Overview

Attivo Technology UK Ltd is committed to data protection and data privacy. With the General Data Protection Regulation (GDPR) becoming enforceable from 25 May 2018, we have undertaken a GDPR readiness programme to review our entire business, the way we handle data and the way in which we use it to provide our services and manage business operations.

Introduction

We respect the privacy rights of individuals and are committed to handling personal information responsibly and in accordance with applicable law. This notice sets out the personal data that we collect and process about you, the purposes of the processing and the rights that you have in connection with it.

If you are in any doubt regarding this notice, please contact us using the contact details at the end of this policy.

Purposes for processing personal data

We will process your personal data for the purposes: –

  • Management of Customer related activities such as providing products/services, product support contracts and marketing activities.
  • Management of supplier related activities such as purchasing of products and services.

Types of personal data we collect

The types of personal information we may process include, but are not limited to:

  • Name
  • Home/Business/Mobile Telephone Numbers
  • Home/Business Address
  • Home/Business email address

Legal basis for processing personal data

To process your information, we mainly rely on the following legal basis: –

  • Performance of a contract – We will normally collect personal data from you only where we need it to perform a contract with you (i.e. to manage the customer/supplier relationship)
  • Legitimate Interests – We may use your information for our legitimate interests such as website experience, emails or newsletters, improve or promote our products and services, administrative and legal purposes.
  • Consent – We may reply on your consent to use your personal information for direct marketing purposes. You may withdraw your consent at any time by contacting us using the contact details at the end of this policy.

Who we share your personal data with

We take care to allow access to personal data only to those who require such access to perform their tasks and duties.

Information Security

We will ensure that we take technical and organisational measures to ensure, as far as reasonably possible, the confidentiality, integrity and availability of your information at all times. If you have any concerns please contact us using the contact details at the end of this policy.

Transfer of personal data abroad

We will not normally need to transfer personal data to countries outside of the United Kingdom. If we export your personal data to a different country, we will take steps to ensure that such data exports comply with applicable laws. For example, if we transfer personal data outside the European Economic Area (EEA), such as to the United States, we will implement an appropriate data export solution such as entering into contracts with the data importer that contain EU model clauses or taking other measures to provide an adequate level of data protection.

Data retention

Personal data will be stored in accordance with applicable laws and kept for as long as needed to carry out the purposes described in this notice or as otherwise required by law. Personal data will be kept for 12 months following the termination of customer/supplier relationships.

Your rights

You may exercise the rights available to you under data protection law as follows:

  • The right to be informed.
  • The right of access.
  • The right to rectification.
  • The right to erasure.
  • The right to restrict processing.
  • The right to data portability.
  • The right to object.
  • Rights in relation to automated decision making and profiling.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. You can read more about these rights at:

https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/

To exercise any of these rights, please contact us using the contact details at the end of this policy.

 

Transfers to third-party service providers

We will not transfer any personal data to other third-party service providers.

Transfers to other third parties

We may disclose personal data to third parties on other lawful grounds, including:

  • To comply with any legal obligations
  • In response to lawful requests by public authorities (including for national security or law enforcement purposes)
  • As necessary to establish, exercise or defend against potential, threatened or actual litigation
  • Where necessary to protect the vital interests of our employees or another person
  • In connection with the sale, assignment or other transfer of all or part of our business; or
  • With your freely given and explicit consent.

Issues and complaints

We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

This notice was drafted with clarity in mind. It does not provide exhaustive detail of all aspects of our collection and use of personal information. However, we are happy to provide any additional information or explanation needed.

If you want to make a complaint about the way we have processed your personal information, you can contact the Information Commissioner’s Office in their capacity as the statutory body which oversees data protection law – www.ico.org.uk/concerns.

Updates to this notice

This notice may be updated periodically to reflect any necessary changes in our privacy practices. In such cases, we will inform you by publishing this on our website www.attivotechnology.co.uk We encourage you to check this notice periodically to be aware of the most recent version.