Policy key definitions:
Company Name: Purdicom Limited
Company Address: Mitchell House, Wooley Barns, Wantage, Oxon, OX12 8TA, England
Company Telephone: 01488 647647
Data Protection Contact Email Address: DPO@purdi.com
We are registered with the Information Commissioner’s Office (ICO), reference Z1016090
Under the General Data Protection Regulation (GDPR), you have the right to be informed about:
You have the right to information that is concise, transparent, intelligible, easily accessible and presented to you in clear and plain language rather than in “legalese”. We encourage you to get in touch with us if you have any questions about this policy statement.
This will not in any way affect your right (mentioned above) to complain to the ICO.
We commit to inform you if, at any time, we update our privacy information and always to seek permission if we plan to use your personal data for a new purpose.
We process and store details such as your:
These details will typically be provided when you sign up to our products/services. We only keep them for as long as necessary and you may, at any time, contact us to ask for them to be removed.
We use the information that we collect and store about you to conduct our business including such details as:
There are six possible legal grounds under the GDPR:
You can read more about your rights in details here, however below we have outlined legitimate interest as one of the legal grounds under which most of your data will be processed under by us.
We will only use your data in ways that you would reasonably expect, unless we have a very good reason. We will not use your data in ways that you would find intrusive or which could cause you harm and we have considered and introduced safeguards to reduce the impact where possible.
Purdicom is committed to applying the principles set out in the UK GDPR. To that end, we will strive to ensure that:
Data is processed in a manner that ensures its security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
In applying the above principles, this organisation recognises that it has a general obligation to implement technical and organisational measures to show that it has considered and integrated data protection into data processing activities. All of our employees are trained in understanding their requirements under UK GDPR and as far as possible we aim to ensure that contracts, website designs, publicity materials and company policies are all in line with the GDPR requirements.
On receipt of a request for access to the data which we hold about you, we will respond without delay and at the latest within one month of receipt. Information will be provided free of charge although a reasonable fee may be applied when a request requires excessive work, particularly if it is repetitive. This fee will reflect the amount of administrative work involved.
Also known as data erasure, the “right to be forgotten” set out in the GDPR entitles you to ask any data controllers (including us) to erase your personal data and to cease further dissemination. You can make such a request either verbally or in writing and we will respond as quickly as possible, and at the latest within one month.
Please note, however, that there are certain circumstances in which the right to erasure may not apply. These include where processing is necessary for one of the following reasons:
In addition, any organisation is allowed to refuse to comply with a request for erasure if it is manifestly unfounded or excessive, considering whether the request is repetitive in nature. We will, however, explain and justify any such refusal.
Any information which is provided to you will be concise, transparent, intelligible, easily accessible and presented in clear and plain language.
Either verbally or in writing, you may ask for inaccurate personal data to be rectified, or to be completed if it is partial. We will respond as quickly as possible and certainly within the one-month time period. In the unlikely event that there is disagreement over the accuracy of the data, we will do our best to resolve this and you will, of course, have right to take the matter to the ICO if we cannot reach agreement. If that situation arises, we are prepared to consider restricting processing of the contested data during the time it takes to resolve the issue with the ICO.
You have the right to object to:
We will stop processing personal data for direct marketing purposes as soon as an objection is received.
While we will take all appropriate measures to prevent illegal access to your data, we have to prepare for that possibility. Should there be a significant data breach affecting your data and rights, we will notify you (and the ICO) as soon as possible. To minimise any possible danger, we will use encryption and/or pseudonymisation where it is appropriate to do so. We also have backup systems in place in the event that an outside organisation attempts to disrupt access to our data.
Given that all members of the European Economic Area (EEA) (that is, all EU Member States, plus Norway, Iceland, and Liechtenstein) have to comply with the Union’s standards on data protection, and particularly with the GDPR, then we can legally transfer data to those countries. However, if we have reason to send data to non-EEA countries, we recognise that they must have equivalent standards in place. This is not a matter for individual organisations to assess but must be based on, for example, standard data protection clauses in the form of template transfer clauses adopted by the European Commission or compliance with an approved Code of Conduct approved by the ICO.
A cookie is a small text file placed on your computer or device by our site when you visit certain parts of it and/or use certain of its features. For example, we may monitor how many times you visit, which pages you go to, traffic data, location data, weblogs and other communication data whether required for billing purposes or otherwise. We may also look at the originating domain name of a user’s internet service provider, IP address, operating system and browser type. This information helps us to build a profile of our users. Where appropriate, this data will be aggregated or statistical, which means that we will not be able to identify you individually.
Cookies are also used to remember your settings (language preference, for example) and for authentication (so that you do not have to repeatedly sign in). You can set your browser not to accept cookies and there are a number of websites which explain how to remove cookies from your browser. However, it is possible that some of our website features may not function as a result.
Please note that there may be some links on our website to other sites where you may find useful information. This does not indicate a general endorsement of those sites and, as we have no control over how data is collected, stored, or used by other websites, we would advise you to check their privacy policies before providing any data to them.