Privacy Policy

Introduction.

  • This Privacy Notice explains what we do with your personal data, whether we are in the process of helping you as a customer or dealing with individuals in our suppliers.

  • It describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights.

  • This Privacy Notice applies to the personal data of our Website Users, Customers, Suppliers and other people whom we may contact to undertake our business.

  • It is important to point out that we may amend this Privacy Policy from time to time. Please just visit this page if you want to stay up to date, as we will post any changes here.


Who we are.

  • This Privacy Notice refers to Business IT Support Group our registered office is 4 Fairfax House, Cottingley Business Park, Wool Gate, Bingley BD16 1PY Company Registration Number 4775973.

  • If you have any cause for complaint, if you wish to exercise any of your privacy rights or if you just want to clarify how we use your personal data you should contact our data protection manager at privacy@bist.co.uk

Whose data do we process?

  • Customers: If you are a customer, we need to collect and use information about you, or individuals at your organisation, in the course of providing you services such as:

  • Sale of Hardware and Software

  • IT Services as a Reseller

  • Sale of Office Supplies

  • Media Services, such as Print, Design and Website Development

  • We limit the data we collect about customers; we need to make sure that our relationship runs smoothly so we will collect the details of contacts within your organisation, such as names, telephone numbers and email addresses.

  • We may pass on your details to our suppliers, in order that they are able to fulfil your order.

  • In most cases, our suppliers will arrange delivery directly with our customers, however there are occasions where we will pass on your personal data to logistics companies if we have to deliver items to you directly.

  • We will also collect bank details, so that we can arrange payment for services.

  • We may also hold extra information that someone in your organisation has chosen to tell us.

  • Some of the data on our customer systems are processed outside of the EU, therefore we have taken additional steps to ensure that your personal data remains protected. These are detailed in the ‘how do we process your data internationally’ section below.

  • The main reasons for using your personal data are to ensure that the contractual arrangements between us can properly be implemented so that the relationship can run smoothly, and to comply with legal requirements.

  • There are occasions when we will use your name, address and email address for marketing purposes, to develop our business and to extend the level of services available to you we believe that this is in our legitimate interest. We always provide an ‘opt out’ option in all our marketing correspondence with you.

  • In order to fulfil our marketing campaigns, we may share your personal data with our mailing house or email marketing service provider, we always ensure that this data is transferred securely and these organisations cannot use this data for any other purpose than specified by us.

  • We use ‘cloud storage’ and ‘office applications’ to assist us with our business operations. All of this data processing on the web is based in the EU.

  • We may use your personal data if we deem this necessary for other legitimate interests, such as recovering any outstanding debts etc.

  • Suppliers and Professional Services: We limit the data we collect about Suppliers and our advisors – we need to make sure that our relationship runs smoothly so we will collect the details for our contacts within your organisation, such as names, telephone numbers and email addresses. We will also collect bank details, so that we can pay you. We may also hold extra information that someone in your organisation has chosen to tell us.

  • The main reasons for using your personal data are to ensure that the contractual arrangements between us can properly be implemented so that the relationship can run smoothly, and to comply with legal requirements.

  • We utilise a UK hosted VOIP service which does contain personal data in the form of our address book however, we do not currently record any calls on this system other than any voicemail message which you may chose to leave.

  • We may use your personal data for the above purposes if we deem this to be necessary for our legitimate interests, such as recovering any outstanding debts etc.

  • Website Visitors: We collect a limited amount of data from the users of our website, which we use to help us to improve your experience when using our website and to help us manage the services we provide. This includes information such as how you use our website, the frequency with which you access our website, and the times that our website is most popular.

  • We collect data from you on our website if you enter any data into the web forms, such as ‘returns’ or ‘further information’. This data is emailed directly to the relevant person in our organisation and is not retained on our website.

  • Cookie Policy: Our website is managed by Squarespace and you can find their cookie policy here https://www.squarespace.com/cookie-policy

 

How long do we keep your personal data for?

