Overview

This policy requires that personal data shall be: 

  1. Processed lawfully, fairly and in a transparent manner in accordance with the General Data Protection Regulation (the “GDPR”) given the purposes for which those data were obtained;
  2. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
  3. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  4. Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
  5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
  6. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Policy

Impact of GDPR 

  • As an organisation that holds personal data we need to comply with GDPR. 
  • Personal data means: any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • This includes personnel records, customer details, sales and marketing, prospect information, online identifier data etc.  We are accountable to their Information Commissioner’s Office (“ICO”).   Whilst this accountability is not a new requirement GDPR requires all organisations to record and document compliance with all applicable aspects of GDPR, the regulation gives individuals more rights in respect of their data including more control and visibility of how their personal data is being used and the right to have that information removed or moved if requested. 

The kind of information we hold about you
We may collect, store, and use the following categories of personal information about you: 

  1. Personal contact details such as name, title, addresses, telephone numbers, and    personal email addresses
  2. Date of birth.
  3. Gender.
  4. Marital status and dependants.
  5. Next of kin and emergency contact information.

We may also collect, store and use the following "special categories" of more sensitive personal information:

  1. Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions.
  2. Trade union membership.

Lawful basis for processing

  • We have reviewed the purposes of our processing activities, and selected the most appropriate lawful basis (or bases) for each activity.

Provision of Contractual Services

  • For the provision of legal services, the appropriate lawful basis is contract.  Data processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Provision of Marketing Further Information
We may undertake marketing activities therefore we have carried out the following steps to ensure that when we do so we are complaint: 

  1. We have checked that consent is the most appropriate lawful basis for processing
  2. We have made the request for consent prominent and separate from our terms and conditions.
  3. We ask people to positively opt in.
  4. We tell individuals they can withdraw their consent.
  5. We ensure that individuals can refuse to consent without detriment.

Recording consent

  • We keep a record of when and how we got consent from the individual.
  • We keep a record of exactly what they were told at the time.

Data Controllers and Data Processors

  • GDPR applies to controllers and processers.  
  • controller determines the purposes and means of processing personal data. A processor is responsible for processing personal data on behalf of a controller. 
  • If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have legal liability if you are responsible for a breach. If you are a controller, you are not relieved of your obligations where a processor is involved – the GDPR places further obligations on you to ensure your contracts with processors comply with the GDPR. 

As a data controller

  • We shall be responsible for, and be able to demonstrate, compliance with the principles.

As a data processor

  • We have reviewed the purposes of our processing activities, and selected the most appropriate lawful basis (or bases) for each activity.
  • We have checked that the processing is necessary for the relevant purpose, and are satisfied that there is no other reasonable way to achieve that purpose.
  • We have documented our decision on which lawful basis applies to help us demonstrate compliance.
  • We have included information about both the purposes of the processing and the lawful basis for the processing in our privacy notice.
  • Where we process special category data, we have also identified a condition for processing special category data, and have documented this.

Our policy is to process personal data in accordance with applicable data protection laws and individuals' rights as set out below and comply with the following data protection principles. 

Data Protection Principles

Personal data shall be:

  1. Processed lawfully, fairly and in a transparent manner in relation to individuals;
  2. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
  3. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  4. Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
  5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
  6. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Compliance with GDPR

  • We undertake data-mapping to understand our data sources and storage for all stages of data custody we look to identify what we are doing with data, how we are protecting data and how we are ensuring we do not infringe on the rights of the subject of that data. That includes that personal data should be obtained for one or more specified purposes and shall not be further processed in any manner incompatible with that purpose or those purposes.  
  • Understanding our data uses for the specific purposes for which the data is being collected (legitimate interests, records of processing, consent, ensuring that data is adequate, relevant and not excessive in relation to the purpose). 

Data sharing

  • We may have to share your data with third parties, including third-party service providers and other entities in the group.
  • We require third parties to respect the security of your data and to treat it in accordance with the law.
  • We may transfer your personal information outside the EU. If we do, you can expect a similar degree of protection in respect of your personal information.
  • We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so. 

Which third-party service providers process my personal information?

  • "Third parties" includes third-party service providers (including contractors and designated agents) and other entities within our group. The following activities are carried out by third-party service providers: holding client contact details through raised Service Ticket Desks and supporting clients through various third party software’s, provisions and quotations.  

How secure is my information with third-party service providers and other entities in our group?

  • All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

When might you share my personal information with other entities in the group?

  • We will share your personal information with other entities in our group as part of our regular reporting activities on company performance, in the context of a business reorganisation or group restructuring exercise, for system maintenance support and hosting of data. 

What about other third parties?

  • We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business. In this situation we will, so far as possible, share anonymised data with the other parties before the transaction completes. Once the transaction is completed, we will share your personal data with the other parties if and to the extent required under the terms of the transaction.
  • We may also need to share your personal information with a regulator or to otherwise comply with the law. This may include making returns to HMRC, disclosures to stock exchange regulators and disclosures to shareholders such as directors' remuneration reporting requirements.
  • No data relating to a client shall be disclosed in any way except: 
  1. A client matter file requires access to perform main contract agreement and only after specific permission is given by the agreed client contacts.
  2. Basic client information contained on devices that cannot be reasonably avoided to comply with the contract.
  • No information relating to our client or their client should be disclosed in any form other than to: 
  1. An employee of the company.
  2. An employee of Chris Bowker Limited to provided such disclosure is essential to perform the contract.

Your rights in connection with personal information

Under certain circumstances, by law you have the right to:

  • Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party. 

