Privacy Policy2018-06-01T13:17:42+00:00

GDPR: DATA PRIVACY NOTICE FOR CLIENTS AND SUPPLIERS

Udisys Limited (“We”) are committed to protecting and respecting your privacy.

This policy, together with our terms of use and any other documents referred to on it, sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.  Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

The rules on processing of personal data are set out in the General Data Protection Regulation (the “GDPR”).

Definitions

Data controller – A controller determines the purposes and means of processing personal data.

Data processor – A processor is responsible for processing personal data on behalf of a controller.

Data subject – Natural person

Personal data – The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (as explained in Article 6 of GDPR).

Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Third party – means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

Who are we?

Udisys Limited is the data controller. This means we decide how your personal data is processed and for what purposes. Our contact details are:

Udisys Limited

15, Oakley Close

Addlestone

Surrey

KT15 2LT

Tel: +44 1932 483042

Email: [email protected]

For all data matters contact our Data Representative on +44 1932 483042 or [email protected] or in writing at the above address.

What is our legal basis for processing your personal data?

Our lawful basis for processing your general personal data:

  1. For the fulfilment of contractual obligations (EU GDPR Article 6(1)(b)) – this means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
  2. As part of the balance of legitimate interests (EU GDPR Article 6(1)(f)) – this means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
  3. On the basis of your consent (EU GDPR Article 6(1)(b)) – this means you have given us consent to the processing of personal data for specific purposes, the legality of this processing is based on your consent. A given consent can be revoked at any time.

The personal data we collect and process about you

We may collect and process the following data about you:

  • Identity and Contact data such as name, title, address, email address telephone numbers and social media information
  • If you contact us, we may keep a record of that correspondence and of any contact details contained therein.
  • Information you provide when you fill in forms on our website (udisys.co.uk) such as a Contact Us form, Enquire form
  • Information you provide when you correspond with us by email, letter, text, social media
  • Information you provide during telephone conversations and meetings.
  • Transaction data such as details about payments to and from you, details of products and services you have purchased from us
  • Financial data including bank account details and credit information
  • Information that you provide when you report a problem with using our Website

We may also collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to analyse the use of our Website. These are statistical data about our users’ browsing actions and patterns, and do not identify any individual.

We may receive personal data about you that we legitimately gain from publicly available sources (eg Internet) or that are transmitted to other third parties (eg a credit reference agency / Companies House).

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

If you fail to provide personal data

Where we need to collect your personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

The purpose(s) of processing your personal data

We are permitted to process your personal data in compliance with Data Protection Legislation by relying on one or more of the following lawful grounds:

  • You have explicitly agreed to us processing such information for a specific reason.
  • The processing is necessary to perform the agreement we have with you or to take steps to enter into an agreement with you.
  • The processing is necessary for compliance with a legal obligation we have.
  • The processing is necessary for the purposes of a legitimate interest pursued by us.
  • To ensure that complaints are investigated.
  • To evaluate, develop or improve our services; or
  • To keep you informed about relevant services, unless you have indicated at any time that you do not wish us to do so.

Our lawful basis for processing your general personal data:

Sharing your personal data

We may have to share your personal data with the parties set out below for the purposes set out in the table in paragraph 5 above.

  • External Third Parties Service
    • Providers acting as data processors for our data storage, email services, accounting and stock management platforms, based within the EEA and outside of the EEA, who provide hosting, IT and system administration services.
  • Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

How long do we keep your personal data?

We process and store your personal information for as long as it is necessary for the fulfilment of our contractual and legal obligations. If the data is no longer required for the fulfilment of contractual or legal obligations, it will be deleted on a regular basis.

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Your rights and your personal data

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

  • The right to request a copy of the personal data which we hold about you;
  • The right to request that we correct any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary to retain such data;
  • The right to withdraw your consent to the processing at any time, where consent was your lawful basis for processing the data.
  • The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable i.e. where the processing is based on consent or is necessary for the performance of a contract with the data subject and where the data controller processes the data by automated means);
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to object to the processing of personal data, (where applicable i.e. where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics).

Transfer of Data Abroad

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.  

Automated Decision Making

We do not use any form of automated decision making in our business.

Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.

Changes to our privacy policy

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

How to make a complaint

To exercise all relevant rights, queries or complaints please in the first instance contact our Data Representative on +44 1932 483042 or [email protected] or in writing at the above address.

If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 03031231113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.