Name: Soltech IT Ltd
Address: Westway Farm, Bishop Sutton, Bristol, BS39 5XP, GB
Telephone: 01275 277 299

GDPR Policy

Our Principles

General Data Protection Regulations (GDPR) Policy

Terms and Conditions

Website Privacy Policy

GDPR Policy

Soltech IT General Data Protection Regulations Policy

In compliance with the European Union General Data Protection Regulations (GDPR) we wish to inform you of the following information regarding collection, processing and retention of your personal/business data. This agreement may be updated frequently as we work to provide the most accurate information possible to our clients, please check back regularly to ensure you understand your rights.

Soltech IT may, during the course of business, be required to collect personal information about you.

Data Collection

Data collection and processing for the purposes of Accounting, including but not limited to names, addresses, contact information, payment information is required to fulfil the legal obligations of the company and its directors. Data collected for this purpose will be held for as long as is legally required and then securely destroyed.

Soltech IT may collect data during the course of business, this may include but is not limited to such information as names, addresses, email addresses, telephone numbers, usernames, passwords and other such information. This information is required by Soltech IT to provide continuous service to our customers including marketing of potentially beneficial products or services and is classified as ‘legitimate interests’ under GDPR as Soltech IT require the collection, storage and processing of this data to provide our services and ongoing recommendations to our customers. This data may also be shared with third parties in order to provide services to you or your organisation.

Soltech IT may collect data during the course of business, this data is often provided by clients for monitoring, diagnostic or consultancy purposes and may include all and any personal data provided to the client by service users. This information is required for Soltech IT to provide contractually obligated services to clients and will be retained for a maximum of 10 years, or until such time as this is no longer required. This information may be considered as held for ‘legitimate interests’ under GDPR until such time as the client requests removal of such data.

If you have concerns that Soltech IT may hold personal data shared from clients that no longer have legitimate interest in holding your data, please in the first instance contact the client directly whom you provided the information to and request they contact us, if this course fails, please contact the data controller with the information below.

Soltech IT may collect data in regards to support provided, this may include but is not limited to, support session data, chat logs, connection information, customer satisfaction surveys, computer and user information, IP addresses, call recordings, login information, files and folders from your computer. By accepting this agreement you are authorising this collection and processing of data by Soltech IT for the purposes of providing support and on-going services to yourself and your organisation. This information may at any time be shared with your organisation or the organisations listed below in the interests of that organisation. ‘Your organisation’ is defined as the organisation who contract Soltech IT to provide IT Support Services on your behalf, this may be your employer or an external agency providing services that require support under.

Soltech IT may collect data in regards to your usage of the website. Further information is available within our Website Privacy Policy. We hold this data for up to 10 years from a tracked users last access to our services and deleted it after this time.

This policy may change in future, at which point we will update this page, please ensure you check back regularly to ensure you are aware of your rights.

How we protect your information

We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction of both personal and business information.

Client Data Sharing

Soltech IT may during the course of business be provided or gain access to personal data held by our customers regarding their own clients. Customers of Soltech IT should ensure that their clients are informed that data may be shared with their IT support provider for business operations, including but not limited to support and assistance with problems relating the the files containing data, the software used to access the data or providing backup services for the data. Data may be held by Soltech IT as required to provide assistance to the client. All requests for data management with regards to customer data should in the first instance be directed to the customer directly, if this fails the client can contact the Soltech IT Data Controller.

During the course of business, clients will be required to provide personal information relating to staff, etc in order to allow Soltech IT to setup accounts and provide support. Please ensure your staff, etc, are aware that you are sharing this information and that in turn, Soltech IT may share that information with service providers in order to provide you with the services required.

Sharing of Data

Soltech IT may require, for the accurate and timely fulfilment of Legal Obligations, HR and Accountancy processes and to provide you with a range of products and services, to share your data with third parties. These Companies may include, but not limited to:

Accountancy and Payroll Management
HR Management
Service Providers
Hardware / Software Suppliers
Support Partners
Solicitors
Accountants
Marketing/Advertising
Third Party Service Providers who help us operate our business and/or administer activities on our behalf.

Changes will be updated as required.

List of Data Categories

Soltech IT stores data for a number of purposes to enable the day-to-day running of the company. The purpose of this data retention may include, but not limited to:

Accountancy - Customers (customer name & contact details), Suppliers (supplier name, contact details and banking details)
HR (employee name, contact details, NI number, bank details & next of kin)
Sales / Marketing – Quotes, CRM Systems, (customer name, contact details & information relating to the businesses IT systems)
Engineering – Helpdesk Systems, SOD’s, Job Sheets (customer name, contact details, IT technical information including limited number of passwords / logon’s)
The company stores encrypted online backups for our clients. This data is encrypted at source and remains in this secure format at all times whilst in our possession.
Emails - Sent & received throughout departments - (name, email address and other areas of possible sensitive data sent by third party which we are unable to categorise)
Website - Please refer to our Website Privacy Policy for further information.
Telephones - Voicemail / Recordings
CCTV - Camera Footage

Retention Schedule

Soltech IT abides by the retention schedule listed below, however, if data is no longer required it may be deleted in advance of the retention period stated.

