At AzteQ, we are committed to maintaining the trust and confidence of our Customers and Suppliers. In terms of data control and processing, we can guarantee that we are not in the business of selling, renting or trading in any personal or company data. Data will only be collected and processed for legitimate and lawful reasons.
Within the body of this Privacy Notice we aim to detail more fully when and why we collect Client or Supplier data, how we use it and the limited conditions under which we may disclose it to others.
For information on how we keep Customer and Supplier data secure, please refer to IMS-POL-004 (Data Protection Policy Details).
Types of Data Collected
All data is restricted to that which is required to fulfill a contract. This will include
- Named contact details
- Corporate banking details
- Vetting information for Suppliers (e.g. credit report)
In addition, all Customers and Suppliers should be aware of the following:
- Wi-Fi – if we offer customers, suppliers or guests access to our Guest Wi-Fi we do not monitor your device, the volume of data used, the websites and applications you access (except via controls in place to prevent access to inappropriate or unsuitable websites), nor the access time, frequency and location.
- Mailing Lists – At AzteQ we are keen to ensure effective communication to both existing and potential contacts. That said, we are also aware of the requirement not to engage in arbitrary marketing where the contact has not expressed interest or consent.
Sharing or Processing of Data
Normally we will only share data that is necessary for a contract or order to be delivered. Under such circumstances we would not process any associated personal information. In the unlikely event there is a requirement to process personal data that is the property of a customer or supplier, we would only do so if we could satisfy at least one of the following conditions:
- Consent – the data subject whom the personal data is about has consented to the processing
- Contractual – processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract
- Legal obligation – processing is necessary for compliance with a legal obligation
- Vital interests – processing is necessary to protect the vital interests of the data subject or another person
- Public tasks – processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the business
- Legitimate interests – processing is necessary for purposes of legitimate interests pursued by the business or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.
We do not process sensitive personal data as part of our normal business activities. In the unlikely event there is a requirement to process sensitive personal data that is the property of a customer or supplier, we would only do so if we could satisfy at least one of the following conditions:
- Explicit consent – the data subject whom the sensitive personal data is about has given explicit consent to the processing (unless reliance on consent is prohibited by EU or Member State law)
- Employment, social security or social protection laws – processing is necessary for carrying out obligations under employment, social security or social protection law, or a collective agreement providing for appropriate safeguards for the fundamental rights and the interests of the data subject
- Vital interests – processing is necessary to protect the vital interests of the data subject or another person where the data subject is physically or legally incapable of giving consent
- NFP – processing is carried out by a not-for-profit with a political, philosophical, religious or trade union aim, provided the processing relates only to members or former members (or those who have regular contact with it in connection with those purposes) and provided there is no disclosure to a third party without consent
- Public – processing relates to personal data manifestly made public by the data subject
- Legal matters – processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity;
- Public tasks – processing is necessary for reasons of substantial public interest, on the basis of EU or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject
- Public health – processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of Union or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy or
- Archiving, research or statistical purposes – processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes based on EU or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.
All data subjects would be contacted prior to any processing of personal data.
Cookies on our Websites
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.
We use the following cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of our site. They include, for example, cookies that anonymously identify your session to our server.
- Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our site when they are using it. This helps us to improve the way our site works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies. These are used to recognise you when you return to our site. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
Our Company provides various services under the Information Technology Services and Support banner. The very nature of these commitments requires us to access and process data on Client Servers. In so doing we have built our offering by considering the dynamics and interaction of the following criteria:
- Security – the data should be touched by the minimum number of persons such that it is controlled, processed and protected at all times.
- Need to Know – we will enable access on a need to know basis while considerate of availability /absenteeism such that deliverables are not adversely impacted by too much restriction.
- Permissions – we use and encourage our customers to use security permissions that provide further layers of control.
- Monitoring – we monitor the activities of our engineers (onsite and remote) and carry out unannounced spot checks on their activities.
- Disclosure and Barring Service (DBS) – although used primarily for safeguarding we have made it Company Policy that any person with access to client personal data will be DBS checked in advance of deployment.
- All staff are subject to a binding confidentiality agreement signed on induction to the Company and amended as required.
- On end of employment, for whatever reason, all access to Client systems is terminated with immediate effect.
We do not hold any personal data that would be considered the property of our Clients on our own servers.
- Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA) you have a number of rights with regard to your personal data. You have the right to request from us access to and rectification or erasure of your personal data, the right to restrict processing, object to processing as well as in certain circumstances the right to data portability.
- If you have provided consent for the processing of your data, you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.
- You have the right to lodge a complaint to the Information Commissioners’ Office if you believe that we have not complied with the requirements of the GDPR or DPA 18 with regard to your personal data.
4. Although not obliged under current legislation, we have appointed Erris Business Management as our Data Protection Officer for the purposes of the DPA 18 and GDPR. If you have any concerns as to how your data is processed, you can contact: