Privacy & Cookies Policy
Our legal status
We may be either a data controller or a data processor, depending on the circumstances. We are a “data processor” for the purposes of UK data protection whilst providing our technology solutions services to our customers. Our customers will be the “data controller” for personal information that they provide to us during the course of us providing our services.
We are a “data controller” in limited circumstances for the information gathered through use of our website, for any information gathered whilst registering as a new customer and for any personal information relating to our own staff.
Information we collect
We collect and hold a range of information about our customers and website users during the course of our relationship with you. This includes:
- Your contact details including name, job description, username, email address, billing address and telephone numbers.
- Your profile data including your username and passwords and services purchased.
- Your transaction data which includes details about payments you have made to us and details of the services you have purchased from us.
- Technical data including your IP address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.
- Any information that you provide to us whilst using our services or input information into our website.
- Marketing and communications information including your communication and marketing preferences.
- Information about your needs and requirements to ensure our services are accessible; that we take account of any support needs in our dealings with you; and to improve our communications with you.
- Financial records about the amount of money you have paid us; any amount(s) outstanding and associated recovery action. Depending on your chosen method of payment, we may hold your bank account details.
- We may carry out insight and satisfaction surveys to help us to monitor our performance and to improve our services to our customers.
This list is not exhaustive, as we hold records of most contacts we have with you, or about you, and we process this information, so we can deliver our services to you.
Purposes for processing
We have set out below a description of all the ways we plan to use your information, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. We may process your information for more than one lawful ground depending on the specific purpose for which we are using your information.
Marketing and communications information
Marketing and communications
Necessary for our legitimate interests to recover any debts due to us
Necessary to comply with our legal obligations
Necessary for our legitimate interests to understand how our clients use our services to develop them and grow our business
Necessary for our legitimate interests to run our business, provision of IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise
Our marketing communications
We may use your personal information to contact you to inform you about services we believe might be of interest to you via email or text message (we call this marketing communications). Our clients may receive marketing communications from us unless you have opted out or unsubscribed to receiving that marketing.
You can ask us to stop sending you marketing communications at any by following the unsubscribe links on any marketing communications sent to you or by contacting us at any time. Where you opt out of receiving these marketing communications, this will not apply to personal information provided to us as a result of the provision of our services and we will still be required to
contact you in relation to the services we provide.
We are aware of our responsibility to protect your privacy. As part of this responsibility, we let you know what information we collect using cookies when you use our websites, why we collect it and how we use it to improve your experience.
Cookies are small files that allow a website to recognise and track users. The ICO groups them into three overlapping groups:
- Session cookies – These are files that allow a site to link the actions of a visitor during a single browser session. These might be used by an internet bank or webmail service. They are not stored long term and are considered “less privacy intrusive” than persistent cookies.
- Persistent cookies – These remain on the user’s device between sessions and allow one or several sites to remember details about the visitor. They may be used by marketers to target advertising or to avoid the user having to provide a password each visit.
- First and third-party cookies – A cookie is classed as being first-party if it is set by the site being visited. It might be used to study how people navigate a site and to improve the visitors’ experience. It is classed as third-party if it is issued by a different server to that of the domain being visited. It could be used to trigger a banner advert based on the visitor’s viewing habits.
Essential cookies are technical cookies that are required for the operation of this website. Without essential cookies our sites can’t operate properly. Essential cookies include, for example, cookies that enable you to log into secure areas.
Performance cookies allow us to recognise and count the number of visitors to our site and to see how visitors move around it. This helps us to improve the way our website works by enabling us to tailor our site to the way visitors use it. The information we collect from performance cookies is aggregated which means that we cannot identify you from it.
Further information on cookies
For more information about how to manage cookies and their uses visit https://www.aboutcookies.org/
For information regarding the updated law on cookies visit the ICO.
Sharing personal information
Normally, only our employees will be able to see and process your personal information. However, there may be times when we will share relevant information with third parties for the purposes as outlined above, or where we are legally required to do so. When sharing personal information, we will comply with all aspects of data protection law.
