REGESNSYS IT DATA PROTECTION POLICY
REGENSYS IT DATA PROTECTION POLICY
The General Data Protection Regulation (GDPR) comes into force on 25th May 2018 and provides much greater transparency and security for how businesses and other organisations handle the personal data of individuals.This policy sets out what data REGENSYS IT Limited collects from our customers, the purposes for which we require that data and how long we will retain the data on our systems. All customers purchasing from our website https://regensysit.com via the online checkout will be asked to confirm that they have read and understood this policy.
WHAT DATA IS COLLECTED?
REGENSYS IT Limited will collect the following information during the online checkout process. All data needs to be voluntarily provided by the customer in order to complete the checkout and none of the information is obtained automatically (for example, through use of tracking cookies):
The customer’s name
The business name (if the purchase is on behalf of a company)
The full delivery address, including postcode
The full billing address, including postcode (if different)
The customer’s email address
(OPTIONAL) the customer’s preferred contact telephone number
WHY IS THE DATA NEEDED?
The primary purpose for which REGENSYS IT Limited requires a customer’s data is to arrange the delivery of the item or items that the customer has ordered.
This will mean that a customer’s data needs to be shared with our courier to enable them to carry out the delivery.
The secondary purpose for which REGENSYS IT Limited requires a customer’s data is in order to administer the REGENSYS IT warranty supplied with the product. All products sold by REGENSYS IT Limited come with a warranty lasting between 30 days and 3 years.
REGENSYS IT Limited may also use a customer’s data for marketing purposes, provided that the customer has selected the option to allow for marketing during the checkout process. However, any data usage for marketing will be specifically for REGENSYS IT Limited and data will not be shared with any third parties.
Finally, REGENSYS IT Limited are required to retain customer information for up to six years in order to comply with HMRC record-keeping and audit requirements.
HOW LONG WILL THE DATA BE HELD?
All customer data will be held for a period of six years from the date of the order, after which it will be securely deleted.
WHERE AND HOW IS THE DATA STORED?
All customer data is held on a dedicated secure server owned and operated by REGENSYS IT Limited. The server is physically located within REGENSYS IT Limited’s premises and access to the server is password-protected.
WHO HAS ACCESS TO THE DATA?
Access to customer data is only available to employees of REGENSYS IT Limited and requires a password.
In addition, customer data can only be accessed from computers that have the relevant access portal installed. This is generally limited to computers within REGENSYS IT Limited’s premises, although some senior employees (e.g. Managing Director, General Manager, Database Administrator) may have the relevant access portal installed on their home computers (but not on laptops or other portable devices) to allow for work outside of normal office hours.
Should any person with access to customer data terminate their employment with REGENSYS IT Limited for any reason, their login details and passwords will be deleted from the database and the access portal will be deleted from any off-site computers.
CAN I WITHDRAW MY CONSENT?
In general a customer will always have a right to withdraw their consent to REGENSYS IT Limited retaining their data, although this may be subject to any legal requirements on the part of REGENSYS IT Limited.
To withdraw consent, please contact REGENSYS IT Limited via email to firstname.lastname@example.org, using the word “DATA” in the subject header. Requests can also be sent via post to:
REGENSYS IT Ltd
194 Stanley Green Road
WHO CAN I CONTACT IF I HAVE FURTHER QUESTIONS?
Any further queries regarding REGENSYS IT Limited’s data policy, or general data matters, should be directed to the Data Protection Officer using the contact information in point 6 above.