Data Protection and Privacy
Sidstar Consultancy Ltd. (“We”) are committed to protecting and respecting your privacy. This notice outlines the data protection policies and procedures Sidstar Consultancy Ltd. has adopted and to which Sidstar Consultancy Ltd. Abide to ensure Sidstar Consultancy Ltd. Is GDPR compliant. We will comply with all applicable requirements of the Data Protection Legislation. This policy is in addition to, and does not relieve, remove or replace, our obligations under the Data Protection Legislation.
Any reference to Data Protection Legislation in this policy means (i) unless and until the GDPR is no longer directly applicable in the UK, the General Data Protection Regulation ((EU) 2016/679) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK and then (ii) any successor legislation to the GDPR or the Data Protection Act 1998.
Data Controller, Data Processor and Personal Data have the meanings as defined in the Data Protection Legislation.
For the purpose of the Data Protection Legislation, the data controller is Sidstar Consultancy Ltd whose registered office address is at 21 Easter Currie Terrace, Currie, EH14 5LF, United Kingdom.
In accordance with the GDPR anyone processing Personal Data must comply with the six principles of good practice. These provide that Personal Data must:
- be processed fairly, lawfully and transparently;
- only be used for the purpose for which it was collected;
- be adequate, relevant and not excessive for the purpose for which it is being processed;
- be accurate and kept up-to-date;
- not be kept longer than necessary to fulfil the purpose of its collection; and
- be kept secure and protected from unauthorised processing, loss, damage or destruction (which includes the data not being transferred to a country or territory outside the European Economic Area unless the Personal Data is adequately protected and/or consent of the Data Subject has been provided).
Uses made of the information
We use information held about you in the following ways:
Information you give to us.
We will use this information:
to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, services that you request from us;
to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
to provide you, or permit our company to provide you, with information about goods or services we feel may interest you. Our company are providers of goods and services related to our services, for example, but not limited to, IT consultancy, IT managed services, IT resellers, Cloud services and IT project services. If you are a new customer, and where we permit our company to use your data, we (or they) will contact you by electronic means only if you have consented to this. If you do not want us to use your data in this way, for marketing purposes, please tick the relevant box situated on the form on which we collect your data (the enquiry form, order form or registration form);
to notify you about changes to our service;
to ensure that content from our site is presented in the most effective manner for you and for your computer.
Information we collect about you.
We will use this information:
to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
to allow you to participate in interactive features of our service, when you choose to do so;
as part of our efforts to keep our site safe and secure;
to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.
Information we receive from other sources.
We may combine this information with information you give to us and information we collect about you. We may us this information and the combined information for the purposes set out above (depending on the types of information we receive).
When Sidstar Consultancy Ltd. May Share Your Personal Data
There are times when Sidstar Consultancy Ltd. may need to share your Personal Data. This section discusses how and when Sidstar Consultancy Ltd. might share your Data.
In the course of Sidstar Consultancy Ltd. fulfilling Sidstar Consultancy Ltd. role as your service partner it will be necessary for Sidstar Consultancy Ltd. to disclose your Personal Data in certain situations:
In Sidstar Consultancy Ltd.’s role as contracted Sidstar Consultancy Ltd. may need to share your Personal Data with certain bodies to fulfil Sidstar Consultancy Ltd.’s contract with you such as your suppliers, your customers, contractors and sub-contractors, and other governmental, regulatory bodies.
If Sidstar Consultancy Ltd. are under a duty to disclose or share your Personal Data in order to comply with any legal obligation, lawful requests, court orders and legal process.
To enforce or apply any contract or other agreement with you.
To protect Sidstar Consultancy Ltd. rights, property, or safety and that of others, in the course of investigating and preventing money laundering and fraud.
Where we store your personal data
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We will ensure that we obtain all necessary appropriate consents to enable lawful processing and transfer of your Personal Data.
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at https://www.sidstar.co.uk.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
We will ensure that we have in place appropriate technical and organisational measures, reviewed and approved by us regularly, to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, ensuring confidentiality, integrity, availability and resilience of our systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by us).
We will ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential.
We will not transfer any Personal Data outside of the European Economic Area unless the following conditions are fulfilled:
we and the Provider have provided appropriate safeguards in relation to the transfer;
you have enforceable rights and effective legal remedies;
the Provider complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and
the Provider complies with reasonable instructions notified to it in advance by us with respect to the processing of the Personal Data.
We will ensure we comply with our obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators.
We will notify you without undue delay on becoming aware of a Personal Data breach;
At your written direction, we will delete or return Personal Data and copies thereof to you unless required by Applicable Law to store the Personal Data.
We will maintain complete and accurate records and information to demonstrate our compliance with this policy.
Access to information
The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you. We will respond promptly to any access request made by you.