  • We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

  • If we have not had meaningful contact with you (or, where appropriate, the company you are working for or with) for a period of two years, we will review your data and make efforts to determine if it is still relevant to our relationship. If it is not we will delete your personal data from our systems unless we believe in good faith that the law or other regulation requires us to preserve it (for example, because of our obligations to tax authorities or in connection with any anticipated litigation).

  • If we learn an individual has left our customer or supplier we will delete that individuals personal data from our systems unless we believe in good faith that the law or other regulation requires us to preserve it (for example, because of our obligations to tax authorities or in connection with any anticipated litigation).

  • To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

  • By law, we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.

How do we process your data internationally?

There are circumstances where we may transfer your personal data internationally, this may be:

  • between and within our different legal entities;

  • to third parties (such as advisers or other suppliers to our business);

  • to overseas suppliers

  • to overseas clients

  • to a cloud-based storage provider; and

  • to other third parties

To ensure that your personal information receives an adequate level of protection, we have put in place appropriate procedures with the third parties we share your personal data with to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the law on data protection.

Email Marketing Service Providers

  • Our email marketing service providers are based in the US and we have confirmed that they have signed up to the EU-U.S. Privacy Shield Framework for the transfer of personal data from entities in the EU to entities in the United States of America or any equivalent agreement in respect of other jurisdictions

Website Service Providers

  • Our website service providers are based in the US and we have confirmed that they have signed up to the EU-U.S. Privacy Shield Framework for the transfer of personal data from entities in the EU to entities in the United States of America or any equivalent agreement in respect of other jurisdictions

Exercising your rights

  • Even if we hold your personal data, you still have various rights in relation to it. To get in touch about these, please contact us. We will seek to deal with your request without undue delay, and in any event in accordance with the requirements of any applicable laws. Please note that we may keep a record of your communications to help us resolve any issues, which you raise.

  • Right to object: If we are using your data because we deem it necessary for our legitimate interests to do so, and you do not agree, you have the right to object. We will respond to your request within 30 days. Generally, we will only disagree with you if certain limited conditions apply.

Right to rectification: If you have informed us that your personal data is inaccurate you have the right to have your data corrected on our systems.  We will respond to your request within 30 days.
 

Right to restrict processing: Where we have obtained your consent to process, your personal data or you object to any other processing we deem in our legitimate interest, you may ask us to stop this processing.  We will assess if our interests prevail and make a decision based upon this assessment.  In the event that you are requesting that we stop marketing to you, we will do this unconditionally.
 

Data Subject Access Requests (DSAR): Just so it is clear, you have the right to ask us to confirm what information we hold about you at any time, and you may ask us to modify, update or delete it. At this point we may comply with your request or, additionally do one of the following:
 

- we may ask you to verify your identity, or ask for more information about your request; and

- where we are legally permitted to do so, we may decline your request, but we will explain why if we do so.

 

Right to erasure: In certain situations (for example, where we have processed your data unlawfully), you have the right to request us to "erase" your personal data. We will respond to your request within 30 days and will only disagree with you if certain limited conditions apply. If we do agree to your request, we will delete your data but will retain your name on our register of individuals who would prefer not to be contacted or have been erased. That way, we will minimise the chances of you being contacted in the future where your data are collected in unconnected circumstances.

 

Right of data portability: If you wish, you have the right to transfer your data from us to another data controller. We will help with this – either by directly transferring your data for you, or by providing you with a copy in a commonly used machine-readable format. 

 

Automatic Decision Making: There are often occasions where organisations make automated decisions based upon personal data held.  You have the right to have a person intervene in this decision-making process.  We do not undertake any profiling or automated decision making on your personal data
 

Right to lodge a complaint with a supervisory authority: You also have the right to lodge a complaint with your local supervisory authority, if you want to exercise this right you should contact the Information Commissioners Office at www.ico.org.uk. 
 

If your interests or requirements change, you can unsubscribe from part or all of our marketing content by clicking the unsubscribe link.