General Data Protection Regulation (GDPR)
Our GDPR policy is here to help you understand what information we collect and how we use it. This policy only describes how Southern Business Communications Ltd treats your information, not how other organisations treat your information. Below sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
Who we are and our details?
Southern Business Communications (SBC LTD) is a marketing leading supplier and installer of VoIP, PBX Telephone Systems, Network Cabling, CCTV, WiFi, Broadband and Phone Lines. Our company details can be found on our website www.sbcltd.co.uk. Full details can be found in the footer of our homepage. There is also a page called “Contact Us.” Where you will find our contact information at the bottom of the page.
GDPR will apply to all EU states from the 25th May 2018.
Southern Business Communications Ltd has always complied with data protection laws and regulations surrounding the use of personal data. However, GDPR means we are having to change publicly our policies. This document outlines what we have implemented to ensure we are fully compliant with the new regulation.
What does GDPR change and your rights?
Communicating with Southern Business Communications Ltd – We operate systems which log details of calls, emails and web chat correspondence. This allows us to deal with our customers effectively. We NEVER pass on your details provided to us to any 3rd party, except in outsourced service supply chain arrangements, such as couriers or equipment suppliers.
We are working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies). This is to ensure from beginning to end, your data has been secured from the ground up with security in mind. Records can be secured based on access levels, security groups and sharing rules.
In the event that the Customer requires a copy of the Customer Personal Data being held by Southern Business Communications Ltd, they shall make such a request to Southern Business Communications Ltd which must be in writing. Upon receipt of the request Southern Business Communications Ltd will act as soon as is reasonably practicable within 30 days of receipt of the request, provide a copy of the Customer Data in a CSV format only.
The GDPR includes the following rights for individuals:
Breach notification will become mandatory. Where a data breach is likely to “result in a risk for the rights and freedoms of individuals”, this must be done within 72 hours of first having become aware of the breach. Organisations will be required to notify their customers, after first becoming aware of a data breach.
Right to Access
Part of GDPR is the right for any individual the right to access their personal data and supplementary information. This individual also should be aware of and be able to verify the as to whether or not personal data concerning them are being processed, where and for what purpose. Furthermore, the controller shall provide a copy of the personal data, free of charge, in an electronic format.
Right to Rectification
When rectification is requested, where possible, we will: correct personal data without delay. Complete incomplete personal data. Add extra information in the form of notes. Notify any recipient of the personal data of the rectification.
Right to be forgotten
GDPR provides individuals with the right to request the erasure of personal data concerning them, also known as “the right to be forgotten”. The controller, employee or organisation will be obliged to erase personal data relating to an individual if the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed. The conditions for erasure include, the data no longer being relevant to original purposes for processing, or a data subjects withdrawing consent.
To comply with GDPR, we provide an opt-in box either on our website or via an email we have sent you. The Southern Business Communications Ltd the controller/ shall be able to demonstrate that the data subject has consented to the processing of his or her personal data. Companies are no longer able to use long illegible terms and conditions. The request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent.
GDPR data portability regulations give the right for any individual to access the personal data concerning them, which they have previously provided in a ‘commonly use and machine-readable format’ and have the right to transmit that data to another controller.
Right to Object
When an objection to data processing, where possible, we will: Stop processing of the personal data without delay. If it is not possible to stop the processing of the personal data, we will tell the data subject. We may keep enough personal data to ensure we do not directly market to the data subject again. This data will be kept on the basis of having a ‘legal obligation’ to do so. At the Customer’s option, delete or return all the Personal Data to the Customer after the termination of this Contract or otherwise on the Customer’s request, and delete existing copies unless applicable law requires Southern Business Communications Ltd ongoing storage of the Personal Data.
Data Protection Officers
GDPR requires an organisation to appoint a data controller who states how and why Personal Information is processed. Please email our data controller at email@example.com. Our data controller ensures that processors abide by the law and our processes governed by GDPR.
Collection of Personal Information & Opt-Out
At Southern Business Communications Ltd we are committed to protecting and respecting your privacy. As a visitor to our site www.sbcltd.co.uk, you can engage in many activities that may require you to enter Personal Information. The choice to opt-out of communications is available during the sign-up process and on our website contact forms. When you order products or services from our organisation we may collect the following Personal Information from you:
Contact information such as:
- Full name
- Company name
- Job title
- Job description
- Telephone number
- Fax numbers
- Email address
- Web address
- Bank account number & Sort Code
We specifically note that Southern Business Communications Ltd does NOT store raw credit-card details.
As is true of most websites, when you use Southern Business Communications Ltd, we may also collect certain information, such as browser type, operating system, and the Internet Protocol (IP) address of your computer. We use these environmental variables to facilitate and track your use of our website and its services. Southern Business Communications Ltd uses the information to better understand the needs of our visitors, troubleshooting, data analysis, testing, research, statistical, security and survey purposes. We may also use such information to deliver relevant marketing communications to the data subject which may be of interest.
How we may use your Personal Information
Southern Business Communications Ltd may collect information about an individual or company in order to provide our services, comply with our legal obligations, and to improve our products and services. We may use your information in the following ways
- Solving your problems
- Administrative emails.
- Send you order/renewal confirmations.
- Process orders that you have submitted.
- Collect monthly direct debit payments for services.
- Prevention of fraud.
- Respond to customer service requests, questions and concerns.
- Send you requested product or service information.
- Keep you informed about special offers and services.
- To improve our site, services and offerings.
- Obtain your views or comments on the services we provide.
- Notify you of changes to our services.
