personal data shall not be transferred to another entity, country or territory, unless reasonable and appropriate steps have been taken to establish and maintain the required level of data security and that:
- personal data may be communicated to third persons only for reasons consistent with the purposes for which the data were originally collected or other purposes authorised by law;
- all transfers of personal data to third parties for further Processing shall be Subject to written agreements, or under our Intra Group Data Transfer Agreement for internal Data transfers;
- EU personal data shall not be transferred to a country or territory outside the European Economic Area unless the transfer is made to a country or territory recognised by the EU as having an adequate level of data security or to the United States under the EU-US Privacy Shield, and only if the US company is registered under the EU-US Privacy Shield.
Subject to the provisions of the above, personal data may be transferred where any of the following apply:
- the data subject has given Consent to the proposed transfer;
- the transfer is necessary for the performance of a contract between the data subject (personally or via his/ her employing company as our client) and us;
- the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between us and a third party;
- the transfer is necessary or legally required on important public interest grounds, or for the establishment, exercise, or defence of legal claims;
- the transfer is required by law;
- the transfer is necessary to protect the vital interests of the data subject.
Your personal data may also be shared
- in the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets;
- if our or substantially all of our assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets;
5.1 Your rights
As the data subject, your rights are set out in Chapter 3 of GDPR and includes the rights to:
- access your personal data;
- be provided with information about how your personal data is processed;
- be provided with the information of the personal data obtained from someone other than the data subject;
- have your personal data corrected;
- have your personal data erased in certain circumstances, (“the right to be forgotten”);
- object or restrict how your personal data is processed;
- have your personal data transferred to yourself or to another business in certain circumstances.
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting our Data Protection Officer, who can be contacted on HR@stephens-it.com
Our Website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
A cookie is a small file which is placed on your computer’s hard drive. By using our Website, you agree to allow cookie files to be added to your computer which helps us to analyse web traffic but also allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our Website in order to tailor it to customer needs. We only use this information for statistical analysis purposes.
Overall, cookies help us provide you with a better Website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
We may use the following third party services that relates to cookie use on our Website:
- Google Analytics
- Google Analytics for Display Advertising
- Google Display Network Impression Reporting
- Google Analytics Demographics and Interest Reporting
- Google Maps
Should you have any questions or concerns with how we utilise cookies then please do not hesitate to contact us.