PurityIT is a private limited company registered in Scotland SC317692.
PurityIT is the controller of data we collect when you have an account on our client access portal or ticketing system. This notice describes our privacy practices that govern how and why we collect data when you create an account and when you subsequently use our portal or other services. Our different portals facilitate many functions of our IT Managed Services including ticketing, reporting and remote access.
PurityIT is required to gather some personal data to meet statutory and contractual requirements. This document contains detailed information about the purposes for which your data will be processed by PurityIT and the legal basis for processing. It relates to the data you share with us and data shared by others on your behalf.
Securing your Personal Data
Whenever we send your personal data to you, we will ensure appropriate security is applied to prevent unauthorised access to your personal data or interception of your personal data by anyone not authorised to have it.
If you wish to send any of your personal data to us, we strongly recommend you do not send it by open email. Instead, you should select a safe method to provide your personal data to us such as in a password-protected archive.
How we use personal data
Personal data you give to us
You may give us information when you request a quote, purchase our products and/or use our services or supply services to us, for example:
If you apply for a quote from us.
If you enter into a contract with us for the purchase of one of our products or the provision of services, and when you use those services;
If you register with our customer access portal or contact us via the form on our website;
If you submit a query to us, for example by email, telephone or social media, (including where
you reference us in a public social media post); and
If you participate in any marketing activity such as entering a competition, or promotion, or
When you provide personal data to us about someone else on their behalf
When giving us information about an employee or a person connected to your business, you confirm that they have appointed you to act on their behalf including giving you consent to instruct us to process their personal data, to receive this data protection notice on their behalf and to inform them about the way in which we will process their personal data.
Information we create from your personal data
We will create some information with your personal data internally, for example:
When we assign you a customer account ID;
When we create a support ticket in order to assist you with a technical issue;
When we place an order for equipment (hardware and/or software) at your request, which is to be delivered directly to your premises;
Legal Basis for Processing
We will always ensure that any personal data we receive has been collected lawfully and fairly in accordance with your rights under the relevant data privacy laws. Where appropriate we will ask for your consent for the specific use of your personal data.
Where we are using the personal data that you provide to us for the purpose of setting up and administering your Managed IT Services we will not seek your consent for this purpose. This is because the personal data you provide to enable you to purchase the services will legitimately be used by us to do what you have requested. Your rights and the protection of your personal data are not in any way hindered by this approach.
The legal basis for processing shall be where processing is necessary for the performance of a contract, compliance with a legal obligation, to protect your vital interests, for the performance of a task, carried out in the public interest or where you have given consent.
Personal information we hold about you
The information we hold about you may include:
Your name, address, contact details;
Details about any contact we have had with you such as providing quotes;
Details of the services you have received, support tickets you have created;
The feedback that you give to us regarding the services we have provided; and
Records (logs) of telephone calls between you and us.
Who we share your personal data with
Disclosure for regulatory or legal purposes:
PurityIT will only share your personal data with other companies or organisations where there is a legitimate reason for doing so. For example, we are obligated to provide information to specific Government departments such as HM Revenue and Customs.
Our service providers – we may pass your data to third-party service providers contracted to PurityIT in order to provide you with the services you require. Through the contracts and security measures we put in place, any third parties that we may share your data with are obliged to keep your details secure and to use them only to fulfil the service they provide to you on our behalf.
Sharing your personal data with your authorised representative
You have appointed an Administrative Contact and a Security Contact (Primary Contact and Accounts Approver) in order to enable us to communicate with you appropriately when providing our services, we may send them copies of correspondence relating to the services and any renewal documentation. We may disclose information to them where appropriate to enable them to make decisions about the services we provide.
Please be sure to tell us if you authorise or nominate a new Administrative Contact or Security Contact so that we can only send your personal data to the right person.
Our use of other companies to provide our products and services to you
To assist us in the provision of our Managed IT Services we use other companies who work or provide related services under contracts with us. We ensure that the level of security and the quality of service provided by those other companies is equivalent to the standard of services we provide to you.
Retaining your personal information
PurityIT will normally only keep your personal data for as long as necessary to provide you with the services you’ve chosen and to ensure we meet our regulatory obligations. This means that we will normally hold your account information and the personal data we have collected during the term of the plan for seven years after your services contract has finished.
At the end of this time period, we will securely delete all personal data that identifies you or could be used to identify you. We will also ensure that any of the suppliers who have processed your personal data throughout the term of your contract delete your personal data from their systems.
Right to access, correct and delete your personal data
GDPR affords you with rights. These rights are summarised below. In order to assert any of these rights, you may contact PurityIT.
The Right of Confirmation: Each Data Subject shall have the right to obtain from the Controller the confirmation as to whether Personal Data concerning him or her are being processed.
The Right of Access: You have the right to request access to the personal data held by us. You can do this by submitting a Subject Access Request.
Right to rectification: You have the right to request that we correct any personal data we hold where it is inaccurate or incomplete
Right to Erasure (Right to be Forgotten): In certain circumstances, you shall have the right to ask us to delete and erase the personal data we hold about you.
Right of Restriction of Processing: You have the right to restrict us processing your personal data where certain conditions apply such as, where you question the accuracy of your personal data we are processing.
Right to Data Portability: You have the right to receive the personal data in a structured, commonly used and machine-readable format.
Right to Object: You shall have the right to object, to certain types of processing of personal data such as direct marketing.
Automated Individual Decision-Making, Including Profiling: You shall have the right not to be subject to a decision based solely on automated processing, including profiling.
Right to Withdraw Consent: Where consent forms the basis for processing. You shall have the right to withdraw his or her consent to the processing of his or her personal data at any time. You can withdraw consent by contacting the Data Protection Officer.
We constantly review our range of products and services as we want to provide the most innovative and relevant Managed IT Services to our customers. We are continually negotiating with market-leading service providers, that we want you to take advantage of, so we would like to keep you informed about all of these exciting new products and services available to you.
You have the right to object to the use of your personal data for marketing purposes and PurityIT is obligated to ensure marketing information is not sent to you if you assert this right.
If you do give us your permission to send marketing information to you, we will provide you with the opportunity to change your mind every time.
- Data Protection Complaints
We want all our customers to be happy with the way their personal data has been processed by us. If you are unhappy about the way, we have managed your personal data we would like to know about this. We are constantly striving to ensure we do the right thing, and we would like to be able to put things right.
However, if you are still dissatisfied you have the right to contact the Information Commissioner, who regulates compliance with Data Protection regulation and laws at ico.org.uk.
You can also call the ICO on 0303 123 1113 or 01625 545 745 or you can write to them at:
Information Commissioner’s Office
20 Payne Street
Glasgow G4 0LF