Handling your data

We will do the following when handling personal data: 

  1. We will implement appropriate technical and organisational measures to protect data against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.  
  2. We will take reasonable steps to ensure that employees and contractors do not breach the duty of confidentiality of this statement.
  3. We will be allowed to audit, obtain information, inspect records to comply with the contract.
  4. We will be allowed to hold client employee contact details (name, email address, phone number) for the contract.
  5. We will implement appropriate controls to avoid that data is transferred to a country or territory outside the European economic area unless that country or territory ensures that an adequate level of protection of the rights and freedoms of data subjects in relation to the processing of personal data.  

Data Breaches

Preparing for a personal data breach

  • We know how to recognise a personal data breach.
  • We understand that a personal data breach is not only about loss or theft of personal data.
  • We have prepared a response plan for addressing any personal data breaches that occur.
  • We have allocated responsibility for managing breaches to a dedicated person or team.
  • We know how to escalate a security incident to the appropriate person or team in our organisation to determine whether a breach has occurred.

Responding to a personal data breach

  • We have in place a process to assess the likely risk to individuals as a result of a breach.  
  • We know who is the relevant supervisory authority for our processing activities.
  • We have a process to notify the ICO, where appropriate, of a breach within 72 hours of becoming aware of it, even if we do not have all the details yet.
  • We know what information we must give the ICO about a breach.
  • We have a process to inform affected individuals about a breach when it is likely to result in a high risk to their rights and freedoms.
  • We know we must inform affected individuals without undue delay.
  • We know what information about a breach we must provide to individuals, and that we should provide advice to help them protect themselves from its effects.
  • We document all breaches, even if they do not all need to be reported.

Changes to this privacy notice

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

Implementation and Review

If you have any question or concerns relating to our GDPR compliance, please contact Louise Nicolaichuk.

This policy takes effect from 25 May 2018 and will be subject to a periodic review after its implementation.

How We Work

Understand

Understand

Taking the time to get to know you, your business, and all of your requirements

Plan

Plan

Meeting your current needs, while always future-proofing for issues down the line

Deliver

Deliver

Our transparent services keep you on budget and on schedule with limited disruption

Central Lancaster High School

“The migration to a single domain was virtually flawless with minimal snagging. Network speed has improved considerably with backups simplified. Staff can now log on to any computer...

Lancaster Road Primary School

Everything we do as a school is focussed on raising aspirations, improving outcomes for children and ensuring a safe and happy school experience for children. Bowker IT have become...

Previous
Next

Client Feedback

Bowker IT provides a highly professional, knowledgeable and cost effective service. They have a thorough understanding of our unique needs and priorities, in addition to awareness of wider technological developments and business innovations. As an online operation uptime is business critical, and Bowker IT have consistently demonstrated their commitment to ensuring we have a stable and effective system in place.

Mark Hepworth, Intec (UK) Limited

Client Feedback

We are extremely happy with the service we have received from Bowker IT, right from the start they were clear and helpful in implementing our IT upgrade. Unlike other companies I have worked with, they kept us in the loop and kept the conversations jargon free and non patronising. The installation was quick, painless and passed without disruption to our work, and they are very quick to provide off and on site support, even for relatively small issues. I would definitely recommend them to any of our clients with similar requirements.

Dominic Williams, Fat Media Limited

Client Feedback

We have no hesitation in recommending Bowker IT to other businesses. They provide a superb service - friendly, helpful and always available whenever needed. I am deeply impressed with their transparent costing which enable future growth plans to be accurately forecast. Bowker IT consultants feel like a part of the company, they get involved in any meetings where IT is concerned when requested, provide good documentation and deliver timesheet driven reports and proactive system monitoring. It's a first class service without the high cost this usually implies.

John Lyon, ICS (Independent Contractor Services) Ltd

Client Feedback

We are a fairly new client to Bowker IT, but in the short time that we have worked with them, they have implemented a solution that has improved our day to day working environment greatly. The consultants provide an efficient and professional service both remotely and on-site. They deal with issues in a timely manner, keeping us informed throughout. They have an understanding of our requirements for the working day to run effectively, and are committed to making sure our environment is stable and productive. I highly recommend Bowker IT Ltd to any company that are looking to outsource their ICT, they have become a valued part of our company in such a short space of time..

Val Hughes, AM Support Services Ltd

Client Feedback

When we started the business, we chose Bowker IT straight away as we knew the team would get the job done. From recommending Cloud Storage - to allow us to have access to a server and our email at a low cost no matter where we are in the world - right through to remotely accessing our computers when we have problems, they have provided exactly what we need to operate our business efficiently. They are friendly, straight talking, approachable and always ensure any issues are sorted out quickly, which allows us to concentrate on running the business. They have become a valuable part of our company and I’d happily recommend them to other businesses looking for support as they grow.

Laura Mashiter, Refresh PR
Previous
Next
Microsoft ESET Schools Broadband Lenovo VMWare Hikvision Microsoft ESET Schools Broadband Lenovo VMWare Hikvision

Contact us for a chat

Loading

Bowker Latest News

View All News

Bowker IT Appoints Martin Scott!

Bowker IT has grown once again with the addition of Martin Scott as yet another Microsoft Certified Professional IT Engineer. With over thirty years in IT raising to IT Management in a previous role, the expertise, experience and thoroughly positive attitude will add so much to our already brilliant team.

Read

Experienced Installation Engineer required!

Bowker IT are looking to recruit an Installation Engineer to join our successful Data Installation Team and will be responsible for installing Copper, Fibre, Wireless, CCTV & Door Access solutions.

Read

Sign up for news