Soluting Technology Limited ("We") are committed to protecting and respecting your privacy.
Data Protection Law states that we are allowed to use personal information only if we have a reason to do so. The Data Protection Law states that there are six lawful bases for processing personal data that are set out in Article 6 of the act. For business purposes only four of these will apply whenever we process personal data:
- Consent - When you provide clear consent for us to process your personal data for a specific purpose
- Contract - When we need to fulfil our contractual obligations to or if you have requested for us to do something before such as provide a quote where no contract exists but requires your personal data to be processed to carry out the request
- Legal Obligation - When it is our duty to comply with the law and we have no discretion over whether to process your personal data or there is not another reasonable way to comply. Processing of personal data using this lawful basis also means that the data subject (defined in Article 4(1) as an identifiable natural person that is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physicl, physiological, genetic, mental, economic, cultural or social identity of that natural person) has no right to erasure, right to data portability or right to object
- Legitimate Interests - When we need to ensure your rights and interests are fully considered and protected. For example marketing, fraud prevention, or IT security are potential legitimate interests
For the purpose of the General Data Protection Regulation (GDPR) (the Act), the data controller is Soluting Technology Limited of 3 The Quadrant Coventry CV1 2DY. A data controller is defined under the act as a person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. The data controller is Soluting Technology Limited.
Our nominated representative for the purpose of the Act is Robert Francis or such other officer of the Company as appointed from time to time.
∆ Back to top
How we collect your data
We will collect and process the following data about you:
∆ Back to top
- Information that you provide by filling in forms on our site www.solutingtechnology.co.uk. This includes information provided at the time of registering to use our site, subscribing to our service, posting material or requesting further services. We may also ask you for information when you report a problem with our site.
- If you contact us, we may keep a record of that correspondence.
- We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
- Details of transactions you carry out through our site and of the fulfilment of your orders.
- Details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
What data do we collect from you
We will collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users browsing actions and patterns, and does not identify any individual.
For the same reason, we will obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies are mentioned in the act under recital 30 that states:
Natural persons may be associated with online identifiers…such as internet protocol addresses, cookie identifiers or other identifiers…. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.
What this tells us is that cookies where they are used to uniquely identify a device, or in combination with other data, the individual using the device or is associated with it, should be treated as personal data.
Cookies contain information that is transferred to your computers hard drive. They help us to improve our site and to deliver a better and more personalised service. They enable us:
- To estimate our audience size and usage pattern.
- To store information about your preferences, and so allow us to customise our site according to your individual interests.
- To speed up your searches.
- To recognise you when you return to our site.
∆ Back to top
What is the importance of consent under the act
Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement.
- Freely Given - As a general rule, the GDPR prescribes that if the data subject has no real choice, feels compelled to consent or will endure negative consequences if they do not consent, then consent will not be valid. For example, if an organisation will only allow you to browse their website if you accept their cookie terms to obtain your personal data but not allow you to browse the site if you decline their terms then this is not freely given consent.
- Specific and Informed - This confirms that the consent of the data subject must be given in relation to one or more specific purposes and the data subject has a choice in relation to each of them. This is to ensure that the data subject has a degree of user control and transparency. As a result we will ensure each purpose or purposes is clearly specified to safeguard against using a specific purpose to carry out a completely different function. For example, a request for your personal data to make a payment to receive consultancy but not to share your data with other third parties for other uses. We will ensure we clearly identify who we are and any third parties who will be relying on your consent to allow your data to be shared. This also includes we make it clear to you your right to withdraw consent at any time and how to do so.
- Unambiguous - Consent requires a clear affirmative action such as opt-in. This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject’s acceptance of the proposed processing of his or her personal data. Silence, pre-ticked boxes or inactivity should not therefore constitute consent. Consent can only be an appropriate lawful basis if the data subject is offered control and is offered a genuine choice with regard to accepting or declining them without detriment. Consent should cover all processing activities carried out for the same purpose or purposes. When the processing has multiple purposes, consent should be given for all of them. If the data subject’s consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.
∆ Back to top
Where we store your personal data
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using Secure Socket Layer (SSL) technology with cryptographic Secure Hash Algorithm (SHA) functions. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data using encrypted standards, we cannot guarantee the security of your data you transmit to our site. Article 5(1)(f) of the act states personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. Article 32(1)(a) of the act recommends using two examples of measures which the act suggest are appropriate for data subjects to implement are:
- Pseudonymisation - Using this method is a privacy technique where directly identifiable fields within a data record are replaced with artificial identifiers or pseudonyms. Under Article 3 of the act this is defined as the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information.
- Encryption - Using this method converts clear text into a hashed code using an encrypted key. This minimises the risk of an incident during data processing as encrypted contents are unreadable to third parties who do not have the correct encrypted key to decode the data
Any transmission of personal data not adhering to either of the appropriate methods as documented in the act is at your own risk. Once we have received your information, we will use strict procedures and security features to prevent accidental, unlawful and unauthorised access to your personal data.
∆ Back to top
How we use your personal data
We use information held about you in the following ways:
- To ensure that content from our site is presented in the most effective manner for you and for your computer.
- To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
- To carry out our obligations arising from any contracts entered into between you and us.
- To allow you to participate in interactive features of our service, when you choose to do so.
- To notify you about changes to our service.
We will also use your data, or permit selected third parties to use your data, to provide you with information about goods and services which may be of interest to you and we or they may contact you about these by post or telephone.
If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous sale to you.
If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this.
We do not disclose information about identifiable individuals to our partners, but we shall provide them with aggregate information about our users for legitimate interests (for example, we shall inform them that 500 men aged under 30 have clicked on their advertisement on any given day). We shall also use such aggregate information to help our partners reach the kind of audience they want to target (for example, women in SW1). We shall ensure that we inform you of our interests where this is most likely to be an appropriate basis where we use your personal data that has minimal privacy impact by demonstrating the compelling benefit to the processing and the impact is justified.
∆ Back to top
Disclosure of your information
We shall under specific conditions disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 736 of the UK Companies Act 1985.
We shall under specific conditions disclose your personal information to third parties:
∆ Back to top
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If Soluting Technology Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
What are your data protection rights
We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
- The right to access - You have the right to request for copies of your personal data. This is known as making a Subject Access Request. You have rights to find out what data is held about you and how it is used. Your request could be for example your personal file. We will charge you a small fee for this service.
- The right to rectification - You have the right to request that we correct any information you believe is inaccurate. You also have the right to request we complete information you believe is incomplete. You should state clearly what you believe is inaccurate or incomplete, explain how we should correct it and where available, provide evidence of the inaccuracies. Your request can be made verbally or in writing. We recommend that you follow up any verbal request in writing as this will provide clear proof of your actions.
- The right to erasure - You have the right to request that we erase your personal data under certain conditions. This is also known as Right to be Forgotten.
- The right to restrict processing - You have the right to request that we restrict the processing of your personal data, under certain conditions.
- The right to data portability - You have the right to request that we transfer the data that we have collected to another organisation, or directly to you, under certain conditions.
- The right to object - You have the right to request that we stop processing your personal data. You must give specific reasons why objecting to the processing of your personal data must be stopped based upon a particular situation. Unless we have compelling legitimate grounds for continuing processing then we will continue. It is our responsibility to demonstrate that our legitimate grounds override the data subject.
We will usually request consent (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for legitimate interests. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at firstname.lastname@example.org.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
∆ Back to top
Access to information
The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request will be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you.
∆ Back to top
∆ Back to top
How to contact us
∆ Back to top
Soluting Technology Limited is a Company registered in England and Wales, number: 06857218. Registered Address: 3 The Quadrant Coventry CV1 2DY