Privacy Policy

Who we are

Protech City Ltd provides IT Disposal and Asset Management Services, our registered address is: Yoden House, 30 Yoden Way, Peterlee, County Durham. SR8 1AL. We are registered with the Information Commissioners Office (ICO) as a Data Controller, registration number ZA230390

 

Your Privacy

This policy provides detailed information on when and why we collect your personal information, how we use it and the very limited conditions under which we may disclose it to others.

 

Your privacy matters to us and we are committed to the highest data privacy standards and  adherence with the Data Protection Act 2018 and UK GDPR. We adopt the six core principles of data protection which are:

  1. Lawfulness, fairness and transparency– we process personal data lawfully, fairly and in a transparent manner in relation to you, the data subject.
  2. Purpose limitation– we only collect personal data for a specific, explicit and legitimate purpose. We clearly state what this purpose is in this Privacy Notice, and we only collect data for as long as necessary to complete that purpose.
  3. Data minimisation– we ensure that personal data we process is adequate, relevant and limited to what is necessary in relation to the processing purpose.
  4. Accuracy– we take every reasonable step to update or remove data that is inaccurate or incomplete. You have the right to request that we erase or rectify erroneous data that relates to you, and we will complete this task as soon as possible but guarantee to do so within a month.
  5. Storage limitation– we delete personal data when we no longer need it. Whilst the timescales in most cases aren’t set, we outline our retention strategy within this Privacy Notice.
  6. Integrity and confidentiality– we keep personal data safe and protected against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

 

We are committed to full co-operation with and assistance to the ICO should it be required by them.

 

Collection of your Personal Data

Where you provide personal data to us, we will become responsible for it as the data controller.

 

We will only collect data that is necessary for us to deliver our IT Asset disposal services, supply refurbished IT equipment and/or respond to your enquiries.

 

We collect your personal information directly from you when you contact us by telephone, email or through use of our website.

 

We provide services for the collection and recycling of redundant IT equipment from a variety of different types of organisations and this equipment will often hold personal data. We are not responsible as the Data Controller for any personal data held on this equipment and any enquiries about personal data held on that equipment, should be directed to the organisation from which we collected it.

 

Categories and Type of Personal Data Collected and processed

 We will collect contact details from you in order to provide our services, refurbished products or respond to your enquiries. These will include:

  • Name
  • Address
  • Telephone number(s)
  • E mail addresses
  • Financial details (If purchasing products for yourself)
  • Marketing preferences
  • CCTV Images (if you visit our premises)

 

We will gain additional personal information from individuals who apply to us for employment, which will be relative to determining their suitability and qualification for any job vacancies we have.

We may also capture some data which can be considered as personal data when you visit our website through the use of Cookies, however; we do not currently employ any analytical or tracking Cookies which will remain on your browser.

Our website or news updates may contain links to other organisations websites, for which we are not responsible. You should ensure that you are aware of their Privacy and Cookie information provided by any site which you link onto.

We will not normally collect personal data which would be categorised as Special Category or that of Children, requiring particular protection.

We will treat all personal data as confidential and maintain its security at all times.

 

Reason for Data collection and processing activities

Contact information is captured to enable us to contact you through various communication channels on matters directly related to the services you have contracted us to provide or enquired about.

 

Contact and financial information (Personal purchases only), will be collected by us when you are purchasing refurbished equipment from us and to enable its delivery to you.

 

We may also use your data to inform you of changes or developments to our services, advertisement of products for sale or product offers and in general for topics which we believe may be of interest to you.

 

 

Sharing of Personal Data

During the delivery of our services to you, we may share your data with other companies who are critical for the provision of our services to you and will be viewed as Data Processors. They are under contract with us and have provided sufficient guarantees that they will process your data only as per the terms of that contract and throughout processing activities will ensure your data is protected using appropriate technical and organisation measures.

 

A full list of processors is available from our Data Protection Officer.

 

We may also pass information to external agencies and organisations, including the police, for the prevention and detection of fraud and criminal activity. Should any claim be made, we may pass your personal information to our insurers and if our business is wholly or partially transferred to a third party, your personal information may be one of the transferred assets.

 

We will not share your personal data with third parties based outside of the UK/EEA.

 

Securing and Processing of your Personal Data

The personal data collected from you will be held securely within our systems and those of contracted services. Access to your personal data  it will be limited to only those staff who need it.

 

We employ a range of Technical and Organisational measures to ensure that your data remains secure and cannot be accessed by unauthorised persons, mis-used, lost or altered. The measures which we employ are aligned to those required by the internationally recognised Information Security standard ISO27001, against which we are certified and our IT Disposal operations are equally certified to the ADISA standard.

 

Our staff work under the provisions of strict confidentiality requirements and receive training in our data security policies and procedures.

 

In the unlikely event that we lose your data, or a device on which your data resides, or it is accessed by someone unauthorised, we have a duty to inform you immediately. If the loss or unauthorised access of your data has potential to cause you harm, we will also report this to the Information Commissioners Office, who are responsible for regulating data protection legislation in the UK.

https://ico.org.uk/

 

Our legal basis for processing your personal data

 We are required to identify one of six possible legal grounds for processing. These are:

  • consent
  • contract
  • legitimate interests
  • vital interests
  • public task
  • legal obligation

 

The majority of our processing activities are crucial to the provision of the service which we enter into a contract with you to provide, so we process your personal data on the basis of that contractual relationship.

 

We also process your data under our legitimate interests when utilising various third-party systems through which to provide support or communications.

 

Legitimate Interest will also be our basis when processing the personal data of business clients to inform them of service changes, news, promotions or offers. Our basis for contacting private individuals in this way would be with their consent.

 

You will always be given the option not to receive marketing & general contact from us.

 

How long do we keep your personal data

 

We will retain your data for the duration of the contracts we have with you or service we are providing and on expiry, for the duration required to meet all our legal obligations. This will typically be seven years.

 

If you applied to us for employment and were not successful, we will not hold your personal data for longer than twelve months.

 

Your rights in relation to personal data

Under the UK GDPR, you have rights to access and control your personal data. These rights include:

  • access to personal information
  • correction and deletion
  • withdrawal of consent (if processing data on condition of consent)
  • data portability
  • restriction of processing and objection
  • lodging a complaint with the Information Commissioner’s Office

 

 

You can exercise your rights by emailing our Data Protection Officer:

ProtechCityDPO@clinicaldpo.com

If you are unhappy with anything we have done with your data, you have the right to complain to the Information Commissioners Office.

To make a complaint to the Information Commissioners Office use the link below or call their hotline on Tel No.: 0303 123 1113   

https://ico.org.uk/concerns/

 

How to contact us?

For all data protection matters or questions relating to how we manage your data, you can contact our Data Protection Officer via these means:

 

Data Protection Officer: Clinical DPO

Phone Number: 0203 411 2848

Email: ProtectCityDPO@clinicaldpo.com