Accountancy - All financial data will be retained for 6 financial years in line with UK financial requirements. In some cases data will be stored for 10 years to ensure the company is able defend any potential legal county court or high court claim.
HR records will be held for up to 6 years from the point at which the employees employment ends, to ensure the company is able to defend any potential county court or high court claim. In some cases data will be stored for 10 years to ensure the company is able prove safeguarding measures were adhered to.
Sales / Marketing data will be removed within a 12 month period of the data no longer having a valid use in the case of prospective information. Customer information (including previous and existing customer) may be retained for up to 10 years to ensure the company is able to defend any potential county court or high court claim.
Engineering data will be removed within a 12 month period of the data no longer having a valid use. Customer information (including previous and existing customer) may be retained for up to 10 years to ensure the company is able to defend any potential county court or high court claim.
Retention Period Upon Termination
When an encrypted online backup ceases, all data will be removed at the end of the retention period. Encrypted online backups are retained for a period of between 28 to 90 days in accordance with the customers contracted retention period. Customers should assume this period of retention is 28 days, unless otherwise stated.
Email will be available for 18 months before being automatically archived for up to 8.5 years. Data may be retained for up to 10 years to ensure the company is able to defend any potential county court or high court claim and to ensure the Soltech, IT is able to comply with the Companies Act of 2006 which requires a 10 year retention period for information relating to shareholder meetings, decisions, resolutions and members.
Websites data is held for up to 10 years from a tracked users last access to our services and deleted. Website data is categorised according to the nature of the information as either, Accountancy, Sales / Marketing or Engineering.
Recorded telephone conversations can be held for up to 10 years. Telephone recording data is categorised according to the nature of the information as either, Accountancy, Sales / Marketing or Engineering.
CCTV footage may be retained for up to 10 years for security and safeguarding measures and to ensure the company is able to defend any potential county court or high court claim.

Data Destruction

Electronic information stored on redundant media / systems will be securely destroy by a third party WEEE recycling and data destruction specialist. This method of destruction allows Soltech IT to obtain a certificate of data destruction ensuring total data security whilst ensuring ethical disposal of media and electronic equipment.

Documented data containing sensitive information is securely destroyed by a third party document destruction company. This method of destruction allows Soltech IT to obtain a certificate of document destruction.

The above destruction methods ensure Soltech IT complies with legislative requirements, whilst ensuring client, employee and confidential business information is kept secure at all times.

Technical / Business Security Measures

The information provided within this section has been summarised to ensure greater level of security and to remove potential security risk.

Soltech IT takes the security of data very seriously and takes the steps to ensure data is kept safe:

Our premises are securely locked, alarmed and monitored. Visitors to our offices are accompanied / monitored at all times.
Documentation is securely managed within the business via the use of lockable rooms, storage / filing cabinets and locked document destruction cabinets.
A business class firewall provides secure protection from unauthorised access to and from our local and internet based networks, whilst also providing a secure VPN connection for staff when using potentially unsecure public WiFi.
All business devices, where applicable / possible are encrypted. This includes, but not limited to: USB memory sticks, USB hard drives, mobile phones (iPhones), tablets (iPads), SD cards, smart watches, laptops, computers, network attached storage devices and servers.
Staff are not permitted to use personal devices to access or use company data unless the device is encrypted and Soltech IT, where possible has the permission of the individual to remotely delete the device in the event of the device being lost or stolen. This ensures data remains within our control, is securely managed and protected at all times.
As an added level of security, e-mail accounts and historic e-mail information can be securely removed from devices that may be lost or stolen.
Our day-to-day business applications in some instances require us to store our data online. Soltech IT will only use secure online business applications from reputable organisations who themselves comply with GDPR. These organisations may include, but not limited to: Microsoft, Quickbooks and Naverisk.
Soltech IT where possible, will always ensure that applications and/or operating systems are running the very latest secure versions of the software and will where possible, ensure the latest security updates and patches are applied where it is safe to do so.
All staff must adhere to this GDPR policy.

List of Your Rights

GDPR includes the following rights for individuals:

the right to be informed
the right of access
the right to rectification
the right to erasure
the right to restrict processing
the right to data portability
the right to object
the right not to be subject to automated decision making including profiling

Soltech IT, will where possible, conform in full and to completion to these rights within 30 days of notification. This period of compliance may be extended by a further two months where requests are complex or numerous. In this case the individual will be notified within 30 days of receipt.

To ensure data security, Soltech IT will need to verify the identity of the person making the request, using “reasonable means”.

In some instance’ Soltech IT will be unable to conform to the individual's rights. In these instance’s Soltech IT will partially conform to the individual's rights and where possible notify the individual as why the company was unable to fully comply.

Information will be provided free of charge. A reasonable fee may apply when a request is manifestly unfounded or excessive, particularly if it is repetitive or for requests for further copies of the same information.

Where a particular situation becomes unclear or the individual disagrees, advice and guidance will be sought from the ICO.

If you would like to exercise this right, please write to the Data Protection Officer below.

How to contact the Data Protection Officer

Please use the contact information below to write to the Data Protection Officer. In order for us to fully comply with your rights under the act, all requests being made should clearly mention “General Data Protection Regulations” and include your full name, address and relevant contact information for a response. Requests submitted by any other means than written letter may not be processed.

Data Protection Officer

Name: Mr Richard Sheppard

Position: Company Director

Address: Westway Farm, Bishop Sutton, Bristol, BS39 5XP

Data Breaches

In the unlikely event of a serious Data Breach, Soltech IT will contact you via the last known contact details we hold on file for you or your organisation. You will be informed as far as is technically possible of the data that has been potentially compromised and where you can seek further advise about your rights.

GDPR Policy Last Updated 2nd May 2018

Soltech IT Blog