Protection of your Personal Information
The Personal Information that you provide in connection with the use of our website resides on secure web servers that only selected Southern Business Communications Ltd personnel to have access to via passwords which are changed on a regular basis. We take every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place. If you have any questions about security on our website or how we protect Personal Information, you can send an email to us at firstname.lastname@example.org or write to us at the following address: DPO, Southern Business Communications Ltd, Unit 14 Towergate Industrial Park, Colebrook Way, Andover, Hampshire, SP10 3BB. We will respond to your request within 30 days of receipt of the request
Southern Business Communications Ltd takes reasonable steps to protect the information you provide to us as part of your use of any Southern Business Communications Ltd service from loss, misuse, and unauthorised access or disclosure.
To ensure security, where appropriate, we will:
- Train our team members to understand personal data is important and must be treated correctly.
- Control access to the personal data using authentication and authorisation, to keep it confidential.
- Keep backups to help us guard against loss and damage.
- Ensure the personal data is available when and where it is required.
- Only use operating systems and software that receive security patches.
- Install security patches as they become available.
- Keep up to date with current advice and changes in the risk landscape.
- When creating or modifying systems and procedures for processing personal data, we will consider the protection of personal data.
- We will ensure we collect no more data attributes than we need, and we will keep the data for only as long as we need it.
- If we intend to process personal data which is likely to result in a high risk to the data subject, we will conduct a Data Protection Impact Assessment.
Data Storage and Transfers
We transfer your information held about you in the following ways:
- To carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us.
- To provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about; this will be available as an opt-out service which is simply to unsubscribe from marketing emails at the bottom of any emails you receive.
- To provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you.
- To notify you about changes to our service.
- To ensure that content from our site is presented in the most effective manner for you and for your computer.
Limited Employee Access
We know that as a customer you expect us to be responsible with your data. As part of this responsibility, we make sure that only key Southern Business Communications Ltd employees have access to our production networks. Records can be secured based on access levels, security groups and sharing rules.
As part of keeping our services secure, we also make sure that our employees are trained and are aware of security and privacy issues. Therefore, we make sure that our employees understand and acknowledge security policies prior to being granted system access.
Access to your Personal Information, Portability & Deletion
Right to access request and correct
This is your right to access, correct and request a copy of the information that we hold about you and why we are processing this information. If you would like a copy, please email or write to us at the following address: DPO, Southern Business Communications Ltd, Unit 14 Towergate Industrial Park, Colebrook Way, Andover, Hampshire, SP10 3BB. We will respond to your request within 30 days of receipt of the request.
You have the right to data portability allowing you to obtain and reuse your personal data for your own purpose across different services. Data Portability allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.
(a) The processing is based on consent or on a contract, and
(b) The processing is carried out by automated means.
You’re Right to be forgotten
You have the right to have your Personal Information erased, however in doing so we may not be able to continue to provide the expected service delivery, at your request data will be erased within 20 working days. Should you wish for us to completely delete all information that we hold about you: Email: email@example.com. If you would prefer to contact us in writing: DPO, Southern Business Communications Ltd, Unit 14 Towergate Industrial Park, Colebrook Way, Andover, Hampshire, SP10 3BB.
Transferring your information outside of Europe
As part of the services offered to you through this website, the information which you give to us may be transferred to countries outside the European Union (“EU”). Personal data in the European Union is protected by the General Data Protection Regulation (GDPR) but some other countries may not necessarily have the same high standard of protection for your personal data. Where this might be the case, we will take every precaution to make sure the right security measures are taken so that your privacy rights continue to be protected as outlined in this policy.
Sharing your Personal Information
Personal Data Breach Detection
Each party will notify the other party as soon as is reasonably practicable if it becomes aware of a Personal Data Breach relating to either party’s obligations under this Contract.
We will take appropriate measures to detect a personal data breach and we will cooperate with the ICO on any personal data protection issues.
If we become aware of a personal data breach we will without delay:
- Investigate the cause of the data breach.
- Identify the number of personal data records affected.
- Assess the risks to the rights and freedoms of data subjects.
- Inform the ICO of the personal data breach within 72 hours.
We only retain your information for as long as your service is active or legally required. The data we store is required to comply with our legal obligations, resolve disputes, and enforce our service agreements. We are required by law to store data for a minimum or maximum duration. Should you have any questions regarding our data retention or wish to delete your account, please contact our data controller at firstname.lastname@example.org.
It is possible that we may automatically gather information regarding your computer for our services as you browse. Some of the data we include are browser type, device type, and average time spent on our website, page or pages viewed, and the Internet Protocol (IP) address used to connect your computer to our site. We do this to improve the services we offer, to improve our company marketing, analytics, and provide efficient site functionality to users.
Your consent applies to our website: www.sbcltd.co.uk / www.sbclimited.co.uk.
Links to other websites
Our website may contain links to other websites which may differ from those of Southern Business Communications Ltd. However, once you have used these links to leave our site, we do not have any control over external sites. Therefore, we cannot be responsible for the protection and privacy of any of your Personal Information submitted to any of those sites. If you follow a link to any websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Social media widgets
We would like to send you future information about our services which may be of interest to you. If you have consented to receive marketing, you may opt-out at any point as set out below. You have a right at any time to stop us from contacting you for marketing purposes. You do not need to demonstrate grounds for your objection. To opt-out please email: email@example.com or write to us at the following address: DPO, Southern Business Communications Ltd, Unit 14 Towergate Industrial Park, Colebrook Way, Andover, Hampshire, SP10 3BB.