What data do we hold?

We hold personal data in the following cases:

  • Staff
  • Customers
  • Potential Customers
  • Suppliers

Where do we hold it?

Our data is held in these locations:

  • Office 365 UK Data centres.
  • Azure Europe West Data centres.
  • Local on premises servers.
  • Local storage on tablets/desktops and mobile devices (such as smartphones).

How we secure your data

Encryption – Data at rest

Data is encrypted at rest in all cases. With Office 365 and Azure this is handled by Microsoft as part of their contractual agreement with us.

Data on local file servers is encrypted at an operating system level.

Data on local PC’s, Tablets and Laptops is also encrypted.

We use Microsoft Enterprise Mobility Suite to ensure that mobile devices (both company and personal) are encrypted, have up to date anti-virus and are not rooted or jail broken. Our policy will not allow connection unless these conditions are satisfied.

Encryption in Transit

All of our connection services to end devices are encrypted using SSL.

How we use data

Staff

We collect information on staff using the personal details form published on our staff intranet. This data is used to create your user account on our systems and HR purposes.

This includes Payroll and Pension. It is held for the statutory minimum to comply with current legislation.

Non statutory information is held until you leave our employment. At which point this data is archived and purged at your leaving anniversary.

Customers

Your data falls into two categories:

  • Information we hold to contact you and deal with matters relating to our relationship as your supplier.
  • Information we hold on your behalf in order to fulfil our contractual obligations to you.
    For example: administrative Usernames and passwords for key systems.

We hold your data for 1 year after your contract expires. After this point it is deleted.

Potential Customers

This falls into two categories:

  1. Where you have approached us.
    We will ask if we may add your data to our mailing list and only contact you on other matters if you have given your consent.
  2. Where we are contacting you as part of a marketing campaign.
    We use the Internet and your public facing web site to identify contact details who may be interested in our service. We do not purchase third party mailings and our initial contact will include a request for consent. If you do not give your consent your data will be removed.

We perform a data cleansing exercise annually. If your data is still accurate we will continue to hold it for these purposes. If consent is withdrawn your data will be removed at that point.

Our Suppliers

We use your data as a point of contact for legitimate business purposes such as contacting you to obtain quotes or deal with accounting matters.

We will hold your data for as long as we actively deal with you. After which it will be removed at our annual data cleansing.

Disclosure of information to third parties

We will only disclose information to third parties under the following conditions:

  • Where required to do so by Law (for example HM Revenue and Customs)
  • Where explicit consent has been given (such as at contract handover)
  • To fulfil contractual obligations.

 

Who to contact for more information

You can contact us directly on the number listed at the top of this web site or email: dpo@axon-computer.co.uk