Where necessary or required, we may share your personal information as follows:
- With third party service providers, in connection with services performed on our behalf. For example, our email provider, our database host and analytics and search engine providers that assist us in the improvement and optimisation of our website.
- With local authorities and government departments, as necessary for administering justice, or for exercising statutory, governmental, or other public functions.
- With police and other relevant authorities (e.g. Probation Service, Department of Work and Pensions, HM Revenues and Customs) in relation to the prevention or detection of crime and fraud; the apprehension or prosecution of offenders and the assessment or collection of tax or duty.
This list is not exhaustive as there are other circumstances where we may also be required to share information, for example:
- To meet our legal obligations.
- In connection with legal proceedings (or where we are instructed to do so by Court order).
Our relationships with third party services providers are governed by contractual provisions with us and they only have access to personal information to perform the described purposes and may not use it for other purposes.
Where we store personal information
The personal information that we collect is stored within the UK and European Economic Area (EEA). However, there may be some circumstances where it is necessary to transfer and store personal information at a destination outside the UK or the EEA. In these circumstances, we will take all steps reasonably necessary to ensure that personal information is treated securely and in accordance with data protection law and, in the event that personal information is transferred outside the UK or the EEA,
shall ensure that this is carried out subject to the requirements of the UK GDPR.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
How long we keep it for
We will only retain personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Details of retention periods for different aspects of personal information are available upon request. After this period, we will securely destroy or anonymise personal information in accordance with data protection law.
Right of access
You have the right of access to information we hold about or concerning you. If you would like to exercise this right, please do so in writing. If you are seeking to obtain specific information (e.g. about a particular matter of from a particular time period), it helps if you clarify the details of what you would like to receive in your written request. If someone is requesting information on your behalf, they will need written confirmation from you to evidence your consent for us to release this and proof of ID (both
yours and theirs). We have one month to provide you with the information you’ve asked for (although we will try to provide this to you as promptly as possible). In response to a subject access request, we will provide you with a copy of the information we hold that relates to you.
Right of rectification or erasure
If you feel that any information that we hold about you is inaccurate you have the right to ask us to correct or rectify it. You also have a right to ask us to erase information about you where you can demonstrate that the information we hold is no longer needed by us, or if you withdraw the consent upon which our processing is based, or if you feel that we are unlawfully processing your information. Your right of rectification and erasure extends to anyone we have disclosed your personal information to and we will take all reasonable steps to inform those with whom we have shared your information about your request for erasure.
Right to restriction of processing
You have a right to request that we refrain from processing your information where you contest its accuracy, or the processing is unlawful and you have opposed its erasure, or where we don’t need to hold your information anymore but you need us to in order to establish, exercise or defend any legal claims, or we are in dispute about the legality of our processing your personal information.
Right of portability
You have a right to receive any personal information that you have provided to us in order to transfer it onto another data controller where the processing is based on consent or contract and is carried out by automated means called a data portability request.
Right to object
You have a right to object to our processing of your personal information where the basis of the processing is our legitimate interests including but not limited to direct marketing and profiling.
Right to withdraw consent
In the circumstances where you may have provided consent to the collection, processing and transfer of personal information for a specific purpose has been provided, you have the right to withdraw consent for that specific processing at any time. To withdraw your consent, please contact us using the contact details below. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have
another legitimate basis for doing so in law.
Please note, there are some specific circumstances where these rights do not apply and we can refuse to deal with your request.
If you have a concern about the way we are collecting or using personal information, we would ask that you raise your concern with us in the first instance by using the contact details below.
You also have a right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk, should you feel that we have not handled your information in line with legislative and regulatory requirements. They can be contacted at:
Information Commissioner’s Office
0303 123 1113 | www.ico.org.uk
For further information on how to request your personal information and how and why we process your information, you can contact us by emailing firstname.lastname@example.org or writing to us at the following address:
Data Protection Compliance
STL Technology Solutions Limited
7 Arkwright Court
Commercial Road, Darwen
We may change this privacy notice from time to time, but if we change it in a way which significantly alters the terms upon which you have agreed, we will post notice of the change on our website. This privacy notice was last updated in January 2022.