This policy covers the following:
Sandgate Systems Ltd is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified, then it will only be used in accordance with this privacy statement and the purpose for which it was collected. We may on specific occasions provide additional information about how your data is used and this policy will supplement those other notices and is not intended to override them.
Sandgate Systems Ltd may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 25th May 2018.
What we collect
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed which is often known as anonymous data. The personal data we collect for our own purposes may include the following:
The majority of this information will be collected directly from you or from publicly available sources such as directories. We may also collect data on your usage of our website through our use of analytical tools, which helps us to track traffic across our website, allowing us to develop our site for a better user experience.
We only collect information which is necessary, relevant and adequate for the purpose you are providing it for, which are described in more detail below.
The systems we provide enable customers to store data which may, depending on the way in which the customer uses the systems, include personal data. We act as a data processor in respect of this information and it is the customer’s responsibility to ensure that such data is collected and processed legitimately.
What we do with the information we gather
We may use and process your personal information where this is necessary to enter into or perform a contract with you and to fulfil and complete your orders, purchases and other transactions entered into with us.
We may use and process your personal information where it is necessary for us to carry out activities for which it is in our legitimate interests as a business to do so. This includes our legitimate interests in using the contact details of an individual within a school or other organisation in the course of our sales and marketing activity, and using such details for the purposes of ongoing support and customer services in line with our contract with our customer.
Marketing and customer updates
We send information about promotions, events, products and services to our customers and may also send marketing material to schools and other organisations using publicly available data. We do not send marketing material to consumers. We carry out marketing on the basis that it is in our legitimate interests to do so, but allow recipients to opt out of further communications. You can do this at any time by contacting us or by using the unsubscribe option included in the footer of any of our messages.
If we have your consent to do so, we may use your personal information to send you promotional information about third parties we think you may find interesting. You have the right to withdraw this consent at any time.
Data we hold as the Data Controller:
We will keep your personal information for as long as you or your employer are a customer of Sandgate Systems Ltd so that we can communicate with you about your use of the systems.
We retain personal data only for as long as necessary to provide the Services the customer has requested and thereafter for legitimate legal or business purposes. These might include retention periods:
After you stop being a customer, we may keep your data for up to 10 years for the following reasons:
Data we hold as the Data Processor:
Our customers are responsible for setting and managing retention periods for any personal data which they enter into and store using our systems although we will provide functionality to facilitate this.
After a customer contract terminates, we will delete the data which that customer has entered into our system after 60 days from the point when the contract has ceased. During this period, we will be able to provide the data in a suitable format if requested.
The exceptions to the periods mentioned above are where:
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Controlling your personal information
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. We also have processes for detecting data breaches and notifying them where we are legally required to do so.
Controlling your personal information
We may share your personal data with the following third parties:
We may transfer personal data which we hold as data controller outside the EEA to recipients with Privacy Shield or adequate data protection agreements in place. Please contact us using the details below if you require further information on these safeguards. We do not transfer the data which we hold on behalf of customers as a data processor outside the EEA, and our contracts with customers contain restrictions on such transfers.
You have the right to:
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You can exercise the above rights and/or manage your information by contacting us using the details below:
By post: Sandgate Systems Ltd, 1st Floor, Regent House, 5 Queen Street, Leeds, LS1 2TW.
By email: email@example.com
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Data Protection Officer
Although not required to do so by GDPR, Sandgate Systems Ltd has chosen to designate a Data Protection Officer (DPO) on the Executive Board, who has full responsibility for all matters relating to data protection and GDPR compliance.
The DPO ensures that Sandgate Systems Ltd is accountable and transparent to all relevant authorities.
To contact the DPO please email firstname.lastname@example.org
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.