AAC Systems Ltd Privacy Notice under the Data Protection Act 1998 and the EU General Data Protection Regulation
Being transparent and providing accessible information to individuals about how we will use their personal data is a key element of the Data Protection Act 1998 (DPA) and the EU General Data Protection Regulation (GDPR) and is important to our organisation. The following are details on how we collect data and what we will do with it.
AAC Systems Ltd act as Data Controller under the EU GDPR. Our data protection compliance officer is Andrew Chescoe and our contact details are AAC Systems Ltd. No.1 Bell Street, Maidenhead, Berkshire, SL6 1BU. Telephone: 01628 421569. Email: firstname.lastname@example.org
Information we may collect
We will collect Personal Data on customers, suppliers and prospective customers and suppliers as well as employees. Data collected may include (but is not limited to): individuals’ contact details, date of birth, email address, marital status, National Insurance number, tax reference, bank account details, identification documents for anti-money laundering purposes, financial and pay details, educational background, details of certificates and diplomas, education and skills, nationality, job title and CV.
Who collects this data
AAC Systems Ltd. will collect this data.
How it is collected
AAC Systems Ltd. will collect data in a variety of ways. This will include:
- Information provided directly by an individual through emails, meetings, questionnaires, online forms, etc.
- Information provided by a trading partner or employer.
Why it is being collected
We hold personal data about our employees, customers, suppliers and other individuals for a variety of business purposes.
Business purposes may be personnel, administrative, financial, regulatory, payroll and business development purposes. This includes the following:
- Compliance with our legal and corporate governance obligations and good practice
- Gathering information as part of the software licensing and maintenance servicing provisions for the goods and services we provide or in connection with legal proceedings or requests
- Utilising data in the provision of our services such as preparing quotations, reports and invoicing
- Ensuring business policies are adhered to (such as policies covering email and internet use)
- Operational reasons, such as recording transactions, training and quality control, ensuring the confidentiality of commercially sensitive information, security vetting, credit scoring and checking
- Investigating complaints
- Checking references, ensuring safe working practices, monitoring and managing staff access to systems and facilities and staff absences, administration and assessments
- Monitoring staff conduct, disciplinary matters
- Marketing our business
- Improving services
How it will be used
- Information will be used to fulfil our performance obligations under a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
- Information will also be used for the communication of relevant information to customers, contacts and employees such as newsletters, articles, announcements and other items relevant to IT solutions sales, marketing, technical support and consultancy. Personal Data will only be used for this purpose where specific consent has been obtained from the Data Subject or where a legitimate business interest exists
Who it will be shared with
AAC Systems Ltd. will only share information where it is necessary under the performance of a contract or under a legal obligation. Information may be shared with:
- Hardware and Software vendors and their distribution partners
- A trading partner or supplier
- A new employer
Transfers to other countries
The GDPR contains provisions protecting the transfer of personal data outside the European Union. Under the Regulations data may be transferred where the organisation and country involved have provided adequate safeguards. Any data transferred outside the EEA will be in accordance with the Regulations.
The period data is retained will vary depending on the legal requirement under the contract with the data subject and our own regulatory requirements. In relation to customers and former customers, that period would be no less than 7 years from the point our contract ceases with the customer.